libsepol/cil: raise default attrs_expand_size to 2

The value attrs_expand_size == 1 removes all empty attributes, but it also makes sense to expand all attributes that have only one type. This removes some redundant rules (there is sometimes the same rule for the type and the attribute) and reduces the number of attributes that the kernel has to go through when looking up rules. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: James Carter <jwcart2@gmail.com>
sailfishos-mirror · Mar 11, 2020 · 692716f · 692716f
1 parent 42b13ba
commit 692716f
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c
@@ -452,7 +452,8 @@ void cil_db_init(struct cil_db **db)
 	(*db)->disable_dontaudit = CIL_FALSE;
 	(*db)->disable_neverallow = CIL_FALSE;
 	(*db)->attrs_expand_generated = CIL_FALSE;
-	(*db)->attrs_expand_size = 1;
+	/* 2 == remove attributes that contain none or just 1 type */
+	(*db)->attrs_expand_size = 2;
 	(*db)->preserve_tunables = CIL_FALSE;
 	(*db)->handle_unknown = -1;
 	(*db)->mls = -1;