These patches are the userspace side of the kernel change posted at [1].
The first patch changes libsepol's internal representation of filename
transition rules in a way similar to kernel commit c3a276111ea2
("selinux: optimize storage of filename transitions") [2].
The second patch then builds upon that and implements reading and
writing of a new binary policy format that uses this representation also
in the data layout.
See individual patches for more details.
NOTE: This series unfortunately breaks the build of setools. Moreover,
when an existing build of setools dynamically links against the new
libsepol, it segfaults. Sadly, there doesn't seem to be a nice way of
handling this, since setools relies on non-public libsepol policydb
API/ABI.
Changes in v3:
- fixed the change in dispol.c to match the rest of the code
- renamed the helper functions to use the "_compat" suffix rather than
"_old" and "_new"
Changes in v2:
- fixed counting rules when reading the new policy format
[1] https://lore.kernel.org/selinux/20200327151941.95619-1-omosnace@xxxxxxxxxx/T/
[2] https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git/commit/?id=c3a276111ea2572399281988b3129683e2a6b60b
Ondrej Mosnacek (2):
libsepol,checkpolicy: optimize storage of filename transitions
libsepol: implement POLICYDB_VERSION_COMP_FTRANS
checkpolicy/policy_define.c | 52 ++--
checkpolicy/test/dispol.c | 20 +-
libsepol/cil/src/cil_binary.c | 29 +-
libsepol/include/sepol/policydb/policydb.h | 18 +-
libsepol/src/expand.c | 60 +---
libsepol/src/kernel_to_cil.c | 24 +-
libsepol/src/kernel_to_conf.c | 24 +-
libsepol/src/policydb.c | 314 ++++++++++++++++-----
libsepol/src/write.c | 101 +++++--
9 files changed, 436 insertions(+), 206 deletions(-)
--
2.25.4
