[refpolicy] [PATCH 0/4 v2] Create non_auth_file_type attribute and some eliminate set expressions
James Carter
jwcart2 at tycho.nsa.gov
Wed Apr 25 09:25:35 CDT 2012
This patch set reduces the binary policy size on my system from 4.7M to
2.1M with sediff showing no changes other than the addition of the new
attribute. This patch set also makes Refpolicy easier to convert to CIL.
It does this by eliminating some set expressions related to file
accesses. A new type attribute called non_auth_file_type is created
along with interfaces to allow access to files with this attribute.
These alternative interfaces can be used instead of the
*_except_auth_files interfaces which use a set expression that expands
into a large number of rules.
In this version of the patch set:
- White space errors have been corrected (I think)
- The new interfaces in files.if have been put together and placed
before the configuration file interfaces.
- Renamed the files_read_non_auth_dirs to be files_list_non_auth_dirs.
- Changed the authlogin.if interfaces to use the new interfaces and
deprecated them.
--
James Carter <jwcart2 at tycho.nsa.gov>
National Security Agency
More information about the refpolicy
mailing list