On Fri, Aug 7, 2020 at 9:30 AM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > With the refactoring of the policy load logic in the security > server from the previous change, it is now possible to split out > the committing of the new policy from security_load_policy() and > perform it only after successful updating of selinuxfs. Change > security_load_policy() to return the newly populated policy > data structures to the caller, export selinux_policy_commit() > for external callers, and introduce selinux_policy_cancel() to > provide a way to cancel the policy load in the event of an error > during updating of the selinuxfs directory tree. Further, rework > the interfaces used by selinuxfs to get information from the policy > when creating the new directory tree to take and act upon the > new policy data structure rather than the current/active policy. > Update selinuxfs to use these updated and new interfaces. While > we are here, stop re-creating the policy_capabilities directory > on each policy load since it does not depend on the policy, and > stop trying to create the booleans and classes directories during > the initial creation of selinuxfs since no information is available > until first policy load. > > After this change, a failure while updating the booleans and class > directories will cause the entire policy load to be canceled, leaving > the original policy intact, and policy load notifications to userspace > will only happen after a successful completion of updating those > directories. This does not (yet) provide full atomicity with respect > to the updating of the directory trees themselves. > > Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > --- > This is technically v3 of this patch but I marked it v5 to match the version > of the first patch since I am posting them as a series. In any event, > the only change here is re-basing on top of the updated first patch > and dropping use of load_mutex. > > security/selinux/include/conditional.h | 2 +- > security/selinux/include/security.h | 16 ++++- > security/selinux/selinuxfs.c | 69 +++++++++++---------- > security/selinux/ss/services.c | 85 +++++++++++++------------- > security/selinux/ss/sidtab.c | 10 +++ > security/selinux/ss/sidtab.h | 2 + > 6 files changed, 104 insertions(+), 80 deletions(-) Also merged into selinux/next. -- paul moore www.paul-moore.com
