Originally posted here: https://github.com/SELinuxProject/selinux/issues/287 By default, selinux_check_access does not appear to be thread-safe. It calls avc_open, which then calls avc_init, passing NULL for all callback function tables. The result is that no locking is done for the AVC, which can corrupt the cache if multiple threads are calling selinux_check_access. It looks like calling avc_init, supplying lock callbacks, is the "easy" answer. However, the avc_init man page says that avc_init is deprecated. There's a new function for setting callbacks, selinux_set_callback, but it does not seem to support locking. I see a few possible solutions: 1. Update selinux_set_callback to support AVC lock functions. 2. Update the man pages to indicate selinux is not intended to be thread-safe anymore. 3. Update the avc_init man page, indicating it's safe to use (un-deprecate?) Note that we have observed buggy behavior with Android keystore2. Our quick-n-dirty fix was a serializing lock around all selinux calls: https://android.googlesource.com/platform/system/security/+/ff188d3a6ca38919e568f0c89f74d90c011526e9 My prefered fix is either #1 or #3, as they provide slightly finger-grained locking than our fix. Cheers, Seth
