selinux

mirror of https://github.com/SELinuxProject/selinux synced 2024-12-15 02:24:38 +00:00

History

James Carter 9e6840e6a2 libsepol: Refactored neverallow checking. Instead of creating an expanded avtab, generating all of the avtab keys corresponding to a neverallow rule and searching for a match, walk the nodes in the avtab and use the attr_type_map and ebitmap functions to find matching rules. Memory usage is reduced from 370M to 125M and time is reduced from 14 sec to 2 sec. (Bounds checking commented out in both cases.) Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>	2015-06-22 09:44:55 -04:00
..
sepol	libsepol: Refactored neverallow checking.	2015-06-22 09:44:55 -04:00
Makefile	libsepol: build cil into libsepol	2014-08-26 08:03:31 -04:00

James Carter 9e6840e6a2 libsepol: Refactored neverallow checking.

Instead of creating an expanded avtab, generating all of the avtab
keys corresponding to a neverallow rule and searching for a match,
walk the nodes in the avtab and use the attr_type_map and ebitmap
functions to find matching rules.

Memory usage is reduced from 370M to 125M and time is reduced from
14 sec to 2 sec. (Bounds checking commented out in both cases.)

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>

2015-06-22 09:44:55 -04:00

sepol

libsepol: Refactored neverallow checking.

2015-06-22 09:44:55 -04:00

Makefile

libsepol: build cil into libsepol

2014-08-26 08:03:31 -04:00