Hi,I've been working on optimizing out AV rules with no applicable types as well as unused attributes to trim down the size of a policy which uses CIL blocks and attributes extensively. Looking into the avtab code (and how creating a new avtab is implemented in expand.c) I have a question:
Does the following suffice for taking an existing avtab and creating a new one with all of its elements? Or do I need to consider avtab_insert_nonunique() like expand.c does? If I'm following the expand_avtab() code correctly, I'd think I'd need to consider conditional avtabs in the following code:
static int copy_avtab_map_fn(avtab_key_t *key, avtab_datum_t *datum,
void *args)
{
avtab_t *avtab = (avtab_t *) args;
return avtab_insert(avtab, key, datum);
}
static int copy_avtab(avtab_t *avtab, avtab_t **out)
{
avtab_t *tmp = NULL;
if (avtab_init(tmp)) {
return POLICYDB_ERROR;
}
if (avtab_alloc(tmp, MAX_AVTAB_SIZE)) {
return POLICYDB_ERROR;
}
if (avtab_map(avtab, copy_avtab_map_fn, tmp)) {
return POLICYDB_ERROR;
}
*out = tmp;
return POLICYDB_SUCCESS;
}
Is that the right idea?
Thanks.
--
Gary Tierney
GPG fingerprint: 412C 0EF9 C305 68E6 B660BDAF 706E D765 85AA 79D8
https://sks-keyservers.net/pks/lookup?op=get&search=0x706ED76585AA79D8
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
