On Fri, Aug 7, 2020 at 9:30 AM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > Encapsulate the policy state in its own structure (struct > selinux_policy) that is separately allocated but referenced from the > selinux_ss structure. The policy state includes the SID table > (particularly the context structures), the policy database, and the > mapping between the kernel classes/permissions and the policy values. > Refactor the security server portion of the policy load logic to > cleanly separate loading of the new structures from committing the new > policy. Unify the initial policy load and reload code paths as much > as possible, avoiding duplicated code. Make sure we are taking the > policy read-lock prior to any dereferencing of the policy. Move the > copying of the policy capability booleans into the state structure > outside of the policy write-lock because they are separate from the > policy and are read outside of any policy lock; possibly they should > be using at least READ_ONCE/WRITE_ONCE or smp_load_acquire/store_release. > > These changes simplify the policy loading logic, reduce the size of > the critical section while holding the policy write-lock, and should > facilitate future changes to e.g. refactor the entire policy reload > logic including the selinuxfs code to make the updating of the policy > and the selinuxfs directory tree atomic and/or to convert the policy > read-write lock to RCU. > > Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > --- > v5 drops the load_mutex and adds a comment about why we do not need > to take the policy read-lock in the security_load_policy() and > selinux_policy_commit() code that dereferences state->ss->policy due > to the selinuxfs fsi->mutex providing exclusion around the entire policy > reload. I am also dropping RFC from the subject line because I consider > these patches ready to be merged now. > > security/selinux/ss/services.c | 403 +++++++++++++++++---------------- > security/selinux/ss/services.h | 10 +- > 2 files changed, 221 insertions(+), 192 deletions(-) Merged into selinux/next. -- paul moore www.paul-moore.com