From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 4 May 2012 09:15:56 -0400
Subject: [refpolicy] [PATCH 0/4 v2] Create non_auth_file_type attribute
 and some eliminate set expressions
In-Reply-To: <1335363935.17855.27.camel@moss-lions.epoch.ncsc.mil>
References: <1335363935.17855.27.camel@moss-lions.epoch.ncsc.mil>
Message-ID: <4FA3D68C.4070406@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 04/25/12 10:25, James Carter wrote:
> This patch set reduces the binary policy size on my system from 4.7M to
> 2.1M with sediff showing no changes other than the addition of the new
> attribute. This patch set also makes Refpolicy easier to convert to CIL.
> 
> It does this by eliminating some set expressions related to file
> accesses. A new type attribute called non_auth_file_type is created
> along with interfaces to allow access to files with this attribute.
> These alternative interfaces can be used instead of the
> *_except_auth_files interfaces which use a set expression that expands
> into a large number of rules.
> 
> In this version of the patch set:
> - White space errors have been corrected (I think)
> - The new interfaces in files.if have been put together and placed
> before the configuration file interfaces.
> - Renamed the files_read_non_auth_dirs to be files_list_non_auth_dirs.
> - Changed the authlogin.if interfaces to use the new interfaces and
> deprecated them.

This set is merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com