* [PATCH 0/3] libsepol, policycoreutils, and checkpolicy: Add support for generating CIL to libsepol and checkpolicy
@ 2015-03-27 15:18 James Carter
0 siblings, 0 replies; only message in thread
From: James Carter @ 2015-03-27 15:18 UTC (permalink / raw)
To: SELinux List
This patch set moves the code to generate CIL from pp.c in
policycoreutils/hll/pp to libsepol, adds a new function to generate CIL from a
module policydb, and modifies checkpolicy and checkmodule to support generating
CIL as their output.
The primary motivation of this work is to allow SE for Android to use the CIl
compiler. Converting the policy.conf to CIL and then compiling to the kernel
binary policy results in a policy that is about 20% smaller. The smaller size is
because type expressions with negations are converted to type attribute sets in
CIL instead of being expanded.
--
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-03-27 15:16 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-03-27 15:18 [PATCH 0/3] libsepol, policycoreutils, and checkpolicy: Add support for generating CIL to libsepol and checkpolicy James Carter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.