Draft: Userspace-compressed policies
Currently, AppArmor loads policies from userspace thanks to the ".load" and ".replace" interfaces. To save up kernel memory, these policies are then zstd-compressed in kernel for storage.
This patch allows policies to be compressed in userspace and be sent to the kernel through the interfaces ".load_compressed" and ".replace_compressed".
The interest of this approach are:
- Save kernel time when loading policies
- Allow the userspace to provide a higher level of compression than the one provided by the kernel (ZSTD_CLEVEL_DEFAULT), thus saving space.
- Allow small embedded systems to only store compressed version of policies in userspace, saving memory.
Userspace-compressed policies improve system time by up to ~10% for big profiles.