This repository was archived by the owner on May 24, 2023. It is now read-only.
This repository was archived by the owner on May 24, 2023. It is now read-only.
too many auto-generated attributes may slow down the context_struct_compute_av() in kernel #9
Description
I found that if using the checkpolicy tool to generate sepolicy with cil mode, a lot of "base_typeattr_xx" will be auto-generated. And each of them contain a lot of types. So the "ebitmap_for_each_positive_bit" loop in context_struct_compute_av() function will run 10x times more than policy directly generated from policy.conf file.
if I comment the libsepol's set_to_cil_attr() function and re-generate cil. Kernel runs fast and happy as the non-cil mode
So, why we need so many "base_typeattr_xx" ? Is it a safe way to remove those auto-generated attributes?
Metadata
Metadata
Assignees
Labels
No labels
Type
Projects
Milestone
Relationships
Development
No branches or pull requests
Participants
Activity
jwcart2 commentedon Mar 21, 2017
stesen commentedon Mar 22, 2017
Thankyou for your reply :)
I am working on android. the latest code shows that android will using CIL in the next version.
It seems that base_typeattr_x can decrease the policy size, but use more cpu resource. So do you have some advices? Is that a good choice to set a limit number for one "base_typeattr_"?
Add attribute expansion options
Add attribute expansion options
Add attribute expansion options
Add attribute expansion options
Add attribute expansion options
Add attribute expansion options
Add attribute expansion options
stesen commentedon Sep 3, 2018
Thank You :)