GitLab

In August 2006 I posted a patch generating a minimal SELinux policy.  This
week, David P. Quigley posted an updated version of that as a patch against
the kernel.  It also had nice logic for auto-installing the policy.

Following is David's original patch intro (preserved especially
bc it has stats on the generated policies):

se interested in the changes there were only two significant
changes. The first is that the iteration through the list of classes
used NULL as a sentinel value. The problem with this is that the
class_to_string array actually has NULL entries in its table as place
holders for the user space object classes.

The second change was that it would seem at some point the initial sids
table was NULL terminated. This is no longer the case so that iteration
has to be done on array length instead of looking for NULL.

Some statistics on the policy that it generates:

The policy consists of 523 lines which contain no blank lines. Of those...