forked from luck/tmp_suning_uos_patched
4300590243
Implement a new, more space-efficient way of storing filename transitions in the binary policy. The internal structures have already been converted to this new representation; this patch just implements reading/writing an equivalent represntation from/to the binary policy. This new format reduces the size of Fedora policy from 7.6 MB to only 3.3 MB (with policy optimization enabled in both cases). With the unconfined module disabled, the size is reduced from 3.3 MB to 2.4 MB. The time to load policy into kernel is also shorter with the new format. On Fedora Rawhide x86_64 it dropped from 157 ms to 106 ms; without the unconfined module from 115 ms to 105 ms. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
|---|---|---|
| .. | ||
| avtab.c | ||
| avtab.h | ||
| conditional.c | ||
| conditional.h | ||
| constraint.h | ||
| context.c | ||
| context.h | ||
| ebitmap.c | ||
| ebitmap.h | ||
| hashtab.c | ||
| hashtab.h | ||
| mls_types.h | ||
| mls.c | ||
| mls.h | ||
| policydb.c | ||
| policydb.h | ||
| services.c | ||
| services.h | ||
| sidtab.c | ||
| sidtab.h | ||
| symtab.c | ||
| symtab.h | ||