On Tue, May 28, 2019 at 6:32 PM Dominick Grift <dac.override@xxxxxxxxx> wrote:
>
> On Tue, May 28, 2019 at 04:59:09PM +0200, Ondrej Mosnacek wrote:
> > Add a command-line option -O/--optimize to optimize the final policydb
> > using sepol_policydb_optimize() before writing it out.
> >
> > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> > ---
> > secilc/secilc.c | 16 +++++++++++++++-
> > 1 file changed, 15 insertions(+), 1 deletion(-)
> >
> > diff --git a/secilc/secilc.c b/secilc/secilc.c
> > index ad6862ba..26996ef9 100644
> > --- a/secilc/secilc.c
> > +++ b/secilc/secilc.c
> > @@ -68,6 +68,7 @@ static __attribute__((__noreturn__)) void usage(const char *prog)
> > printf(" -G, --expand-generated Expand and remove auto-generated attributes\n");
> > printf(" -X, --expand-size <SIZE> Expand type attributes with fewer than <SIZE>\n");
> > printf(" members.\n");
> > + printf(" -n, --no-optimize do not optimize final policy\n");
>
> I think something may have gone wrong here.
Ouch, you're right, I accidentally squashed the conversion into the
wrong patch (5/7). Will fix it up tomorrow.
>
> > printf(" -v, --verbose increment verbosity level\n");
> > printf(" -h, --help display usage information\n");
> > exit(1);
> > @@ -97,6 +98,7 @@ int main(int argc, char *argv[])
> > int policyvers = POLICYDB_VERSION_MAX;
> > int attrs_expand_generated = 0;
> > int attrs_expand_size = -1;
> > + int optimize_policy = 1;
> > int opt_char;
> > int opt_index = 0;
> > char *fc_buf = NULL;
> > @@ -117,12 +119,13 @@ int main(int argc, char *argv[])
> > {"filecontexts", required_argument, 0, 'f'},
> > {"expand-generated", no_argument, 0, 'G'},
> > {"expand-size", required_argument, 0, 'X'},
> > + {"no-optimize", no_argument, 0, 'n'},
> > {0, 0, 0, 0}
> > };
> > int i;
> >
> > while (1) {
> > - opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDmNc:GX:", long_opts, &opt_index);
> > + opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDmNc:GX:n", long_opts, &opt_index);
> > if (opt_char == -1) {
> > break;
> > }
> > @@ -211,6 +214,9 @@ int main(int argc, char *argv[])
> > }
> > break;
> > }
> > + case 'n':
> > + optimize_policy = 0;
> > + break;
> > case 'h':
> > usage(argv[0]);
> > case '?':
> > @@ -294,6 +300,14 @@ int main(int argc, char *argv[])
> > goto exit;
> > }
> >
> > + if (optimize_policy) {
> > + rc = sepol_policydb_optimize(pdb);
> > + if (rc != SEPOL_OK) {
> > + fprintf(stderr, "Failed to optimize policydb\n");
> > + goto exit;
> > + }
> > + }
> > +
> > if (output == NULL) {
> > int size = snprintf(NULL, 0, "policy.%d", policyvers);
> > output = malloc((size + 1) * sizeof(char));
> > --
> > 2.20.1
> >
>
> --
> Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
> https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
> Dominick Grift
--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.
