On Thu, Feb 27, 2020 at 11:03 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > The iteration over the set ebitmap bits is not implemented very > efficiently in libsepol. It is slowing down the policy optimization > quite significantly, so convert the type_map from an array of ebitmaps > to an array of simple ordered vectors, which can be traveresed more > easily. The worse space efficiency of the vectors is less important than > the speed in this case. > > After this change the duration of semodule -BN decreased from 6.4s to > 5.5s on Fedora Rawhide x86_64 (and from 6.1s to 5.6s with the unconfined > module disabled). > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> Sidebar: Wondering whether you would have gotten similar results by taking some of the ebitmap optimization done in the kernel into libsepol. Regardless, Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
