diff options
author | Stephen Smalley <stephen.smalley.work@gmail.com> | 2020-08-11 22:01:56 +0300 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2020-08-18 04:00:33 +0300 |
commit | c7c556f1e81bb9e09656ed6650d0c44c84b7c016 (patch) | |
tree | f59001467a93880927534c5bb484bfb72d918cdb /security/selinux/ss/services.h | |
parent | 02a52c5c8c3b8cbad0f12009cde9f36dbefb6972 (diff) | |
download | linux-c7c556f1e81bb9e09656ed6650d0c44c84b7c016.tar.xz |
selinux: refactor changing booleans
Refactor the logic for changing SELinux policy booleans in a similar
manner to the refactoring of policy load, thereby reducing the
size of the critical section when the policy write-lock is held
and making it easier to convert the policy rwlock to RCU in the
future. Instead of directly modifying the policydb in place, modify
a copy and then swap it into place through a single pointer update.
Only fully copy the portions of the policydb that are affected by
boolean changes to avoid the full cost of a deep policydb copy.
Introduce another level of indirection for the sidtab since changing
booleans does not require updating the sidtab, unlike policy load.
While we are here, create a common helper for notifying
other kernel components and userspace of a policy change and call it
from both security_set_bools() and selinux_policy_commit().
Based on an old (2004) patch by Kaigai Kohei [1] to convert the policy
rwlock to RCU that was deferred at the time since it did not
significantly improve performance and introduced complexity. Peter
Enderborg later submitted a patch series to convert to RCU [2] that
would have made changing booleans a much more expensive operation
by requiring a full policydb_write();policydb_read(); sequence to
deep copy the entire policydb and also had concerns regarding
atomic allocations.
This change is now simplified by the earlier work to encapsulate
policy state in the selinux_policy struct and to refactor
policy load. After this change, the last major obstacle to
converting the policy rwlock to RCU is likely the sidtab live
convert support.
[1] https://lore.kernel.org/selinux/6e2f9128-e191-ebb3-0e87-74bfccb0767f@tycho.nsa.gov/
[2] https://lore.kernel.org/selinux/20180530141104.28569-1-peter.enderborg@sony.com/
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/ss/services.h')
-rw-r--r-- | security/selinux/ss/services.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h index c36933c1c363..06931e34cb24 100644 --- a/security/selinux/ss/services.h +++ b/security/selinux/ss/services.h @@ -23,7 +23,7 @@ struct selinux_map { }; struct selinux_policy { - struct sidtab sidtab; + struct sidtab *sidtab; struct policydb policydb; struct selinux_map map; }; |