selinux

mirror of https://github.com/SELinuxProject/selinux synced 2025-02-08 21:57:34 +00:00

Author	SHA1	Message	Date
Ondrej Mosnacek	b8213acff8	libsepol: add a function to optimize kernel policy Add sepol_policydb_optimize(), which checks a kernel policy for redundant rules (i.e. those that are covered by an existing more general rule) and removes them. Results on Fedora 29 policy: WITHOUT OPTIMIZATION: # time semodule -B real 0m21,280s user 0m18,636s sys 0m2,525s $ wc -c /sys/fs/selinux/policy 8692158 /sys/fs/selinux/policy $ seinfo (edited) Allow: 113159 Dontaudit: 10297 Total: 123156 WITH OPTIMIZATION ENABLED: # time semodule -B real 0m22,825s user 0m20,178s sys 0m2,520s $ wc -c /sys/fs/selinux/policy 8096158 /sys/fs/selinux/policy $ seinfo (edited) Allow: 66334 Dontaudit: 7480 Total: 73814 Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>	2019-06-25 10:11:00 -04:00
Stephen Smalley	cf8625be58	libsepol: do not #include <sys/cdefs.h> ratbert90 submitted this patch via https://github.com/SELinuxProject/selinux/issues/19. Apparently musl does not provide sys/cdefs.h, see http://wiki.musl-libc.org/wiki/FAQ#Q:_I.27m_trying_to_compile_something_against_musl_and_I_get_error_messages_about_sys.2Fcdefs.h. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>	2016-11-29 11:03:17 -05:00
dcashman	ed7a6ba24a	Allow libsepol C++ static library on device. Change-Id: I7da601767c3a4ebed7274e33304d8b589a9115fe Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>	2015-01-20 10:31:15 -05:00
Steve Lawrence	44a65ed816	libsepol: add function to libsepol for setting target_platform With pp modules, the target platform information comes form the base module. However, CIL modules have no concept of target platform. So it must come from somewhere else. This adds an API function that allows setting the target platform. Signed-off-by: Steve Lawrence <slawrence@tresys.com>	2014-08-26 08:02:16 -04:00
Joshua Brindle	13cd4c8960	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00

5 Commits