On Wednesday, June 25, 2014 03:14:56 PM Stephen Smalley wrote: > ---------- Forwarded message ---------- > From: Jaejyn Shin <flagon22bass@xxxxxxxxx> > Date: Wed, Jun 25, 2014 at 4:36 AM > Subject: Booting time is increased after applying kernel 3.10 > To: "seandroid-list@xxxxxxxxxxxxx" <seandroid-list@xxxxxxxxxxxxx> > > > > Dear SEAndroid and SELinux developer > First of all, I always appreciate that I get lots of information in > this e-mailing list. > > After applying kernel 3.10, the booting time of my device has been increased > Especially, the selinux initializing time is increased (about 0.5s). > > I analized the reason, and I found that the synchronize_net function > has 0.1s delay. I would need to give it some more thought, but since the netport/netnode/netif caches all have their own locks it may be possible to skip the synchronize_net() call. Although, looking at this a bit closer, I wonder if it would be possible to just skip the avc_ss_reset() call for the initial policy load, or at least skip the callback processing. Am I missing something? > before) > selinux_initialize > -> selinux_android_load_policy > -> selinux_android_reload_policy > -> security_load_policy > -> avc_ss_reset > -> sel_netport_avc_callback -> synchronize_net > -> sel_netnode_avc_callback -> synchronize_net > -> sel_netif_avc_callback -> synchronize_net > -> security_setenforce > -> sel_write_enforce > -> avc_ss_reset > -> sel_netport_avc_callback -> synchronize_net > -> sel_netnode_avc_callback -> synchronize_net > -> sel_netif_avc_callback -> synchronize_net > To make fast the booting time, can I don't call the avc_ss_reset > function only during initializing selinux ? > > after) > selinux_initialize > -> selinux_android_load_policy > -> selinux_android_reload_policy > -> security_load_policy > X-> avc_ss_reset > -> security_setenforce > -> sel_write_enforce > X-> avc_ss_reset > > Is it possible? > > Thank you > Best regards > > _______________________________________________ > Seandroid-list mailing list > Seandroid-list@xxxxxxxxxxxxx > To unsubscribe, send email to Seandroid-list-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to > Seandroid-list-request@xxxxxxxxxxxxx. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
