| Message ID | 20200227160257.340737-3-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | libsepol: Speed up policy optimization | expand |
On Thu, Feb 27, 2020 at 11:03 AM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > Only attributes can be a superset of another attribute, so we can skip > non-attributes right away. > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > --- > libsepol/src/optimize.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/libsepol/src/optimize.c b/libsepol/src/optimize.c > index 4d835d47..2b5102af 100644 > --- a/libsepol/src/optimize.c > +++ b/libsepol/src/optimize.c > @@ -50,6 +50,9 @@ static ebitmap_t *build_type_map(const policydb_t *p) > for (k = 0; k < p->p_types.nprim; k++) { > ebitmap_t *types_k = &p->attr_type_map[k]; > > + if (p->type_val_to_struct[k]->flavor != TYPE_ATTRIB) > + continue; > + I haven't tested this yet, but I suspect that this is what is causing the difference noted by Stephen. A type is a superset of itself. Jim > if (ebitmap_contains(types_k, types_i)) { > if (ebitmap_set_bit(&map[i], k, 1)) > goto err; > -- > 2.24.1 >
On Mon, Mar 2, 2020 at 10:24 AM James Carter <jwcart2@gmail.com> wrote: > > On Thu, Feb 27, 2020 at 11:03 AM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > > > Only attributes can be a superset of another attribute, so we can skip > > non-attributes right away. > > > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > > --- > > libsepol/src/optimize.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/libsepol/src/optimize.c b/libsepol/src/optimize.c > > index 4d835d47..2b5102af 100644 > > --- a/libsepol/src/optimize.c > > +++ b/libsepol/src/optimize.c > > @@ -50,6 +50,9 @@ static ebitmap_t *build_type_map(const policydb_t *p) > > for (k = 0; k < p->p_types.nprim; k++) { > > ebitmap_t *types_k = &p->attr_type_map[k]; > > > > + if (p->type_val_to_struct[k]->flavor != TYPE_ATTRIB) > > + continue; > > + > > I haven't tested this yet, but I suspect that this is what is causing > the difference noted by Stephen. A type is a superset of itself. > This is definitely what is causing the change. Your explanation is correct. This prevents a type from being considered as a super set of an attribute that only contains that type. Jim > Jim > > > > if (ebitmap_contains(types_k, types_i)) { > > if (ebitmap_set_bit(&map[i], k, 1)) > > goto err; > > -- > > 2.24.1 > >
On Thu, Feb 27, 2020 at 11:03 AM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > Only attributes can be a superset of another attribute, so we can skip > non-attributes right away. > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
On Tue, Mar 17, 2020 at 2:22 PM Stephen Smalley <stephen.smalley.work@gmail.com> wrote: > > On Thu, Feb 27, 2020 at 11:03 AM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > > > Only attributes can be a superset of another attribute, so we can skip > > non-attributes right away. > > > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > > Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> Applied. Thanks, Jim
diff --git a/libsepol/src/optimize.c b/libsepol/src/optimize.c index 4d835d47..2b5102af 100644 --- a/libsepol/src/optimize.c +++ b/libsepol/src/optimize.c @@ -50,6 +50,9 @@ static ebitmap_t *build_type_map(const policydb_t *p) for (k = 0; k < p->p_types.nprim; k++) { ebitmap_t *types_k = &p->attr_type_map[k]; + if (p->type_val_to_struct[k]->flavor != TYPE_ATTRIB) + continue; + if (ebitmap_contains(types_k, types_i)) { if (ebitmap_set_bit(&map[i], k, 1)) goto err;
Only attributes can be a superset of another attribute, so we can skip non-attributes right away. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- libsepol/src/optimize.c | 3 +++ 1 file changed, 3 insertions(+)