Re: [PATCH v2] python/sepolicy: Cache conditional rule queries

Petr Lautrbach <plautrba@xxxxxxxxxx> · Mon, 06 Feb 2023 15:40:01 +0100

James Carter <jwcart2@xxxxxxxxx> writes:

> On Mon, Jan 30, 2023 at 1:01 PM Vit Mojzis <vmojzis@xxxxxxxxxx> wrote:
>>
>> Commit 7506771e4b630fe0ab853f96574e039055cb72eb
>> "add missing booleans to man pages" dramatically slowed down
>> "sepolicy manpage -a" by removing caching of setools rule query.
>> Re-add said caching and update the query to only return conditional
>> rules.
>>
>> Before commit 7506771e:
>>  #time sepolicy manpage -a
>>  real   1m43.153s
>>  # time sepolicy manpage -d httpd_t
>>  real   0m4.493s
>>
>> After commit 7506771e:
>>  #time sepolicy manpage -a
>>  real   1h56m43.153s
>>  # time sepolicy manpage -d httpd_t
>>  real   0m8.352s
>>
>> After this commit:
>>  #time sepolicy manpage -a
>>  real   1m41.074s
>>  # time sepolicy manpage -d httpd_t
>>  real   0m7.358s
>>
>> Signed-off-by: Vit Mojzis <vmojzis@xxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>

This is merged now. Thanks!

>> ---
>> * Remove "sepolicy." before TERuleQuery (left over from testing on older
>>   version of userspace).
>>
>>  python/sepolicy/sepolicy/__init__.py | 11 ++++++++++-
>>  1 file changed, 10 insertions(+), 1 deletion(-)
>>
>> diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
>> index e2d5c11a..c177cdfc 100644
>> --- a/python/sepolicy/sepolicy/__init__.py
>> +++ b/python/sepolicy/sepolicy/__init__.py
>> @@ -125,6 +125,7 @@ all_attributes = None
>>  booleans = None
>>  booleans_dict = None
>>  all_allow_rules = None
>> +all_bool_rules = None
>>  all_transitions = None
>>
>>
>> @@ -1136,6 +1137,14 @@ def get_all_allow_rules():
>>          all_allow_rules = search([ALLOW])
>>      return all_allow_rules
>>
>> +def get_all_bool_rules():
>> +    global all_bool_rules
>> +    if not all_bool_rules:
>> +        q = TERuleQuery(_pol, boolean=".*", boolean_regex=True,
>> +                                ruletype=[ALLOW, DONTAUDIT])
>> +        all_bool_rules = [_setools_rule_to_dict(x) for x in q.results()]
>> +    return all_bool_rules
>> +
>>  def get_all_transitions():
>>      global all_transitions
>>      if not all_transitions:
>> @@ -1146,7 +1155,7 @@ def get_bools(setype):
>>      bools = []
>>      domainbools = []
>>      domainname, short_name = gen_short_name(setype)
>> -    for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, search([ALLOW, DONTAUDIT]))):
>> +    for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, get_all_bool_rules())):
>>          for b in i:
>>              if not isinstance(b, tuple):
>>                  continue
>> --
>> 2.37.3
>>