From: jwcart2@tycho.nsa.gov (James Carter)
Date: Wed, 25 Apr 2012 10:25:35 -0400
Subject: [refpolicy] [PATCH 0/4 v2] Create non_auth_file_type attribute and
 some eliminate set expressions
Message-ID: <1335363935.17855.27.camel@moss-lions.epoch.ncsc.mil>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This patch set reduces the binary policy size on my system from 4.7M to
2.1M with sediff showing no changes other than the addition of the new
attribute. This patch set also makes Refpolicy easier to convert to CIL.

It does this by eliminating some set expressions related to file
accesses. A new type attribute called non_auth_file_type is created
along with interfaces to allow access to files with this attribute.
These alternative interfaces can be used instead of the
*_except_auth_files interfaces which use a set expression that expands
into a large number of rules.

In this version of the patch set:
- White space errors have been corrected (I think)
- The new interfaces in files.if have been put together and placed
before the configuration file interfaces.
- Renamed the files_read_non_auth_dirs to be files_list_non_auth_dirs.
- Changed the authlogin.if interfaces to use the new interfaces and
deprecated them.

-- 
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency