> Out of curiosity: can you give libselinux 3.8-rc1 a try, which might/should > improve the runtime? Yes, we are excited to see the latest rework on the file_label structure. However, we have a few hundreds of non-trivial regular expression rules instead of literal rules. So, the latest rework is still not enough for us. By the way, I found a bug in the latest libselinux which breaks our existing rules. I'll share it in another thread. In addition, it's not enough even if restorecon is improved from 2.7 seconds to a few hundred milliseconds, which is the time of `restorecon -R /sys` in a clean Debian with the latest libselinux. On Android, restorecon runs for `/sys` when a device wakes up. Spending a few hundred milliseconds CPU time every time hurts the battery life a lot. Thus, we want to eliminate this overhead entirely by genfscon. Actually, we have another PoC to further improve the restorecon performance, but for the reason above we want to improve genfscon instead.
