On 09/20/2016 02:27 AM, William Roberts wrote: > On Sep 19, 2016 22:25, "Jason Zaman" <ja...@perfinion.com> wrote: >> >> On 20 Sep 2016 12:50 pm, "William Roberts" <bill.c.robe...@gmail.com> > wrote: >>> >>> On Sep 19, 2016 21:16, "Jason Zaman" <ja...@perfinion.com> wrote: >>>> >>>> On 20 Sep 2016 5:47 am, <william.c.robe...@intel.com> wrote: >>>>> >>>>> From: William Roberts <william.c.robe...@intel.com> >>>>> >>>>> THIS IS WIP... >>>>> >>>>> Rather than using stdio and making copies, just mmap the files >>>>> and use the pointers in place. The affect of this change, is that >>>>> text file load time is now faster than binary load time by 4.7% >>>>> when testing with a file_contexts file from the Android tree. Note >>>>> that the Android doesn't use monstrous regexs. >>>>> >>>>> Times are the average of 3 runs. >>>>> >>>>> BEFORE: >>>>> Text file allocs: 114803 >>>>> Text file load time: 0.266101 >>>>> Bin file allocs: 93073 >>>>> Bin file load time: 0.248757667 >>>>> >>>>> AFTER: >>>>> Text file allocs: 103933 >>>>> Text file load time: 0.236192667 >>>>> Bin file allocs: 87645 >>>>> Bin file load time: .247607333 >>>> >>>> Do you have the scripts that generated these stats so I can play with > it too? These stats are from android right? Do you also have a comparison > for refpolicy too? >>> >>> For generating these I used checkfc.c from the Android tree. I used > valgrind to measure allocations and clock to measure the time in > selabel_open(). >> >> Okay cool I'll fetch that and give it a whirl when I get time. >> >>>> >>>> I haven't looked that closely yet but just realised, will this need > new perms because of the mmap? If it does, can you send a patch to > refpolicy? >>> >>> I'm confused, mmap is not a permission, even if it was the binary path > already was doing an mmap, so the permission would have been there. We're > just making it so it always mmaps. >> >> Yeah but mmap needs execute perms sometimes (always?). I am out so just > wanted to send an email before I forgot. If it was mmaping already then > there is nothing to worry about :). > > Mmap would only need execute if you attempted to set the prot bits to > execute it use mprotect to change the mapping. Then things like execmod > might come I to play if the mapping was ever writable.
The only case where mmap without PROT_EXEC would require execute would be if the process has READ_IMPLIES_EXEC set in its personality. Typically only for programs with the executable stack flag set. Anyway, it is already mmap'ing file_contexts.bin so there shouldn't be an issue here. _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
