>From e54ac99841ea855c75f83628fca75e871f9e2afd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
Date: Mon, 23 Nov 2020 21:58:10 +0000
Subject: [PATCH] install: reinstate prefix length hint to selinux

* src/install.c (get_labeling_handle): Reinstate
the equivalent matchpathcon_init_prefix() code
from v6.9.89-7-g56e3106e9, which suggests significant
performance benefit.
---
 src/install.c | 42 +++++++++++++++++++++++++++++++++++++-----
 1 file changed, 37 insertions(+), 5 deletions(-)

diff --git a/src/install.c b/src/install.c
index dce29dbe1..e0d51f821 100644
--- a/src/install.c
+++ b/src/install.c
@@ -302,17 +302,49 @@ cp_option_init (struct cp_options *x)
 }
 
 static struct selabel_handle *
-get_labeling_handle (void)
+get_labeling_handle (char const *file)
 {
   static bool initialized;
   static struct selabel_handle *hnd;
-  if (!initialized)
+
+  if (! initialized)
     {
       initialized = true;
-      hnd = selabel_open (SELABEL_CTX_FILE, NULL, 0);
+      char *prefix = NULL;
+
+      if (file && IS_ABSOLUTE_FILE_NAME (file))
+        {
+          /* Calling selabel_open with a prefix is an optimization to
+             minimize the expense of the following selabel_lookup calls.  */
+          char const *p0;
+          char const *p = file + 1;
+          while (ISSLASH (*p))
+            ++p;
+
+          /* Record final leading slash, when FILE starts with two or more.  */
+          p0 = p - 1;
+
+          if (*p)
+            {
+              do
+                {
+                  ++p;
+                }
+              while (*p && !ISSLASH (*p));
+
+              prefix = malloc (p - p0 + 2);
+              if (prefix)
+                stpcpy (stpncpy (prefix, p0, p - p0), "/");
+            }
+        }
+
+      struct selinux_opt option = {SELABEL_OPT_SUBSET, prefix};
+      hnd = selabel_open (SELABEL_CTX_FILE, &option, 1);
       if (!hnd)
         error (0, errno, _("warning: security labeling handle failed"));
+      free (prefix);
     }
+
   return hnd;
 }
 
@@ -334,7 +366,7 @@ setdefaultfilecon (char const *file)
   if (lstat (file, &st) != 0)
     return;
 
-  struct selabel_handle *hnd = get_labeling_handle ();
+  struct selabel_handle *hnd = get_labeling_handle (file);
   if (!hnd)
     return;
   if (selabel_lookup (hnd, &scontext, file, st.st_mode) != 0)
@@ -875,7 +907,7 @@ main (int argc, char **argv)
               if (optarg)
                 scontext = optarg;
               else
-                x.set_security_context = get_labeling_handle ();
+                x.set_security_context = get_labeling_handle (NULL);
             }
           else if (optarg)
             {
-- 
2.26.2