selinux

History

James Carter 798faf1227 libsepol: Refactored bounds (hierarchy) checking code The largest change to the user and role bounds checking was to put them in their own functions, so they could be called independently. The type bounds checking was changed to check one type bounds at a time. An expanded avtab is still created, but now only the rules of the parent type are expanded. If violations are discovered, a list of avtab_ptr_t's provides details. This list is used to display error messages for backwards compatibility and will be used by CIL to provide a more detailed error message. Memory usage is reduced from 9,355M to 126M and time is reduced from 9 sec to 2 sec. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>	2015-06-22 09:44:55 -04:00
..
sepol	libsepol: Refactored bounds (hierarchy) checking code	2015-06-22 09:44:55 -04:00
Makefile	libsepol: build cil into libsepol	2014-08-26 08:03:31 -04:00

James Carter 798faf1227 libsepol: Refactored bounds (hierarchy) checking code

The largest change to the user and role bounds checking was to put
them in their own functions, so they could be called independently.

The type bounds checking was changed to check one type bounds at
a time. An expanded avtab is still created, but now only the rules
of the parent type are expanded. If violations are discovered,
a list of avtab_ptr_t's provides details. This list is used to
display error messages for backwards compatibility and will be
used by CIL to provide a more detailed error message.

Memory usage is reduced from 9,355M to 126M and time is reduced
from 9 sec to 2 sec.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>

2015-06-22 09:44:55 -04:00

sepol

libsepol: Refactored bounds (hierarchy) checking code

2015-06-22 09:44:55 -04:00

Makefile

libsepol: build cil into libsepol

2014-08-26 08:03:31 -04:00