Tried making the perm permissions faster by perparing queries

Makefile

@@ -21,14 +21,14 @@ endif
 
 # set up cflags and libs
 
-CFLAGS := -D_FILE_OFFSET_BITS=64
+CFLAGS := -D_FILE_OFFSET_BITS=64 -g
 LDFLAGS :=
 
 CFLAGS += $(shell pkg-config --cflags $(PACKAGE_NAMES))
 LDFLAGS += $(shell pkg-config --libs $(PACKAGE_NAMES))
 
 ifeq ($(DEBUG),1)
-	CFLAGS += -O0 -pedantic -g -Wall -Wextra -Wcast-align \
+	CFLAGS += -O0 -pedantic -Wall -Wextra -Wcast-align \
 						-Wcast-qual -Wdisabled-optimization -Wformat=2 \
 						-Winit-self -Wlogical-op -Wmissing-declarations \
 						-Wmissing-include-dirs -Wredundant-decls -Wshadow \

src/perm_permissions_table.c

@@ -27,6 +27,7 @@ const int column_count = 2;
 const char *const schema[] = {"executable", "filename"};
 const char *const types[] = {"TEXT", "TEXT"};
 uid_t ruid, euid, current_pid;
+sqlite3_stmt *perm_check_statement = NULL;
 pthread_mutex_t uid_switch = PTHREAD_MUTEX_INITIALIZER;
 
 void set_db_fsuid() {
@@ -141,6 +142,45 @@ int ensure_database_schema() {
   return 0;
 }
 
+int prepare_sql_queries() {
+  const char *query_template =
+      "SELECT * FROM %s WHERE executable = ? AND filename = ?;";
+  char *query_string = NULL;
+  int query_len = snprintf(NULL, 0, query_template, table_name) + 1;
+
+  if (query_len < 0) {
+    fprintf(stderr, "Failed to prepare statement");
+    perror("");
+    return 1;
+  }
+
+  query_string = malloc(query_len);
+  if (query_string == NULL) {
+    fprintf(stderr, "Failed to allocate memory for the query");
+    perror("");
+    return 1;
+  }
+
+  int ret = snprintf(query_string, query_len, query_template, table_name);
+  if (ret < 0) {
+    fprintf(stderr, "Failed to prepare statement");
+    perror("");
+    free(query_string);
+    return 1;
+  }
+
+  if (sqlite3_prepare_v2(perm_database, query_string, -1, &perm_check_statement,
+                         NULL) != SQLITE_OK) {
+    fprintf(stderr, "Failed to prepare statement: %s\n",
+            sqlite3_errmsg(perm_database));
+    free(query_string);
+    return 1;
+  }
+  free(query_string);
+  return 0;
+}
+
+void free_sql_queries(void) { sqlite3_finalize(perm_check_statement); }
 /**
  * Initializes the permanent permissions table.
  *
@@ -169,17 +209,24 @@ int init_perm_permissions_table(const char *db_filename) {
 
   int status = seteuid(ruid);
   if (status < 0) {
-    fprintf(stderr, "Couldn't set euid to ruid during database setup.\n");
+    fprintf(stderr, "Couldn't set euid to ruid.\n");
     exit(status);
   }
 
+  if (prepare_sql_queries()) {
+    fprintf(stderr, "Couldn't prepare sql queries.\n");
+    exit(status);
+  }
   return 0;
 }
 
 /**
  * Destroys the permanent permissions table.
  */
-void destroy_perm_permissions_table() { sqlite3_close(perm_database); }
+void destroy_perm_permissions_table(void) {
+  free_sql_queries();
+  sqlite3_close(perm_database);
+}
 
 /**
  * Checks if the process has a permanent access to the file.

test/mock/zenity

@@ -12,10 +12,17 @@ else
     if [[ $FAKE_ZENITY_RESPONSE == "yes_tmp" ]]; then
       printf "Allow this time\n"
       exit 1
+    elif [[ $FAKE_ZENITY_RESPONSE == "yes_tmp_alt" ]]; then
+      printf "Allow this time\n"
+      echo "yes_alt" >~/.fake_zenity_response
+      exit 1
     elif [[ $FAKE_ZENITY_RESPONSE == "no" ]]; then
       exit 1
     elif [[ $FAKE_ZENITY_RESPONSE == "yes" ]]; then
       exit 0
+    elif [[ $FAKE_ZENITY_RESPONSE == "yes_alt" ]]; then
+      echo "yes_tmp_alt" >~/.fake_zenity_response
+      exit 0
     fi
   fi
 fi

test/test.bash

@@ -25,10 +25,18 @@ if [[ $1 == "--setuid" ]]; then
   echo "Valgrind will not be used due to setuid compatibility issues."
   ../build/icfs -o default_permissions ./protected ./.pt.db &
   sleep 1
+elif [[ $1 == "--perf" ]]; then
+  echo "Profiling with perf..."
+  ../build/icfs -o default_permissions ./protected ./.pt.db &
+  echo "Profiling will require root privilieges."
+  sleep 3
+  echo "Attaching to $(pgrep icfs)"
+  sudo perf record -g -e cycles:u --call-graph dwarf -p $(pgrep icfs) &
+  sleep 10
 else
   echo "Database protection will not be tested due to the lack of setuid capabilites."
   echo "To test it, run this script with '--setuid'."
-  valgrind -s ../build/icfs -o default_permissions ./protected ./.pt.db &
+  valgrind --leak-check=full -s ../build/icfs -o default_permissions ./protected ./.pt.db &
   sleep 5
 fi
 
@@ -126,9 +134,29 @@ else
   echo "[ICFS-TEST]: OK"
 fi
 
+if [[ $1 == "--perf" ]]; then
+  zenity --set-fake-response yes_tmp
+  rm -rf ./protected/*
+  zenity --set-fake-response yes_alt
+  bonnie++ -p 4
+  bonnie++ -d ./protected -c 4 -r 256 -y s >/dev/null &
+  bonnie++ -d ./protected -c 4 -r 256 -y s >/dev/null &
+  bonnie++ -d ./protected -c 4 -r 256 -y s >/dev/null &
+  bonnie++ -d ./protected -c 4 -r 256 -y s >/dev/null
+  bonnie++ -p -1
+fi
+
 # unmount
 
 sleep 0.5
 #lsof +f -- $(realpath ./protected)
 umount $(realpath ./protected)
 sleep 0.5
+
+if [[ $1 == "--perf" ]]; then
+  mv ./callgraph.png ./callgraph_old.png
+  real_user=$USER
+  sudo chown "$real_user" ./perf.data
+  perf script --dsos=icfs | gprof2dot -f perf | dot -Tpng -o callgraph.png
+  echo "Profile graph was written to \"callgraph.png\""
+fi