From d47503f8dcf3b49722acfdca764bbb703ecc6437 Mon Sep 17 00:00:00 2001 From: Jeff Vander Stoep Date: Thu, 25 May 2017 13:13:29 -0700 Subject: [PATCH] Expand all compile-time generated attributes Cutting down on the number of attributes associated with each type speeds up policy lookup times when there is an access vector cache miss. This commit reduces the number of attributes in the policy binary from 607 to 159. (cherry-pick of commit: 574926fe6767a725e5fcc9576f3ba1e2c1dc3796) Bug: 36508258 Test: build and boot Marlin Change-Id: I42c778fe9e760abf62d4ec1f7b7e748e28ac5497 --- libsepol/cil/src/android.c | 17 +++++++++++++++++ libsepol/cil/src/cil_write_ast.c | 21 +++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/libsepol/cil/src/android.c b/libsepol/cil/src/android.c index f862a099..1d80046b 100644 --- a/libsepol/cil/src/android.c +++ b/libsepol/cil/src/android.c @@ -780,6 +780,7 @@ exit: static int cil_build_mappings_tree(hashtab_key_t k, hashtab_datum_t d, void *args) { struct cil_typeattributeset *attrset = NULL; + struct cil_expandtypeattribute *expandattr = NULL; struct cil_tree_node *ast_node = NULL; struct version_args *verargs = (struct version_args *)args; struct cil_tree_node *ast_parent = verargs->db->ast->root; @@ -808,6 +809,22 @@ static int cil_build_mappings_tree(hashtab_key_t k, hashtab_datum_t d, void *arg else ast_parent->cl_tail->next = ast_node; ast_parent->cl_tail = ast_node; + + /* create expandtypeattribute datum */ + cil_expandtypeattribute_init(&expandattr); + cil_list_init(&expandattr->attr_strs, CIL_TYPE); + cil_list_append(expandattr->attr_strs, CIL_STRING, __cil_attrib_get_versname(orig_type, verargs->num)); + expandattr->expand = CIL_TRUE; + + /* create containing tree node */ + cil_tree_node_init(&ast_node); + ast_node->data = expandattr; + ast_node->flavor = CIL_EXPANDTYPEATTRIBUTE; + /* add to tree */ + ast_node->parent = ast_parent; + ast_parent->cl_tail->next = ast_node; + ast_parent->cl_tail = ast_node; + return SEPOL_OK; } diff --git a/libsepol/cil/src/cil_write_ast.c b/libsepol/cil/src/cil_write_ast.c index 30eb2cc9..3b252db7 100644 --- a/libsepol/cil/src/cil_write_ast.c +++ b/libsepol/cil/src/cil_write_ast.c @@ -652,6 +652,24 @@ exit: return rc; } +static int cil_write_expandtypeattribute(struct cil_tree_node *node, FILE *cil_out) +{ + int rc = SEPOL_ERR; + char *attr_strs = NULL; + struct cil_expandtypeattribute *expandattr = (struct cil_expandtypeattribute *)node->data; + + rc = cil_unfill_expr(expandattr->attr_strs, &attr_strs, 1); + if (rc != SEPOL_OK) + goto exit; + + fprintf(cil_out, "(%s %s %s)\n", CIL_KEY_EXPANDTYPEATTRIBUTE, attr_strs, + expandattr->expand ? CIL_KEY_CONDTRUE : CIL_KEY_CONDFALSE); + rc = SEPOL_OK; +exit: + free(attr_strs); + return rc; +} + static int cil_write_alias(struct cil_tree_node *node, FILE *cil_out) { int rc = SEPOL_ERR; char *type; @@ -1259,6 +1277,9 @@ static int __cil_write_node_helper(struct cil_tree_node *node, uint32_t *finishe case CIL_TYPEATTRIBUTESET: rc = cil_write_typeattributeset(node, cil_out); break; + case CIL_EXPANDTYPEATTRIBUTE: + rc = cil_write_expandtypeattribute(node, cil_out); + break; case CIL_TYPEALIAS: rc = cil_write_alias(node, cil_out); break;