• Home
  • Raw
  • Download

Lines Matching +full:high +full:- +full:performance

4 …nguage that sits between one or more high level policy languages (such as the current module langu…
6high-level languages that can both consume and produce language constructs with more features than…
8 * Eases the creation of high-level languages, encouraging the creation of more domain specific poli…
10 … analysis of the output of multiple high-level languages using a single analysis tool set without …
13 ------------------
17- provide rich semantics needed for cross-language interaction but not for convenience. If a featu…
19- provide clear, simple syntax that is easy to parse and to generate by high-level compilers, anal…
21- the ultimate goal of CIL is the generation of the policy that will be enforced by the kernel. Th…
23 * The only good binary file format is a non-existent one - CIL is meant for a source policy oriente…
25 * Enable backwards compatibility but don't be a slave to it - source, but not binary, compatibility…
27- CIL is an opportunity to make bold changes to SELinux policy, but there is no reason to re-think…
29- the pervasive use of M4 and pre-processing in general has eased policy creation, but the side-ef…
31-module instead of globally - the current toolchain performance is often driven by the size of the…
34 -----
36 …ols. While generality is always a goal, with CIL there are also several well-known and clear motiv…
38- one of the challenges in SELinux is allowing a system builder or administrator to change the acc…
40- interfaces, and macros before them, have been a successful mechanism to allow policy authors to …
42- templates, interfaces, and attributes are currently the only means of quickly creating new types…
44 * Support for policy management - semanage and related tools currently make policy modifications us…
47 ------------------
51 1. The syntax is extremely regular and easy to parse being based upon s-expressions.
52 2. The statements are reduced to the bare minimum. There is one - and only one - way to express any…
55 …ant to be processed in source form as a single compilation unit - there is no module-by-module com…