git.baikalelectronics.ru Git - kernel.git/commit

author	Ondrej Mosnacek <omosnace@redhat.com>
	Thu, 16 Apr 2020 17:13:55 +0000 (19:13 +0200)
committer	Paul Moore <paul@paul-moore.com>
	Fri, 17 Apr 2020 20:42:01 +0000 (16:42 -0400)
commit	b8e18b6ef9dafbde8f43223b7904f388a0aac650
tree	0123f8a9eaa2e66f21d9a87dbc8b29cf2b6b41b3	tree \| snapshot
parent	926facceed8bee0fe1c7529c045622ecce58e29e	commit \| diff

selinux: implement new format of filename transitions

Implement a new, more space-efficient way of storing filename
transitions in the binary policy. The internal structures have already
been converted to this new representation; this patch just implements
reading/writing an equivalent represntation from/to the binary policy.

This new format reduces the size of Fedora policy from 7.6 MB to only
3.3 MB (with policy optimization enabled in both cases). With the
unconfined module disabled, the size is reduced from 3.3 MB to 2.4 MB.

The time to load policy into kernel is also shorter with the new format.
On Fedora Rawhide x86_64 it dropped from 157 ms to 106 ms; without the
unconfined module from 115 ms to 105 ms.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

security/selinux/include/security.h		diff \| blob \| history
security/selinux/ss/policydb.c		diff \| blob \| history