[apparmor] [PATCH v2] APPARMOR: add sid to profile mapping and sid recycling

Tue Nov 30 14:36:46 GMT 2010

wzt.wzt at gmail.com wrote:
> +u32 sid_bitmap[AA_SID_BITMAP_SIZE] = {0};

No need to initialize static variables with 0 or NULL.

We have BITS_PER_LONG.
Why not to use "unsigned long" instead of "u32" so that we can use ffz()?

> +	/* find the first zero bit in the sid_bitmap array */
> +	spin_lock(&aa_sid_hash_table->lock);
> +	for (i = 0; i < AA_SID_BITMAP_SIZE; i++) {
> +		for (j = 0; j < 32; j++) {
> +			if (!(sid_bitmap[i] & (1 << j))) {
> +				/* convert offset to sid */
> +				sid = i * 32 + j;
> +				goto alloc_ok;
> +			}
> +		}
> +	}
> +	spin_unlock(&aa_sid_hash_table->lock);

If you use sid values for only 0 - 32767 range (rather than full u32 range),
you can allocate

	char sid_map[32768 + 1];

and find an available sid by

	spin_lock(&aa_sid_hash_table->lock);
	sid = strlen(sid_map);
	spin_unlock(&aa_sid_hash_table->lock);

.