Ondrej Oprala patch to optimize set*con functions

-    Set*con now caches the security context and only re-sets it if it changes.

libselinux-rhat.patch

@@ -6651,6 +6651,132 @@ index 2d7369e..2a00807 100644
  	va_end(ap);
  }
  
+diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
+index 83381e4..40345e9 100644
+--- a/libselinux/src/procattr.c
++++ b/libselinux/src/procattr.c
+@@ -8,11 +8,54 @@
+ #include "selinux_internal.h"
+ #include "policy.h"
+ 
++static __thread pid_t tid = -1;
++static __thread security_context_t prev_current = NULL;
++static __thread security_context_t prev_exec = NULL;
++static __thread security_context_t prev_fscreate = NULL;
++static __thread security_context_t prev_keycreate = NULL;
++static __thread security_context_t prev_sockcreate = NULL;
++
++static pthread_once_t once = PTHREAD_ONCE_INIT;
++static pthread_key_t destructor_key;
++static int destructor_key_initialized = 0;
++static __thread char destructor_initialized;
++
+ static pid_t gettid(void)
+ {
+ 	return syscall(__NR_gettid);
+ }
+ 
++static void procattr_thread_destructor(void __attribute__((unused)) *unused)
++{
++	free(prev_current);
++	free(prev_exec);
++	free(prev_fscreate);
++	free(prev_keycreate);
++	free(prev_sockcreate);
++}
++
++void __attribute__((destructor)) procattr_destructor(void);
++
++void hidden __attribute__((destructor)) procattr_destructor(void)
++{
++	if (destructor_key_initialized)
++		__selinux_key_delete(destructor_key);
++}
++
++static inline void init_thread_destructor(void)
++{
++	if (destructor_initialized == 0) {
++		__selinux_setspecific(destructor_key, (void *)1);
++		destructor_initialized = 1;
++	}
++}
++
++static void init_procattr(void)
++{
++	if (__selinux_key_create(&destructor_key, procattr_thread_destructor) == 0)
++		destructor_key_initialized = 1;
++}
++
+ static int getprocattrcon_raw(security_context_t * context,
+ 			      pid_t pid, const char *attr)
+ {
+@@ -20,7 +63,6 @@ static int getprocattrcon_raw(security_context_t * context,
+ 	size_t size;
+ 	int fd, rc;
+ 	ssize_t ret;
+-	pid_t tid;
+ 	int errno_hold;
+ 
+ 	if (pid > 0)
+@@ -87,19 +129,56 @@ static int getprocattrcon(security_context_t * context,
+ 	return ret;
+ }
+ 
++#define UPDATE_CACHE(context, cache)	\
++	if (!context && !cache)		\
++		return 0;		\
++	if (!context) {			\
++		free(cache);		\
++		cache = NULL;		\
++	} else {			\
++		if (cache && !strcmp(context,cache)) \
++			return 0;	\
++		free(cache);		\
++		cache = strdup(context);\
++	}
++
+ static int setprocattrcon_raw(security_context_t context,
+ 			      pid_t pid, const char *attr)
+ {
+ 	char *path;
+ 	int fd, rc;
+-	pid_t tid;
+ 	ssize_t ret;
+ 	int errno_hold;
+ 
++	__selinux_once(once, init_procattr);
++	init_thread_destructor();
++
++	switch (attr[0]) {
++		case 'c':
++			UPDATE_CACHE(context, prev_current);
++			break;
++		case 'e':
++			UPDATE_CACHE(context, prev_exec);
++			break;
++		case 'f':
++			UPDATE_CACHE(context, prev_fscreate);
++			break;
++		case 'k':
++			UPDATE_CACHE(context, prev_keycreate);
++			break;
++		case 's':
++			UPDATE_CACHE(context, prev_sockcreate);
++			break;
++		default:
++			return -1;
++	};
++
+ 	if (pid > 0)
+ 		rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
+ 	else {
+-		tid = gettid();
++		if (tid == -1)
++			tid = gettid();
++
+ 		rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
+ 	}
+ 	if (rc < 0)
 diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
 index 296f357..cb65666 100644
 --- a/libselinux/src/selinux_config.c

libselinux.spec

@@ -4,13 +4,13 @@
 
 %define ruby_inc %(pkg-config --cflags ruby-1.9)
 %define ruby_sitearch %(ruby -rrbconfig -e "puts RbConfig::CONFIG['vendorarchdir']")
-%define libsepolver 2.1.8-5
+%define libsepolver 2.1.8-6
 %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
 
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.1.12
-Release: 10%{?dist}
+Release: 12%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: %{name}-%{version}.tgz
@@ -241,6 +241,13 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Wed Jan 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-12
+- Ondrej Oprala patch to optimize set*con functions
+-    Set*con now caches the security context and only re-sets it if it changes.
+
+* Tue Jan 8 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-11
+- Rebuild against latest libsepol
+
 * Fri Jan 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-10
 - Update to latest patches from eparis/Upstream
 -    Fix errors found by coverity