9e6840e6a24533d5fac24c6001bfaaca5ad121fc - platform_external_selinux

commit	9e6840e6a24533d5fac24c6001bfaaca5ad121fc	[log] [tgz]
author	James Carter <jwcart2@tycho.nsa.gov>	Wed Jun 10 13:53:41 2015 -0400
committer	James Carter <jwcart2@tycho.nsa.gov>	Mon Jun 22 09:44:55 2015 -0400
tree	8258ddbe6174faf91d249a15eeb44ceb1c619444
parent	88d09b69795de11401355d2fcc6459bdc3f8a8a6 [diff]

libsepol: Refactored neverallow checking.

Instead of creating an expanded avtab, generating all of the avtab
keys corresponding to a neverallow rule and searching for a match,
walk the nodes in the avtab and use the attr_type_map and ebitmap
functions to find matching rules.

Memory usage is reduced from 370M to 125M and time is reduced from
14 sec to 2 sec. (Bounds checking commented out in both cases.)

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>

libsepol/include/sepol/policydb/policydb.h[diff]
libsepol/src/assertion.c[diff]

2 files changed

tree: 8258ddbe6174faf91d249a15eeb44ceb1c619444

checkpolicy/
libselinux/
libsemanage/
libsepol/
policycoreutils/
scripts/
secilc/
sepolgen/
.gitignore
Android.mk
CleanSpec.mk
Makefile
README