• Ondrej Mosnacek's avatar
    selinux: implement new format of filename transitions · 43005902
    Ondrej Mosnacek authored
    Implement a new, more space-efficient way of storing filename
    transitions in the binary policy. The internal structures have already
    been converted to this new representation; this patch just implements
    reading/writing an equivalent represntation from/to the binary policy.
    
    This new format reduces the size of Fedora policy from 7.6 MB to only
    3.3 MB (with policy optimization enabled in both cases). With the
    unconfined module disabled, the size is reduced from 3.3 MB to 2.4 MB.
    
    The time to load policy into kernel is also shorter with the new format.
    On Fedora Rawhide x86_64 it dropped from 157 ms to 106 ms; without the
    unconfined module from 115 ms to 105 ms.
    Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
    Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
    43005902
security.h 12.9 KB