On Thu, Apr 16, 2020 at 1:14 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > Implement a new, more space-efficient way of storing filename > transitions in the binary policy. The internal structures have already > been converted to this new representation; this patch just implements > reading/writing an equivalent represntation from/to the binary policy. > > This new format reduces the size of Fedora policy from 7.6 MB to only > 3.3 MB (with policy optimization enabled in both cases). With the > unconfined module disabled, the size is reduced from 3.3 MB to 2.4 MB. > > The time to load policy into kernel is also shorter with the new format. > On Fedora Rawhide x86_64 it dropped from 157 ms to 106 ms; without the > unconfined module from 115 ms to 105 ms. > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > --- > > Changes in v2: > - rename the read/write helpers > - move update of filename_trans_ttypes in filename_trans_read_helper() > to later in the function > - make filename_trans_read_helper() count filename_trans_count > correctly > > security/selinux/include/security.h | 3 +- > security/selinux/ss/policydb.c | 212 ++++++++++++++++++++++++---- > 2 files changed, 189 insertions(+), 26 deletions(-) Merged into selinux/next, thanks. -- paul moore www.paul-moore.com
