On 03/30/2015 07:57 PM, Nick Kralevich wrote: > Just spent some time debugging a problem that I thought I'd share with > the wider SEAndroid community. Hopefully someone won't experience the > same problem in the future. > > Problem: Device boots slowly. The bulk of the boot time is in > ueventd's function fixup_sys_perms, which calls restorecon_recursive > on nodes in /sys. Code which performed this operation was added in > https://android-review.googlesource.com/100249 . > > Device contains the following entry in /file_contexts: > > /sys/devices/.*asdf.*(/.*)? u:object_r:sysfs_asdf:s0 > > While doing the directory tree walk, restorecon_recursive() is > optimized to avoid recursing down paths which will never match a > regular expression in /file_contexts. This is an important > optimization which keeps boot times down. > > However, the file_contexts entry above defeats the optimization. It > tries looking for any file/directory named "asdf" in any subdirectory > of /sys/devices, which requires recursing into every directory of > /sys/devices > > Changing the regex to: > > /sys/devices/[^/]+asdf[^/]+(/.*)? u:object_r:sysfs_asdf:s0 > > substantially improved boot times, as it allowed the > restorecon_recursive optimizations to be effective and avoids visiting > unnecessary directories.
Hmm...wonder if we could/should test for such problematic regexes in the label_file backend and at least warn on them. Then when checkfc is run as part of the policy build, they would get the warning (or error, if we make it fatal). We'd only really need to impose it on /sys entries though; hard to generalize it. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
