I suspect it won't matter in practice, but the reason for it is that permissions or other state may have been cached during bootup prior to initial policy load that may no longer be valid. On Wed, Jun 25, 2014 at 3:29 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > On Wednesday, June 25, 2014 03:14:56 PM Stephen Smalley wrote: >> ---------- Forwarded message ---------- >> From: Jaejyn Shin <flagon22bass@xxxxxxxxx> >> Date: Wed, Jun 25, 2014 at 4:36 AM >> Subject: Booting time is increased after applying kernel 3.10 >> To: "seandroid-list@xxxxxxxxxxxxx" <seandroid-list@xxxxxxxxxxxxx> >> >> >> >> Dear SEAndroid and SELinux developer >> First of all, I always appreciate that I get lots of information in >> this e-mailing list. >> >> After applying kernel 3.10, the booting time of my device has been increased >> Especially, the selinux initializing time is increased (about 0.5s). >> >> I analized the reason, and I found that the synchronize_net function >> has 0.1s delay. > > I would need to give it some more thought, but since the netport/netnode/netif > caches all have their own locks it may be possible to skip the > synchronize_net() call. Although, looking at this a bit closer, I wonder if > it would be possible to just skip the avc_ss_reset() call for the initial > policy load, or at least skip the callback processing. Am I missing > something? > >> before) >> selinux_initialize >> -> selinux_android_load_policy >> -> selinux_android_reload_policy >> -> security_load_policy >> -> avc_ss_reset >> -> sel_netport_avc_callback -> synchronize_net >> -> sel_netnode_avc_callback -> synchronize_net >> -> sel_netif_avc_callback -> synchronize_net >> -> security_setenforce >> -> sel_write_enforce >> -> avc_ss_reset >> -> sel_netport_avc_callback -> synchronize_net >> -> sel_netnode_avc_callback -> synchronize_net >> -> sel_netif_avc_callback -> synchronize_net >> To make fast the booting time, can I don't call the avc_ss_reset >> function only during initializing selinux ? >> >> after) >> selinux_initialize >> -> selinux_android_load_policy >> -> selinux_android_reload_policy >> -> security_load_policy >> X-> avc_ss_reset >> -> security_setenforce >> -> sel_write_enforce >> X-> avc_ss_reset >> >> Is it possible? >> >> Thank you >> Best regards >> >> _______________________________________________ >> Seandroid-list mailing list >> Seandroid-list@xxxxxxxxxxxxx >> To unsubscribe, send email to Seandroid-list-leave@xxxxxxxxxxxxx. >> To get help, send an email containing "help" to >> Seandroid-list-request@xxxxxxxxxxxxx. > > -- > paul moore > www.paul-moore.com > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.