Re: [PATCH userspace v2 4/7] secilc: add flag to enable policy optimization

Dominick Grift <dac.override@xxxxxxxxx> · Tue, 28 May 2019 18:32:07 +0200

On Tue, May 28, 2019 at 04:59:09PM +0200, Ondrej Mosnacek wrote:
> Add a command-line option -O/--optimize to optimize the final policydb
> using sepol_policydb_optimize() before writing it out.
> 
> Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> ---
>  secilc/secilc.c | 16 +++++++++++++++-
>  1 file changed, 15 insertions(+), 1 deletion(-)
> 
> diff --git a/secilc/secilc.c b/secilc/secilc.c
> index ad6862ba..26996ef9 100644
> --- a/secilc/secilc.c
> +++ b/secilc/secilc.c
> @@ -68,6 +68,7 @@ static __attribute__((__noreturn__)) void usage(const char *prog)
>  	printf("  -G, --expand-generated         Expand and remove auto-generated attributes\n");
>  	printf("  -X, --expand-size <SIZE>       Expand type attributes with fewer than <SIZE>\n");
>  	printf("                                 members.\n");
> +	printf("  -n, --no-optimize              do not optimize final policy\n");

I think something may have gone wrong here.

>  	printf("  -v, --verbose                  increment verbosity level\n");
>  	printf("  -h, --help                     display usage information\n");
>  	exit(1);
> @@ -97,6 +98,7 @@ int main(int argc, char *argv[])
>  	int policyvers = POLICYDB_VERSION_MAX;
>  	int attrs_expand_generated = 0;
>  	int attrs_expand_size = -1;
> +	int optimize_policy = 1;
>  	int opt_char;
>  	int opt_index = 0;
>  	char *fc_buf = NULL;
> @@ -117,12 +119,13 @@ int main(int argc, char *argv[])
>  		{"filecontexts", required_argument, 0, 'f'},
>  		{"expand-generated", no_argument, 0, 'G'},
>  		{"expand-size", required_argument, 0, 'X'},
> +		{"no-optimize", no_argument, 0, 'n'},
>  		{0, 0, 0, 0}
>  	};
>  	int i;
>  
>  	while (1) {
> -		opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDmNc:GX:", long_opts, &opt_index);
> +		opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDmNc:GX:n", long_opts, &opt_index);
>  		if (opt_char == -1) {
>  			break;
>  		}
> @@ -211,6 +214,9 @@ int main(int argc, char *argv[])
>  				}
>  				break;
>  			}
> +			case 'n':
> +				optimize_policy = 0;
> +				break;
>  			case 'h':
>  				usage(argv[0]);
>  			case '?':
> @@ -294,6 +300,14 @@ int main(int argc, char *argv[])
>  		goto exit;
>  	}
>  
> +	if (optimize_policy) {
> +		rc = sepol_policydb_optimize(pdb);
> +		if (rc != SEPOL_OK) {
> +			fprintf(stderr, "Failed to optimize policydb\n");
> +			goto exit;
> +		}
> +	}
> +
>  	if (output == NULL) {
>  		int size = snprintf(NULL, 0, "policy.%d", policyvers);
>  		output = malloc((size + 1) * sizeof(char));
> -- 
> 2.20.1
> 

-- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
Attachment:
signature.asc

Description: PGP signature