Add a command-line option -O/--optimize to optimize the final policydb using sepol_policydb_optimize() before writing it out. Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> --- secilc/secilc.8.xml | 5 +++++ secilc/secilc.c | 16 +++++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/secilc/secilc.8.xml b/secilc/secilc.8.xml index e08a9624..2b734f09 100644 --- a/secilc/secilc.8.xml +++ b/secilc/secilc.8.xml @@ -95,6 +95,11 @@ <listitem><para>Expand type attributes with fewer than <emphasis role="bold"><SIZE></emphasis> members.</para></listitem> </varlistentry> + <varlistentry> + <term><option>-O, --optimize</option></term> + <listitem><para>Optimize final policy (remove redundant rules).</para></listitem> + </varlistentry> + <varlistentry> <term><option>-v, --verbose</option></term> <listitem><para>Increment verbosity level.</para></listitem> diff --git a/secilc/secilc.c b/secilc/secilc.c index ad6862ba..186c5a73 100644 --- a/secilc/secilc.c +++ b/secilc/secilc.c @@ -68,6 +68,7 @@ static __attribute__((__noreturn__)) void usage(const char *prog) printf(" -G, --expand-generated Expand and remove auto-generated attributes\n"); printf(" -X, --expand-size <SIZE> Expand type attributes with fewer than <SIZE>\n"); printf(" members.\n"); + printf(" -O, --optimize optimize final policy\n"); printf(" -v, --verbose increment verbosity level\n"); printf(" -h, --help display usage information\n"); exit(1); @@ -97,6 +98,7 @@ int main(int argc, char *argv[]) int policyvers = POLICYDB_VERSION_MAX; int attrs_expand_generated = 0; int attrs_expand_size = -1; + int optimize = 0; int opt_char; int opt_index = 0; char *fc_buf = NULL; @@ -117,12 +119,13 @@ int main(int argc, char *argv[]) {"filecontexts", required_argument, 0, 'f'}, {"expand-generated", no_argument, 0, 'G'}, {"expand-size", required_argument, 0, 'X'}, + {"optimize", no_argument, 0, 'O'}, {0, 0, 0, 0} }; int i; while (1) { - opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDmNc:GX:", long_opts, &opt_index); + opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDmNOc:GX:n", long_opts, &opt_index); if (opt_char == -1) { break; } @@ -211,6 +214,9 @@ int main(int argc, char *argv[]) } break; } + case 'O': + optimize = 1; + break; case 'h': usage(argv[0]); case '?': @@ -294,6 +300,14 @@ int main(int argc, char *argv[]) goto exit; } + if (optimize) { + rc = sepol_policydb_optimize(pdb); + if (rc != SEPOL_OK) { + fprintf(stderr, "Failed to optimize policydb\n"); + goto exit; + } + } + if (output == NULL) { int size = snprintf(NULL, 0, "policy.%d", policyvers); output = malloc((size + 1) * sizeof(char)); -- 2.20.1