[RFC,0/3] selinux: RCU conversion follow-ups

Message

Ondrej Mosnacek Aug. 25, 2020, 3:20 p.m. UTC

This series contains some follow-up patches for the policy rwlock to RCU
conversion that has been merged recently. The first two are quite
straightforward, but I marked this series as RFC mainly because of the
last patch, which may need some more careful review/testing.

Note that the last patch also opens up the possiblity to implement
security_read_policy_kernel() from the IMA measurement patch [1] in a
simple way without race conditions.

I only did quick basic testing of these patches, so there may be some
bugs. I hope to do more thorough testing tomorrow. I'd just like to give
people chance to give some early feedback, especially on the last patch.

[1] https://lore.kernel.org/selinux/CAHC9VhQP7_rV+Oi6weLjVhrx2d8iu9UJ8zeE=ZcqnBMqngrJ4Q@mail.gmail.com/T/#mcb727e45670c8ee1f2da2ea0927e97f25e2395ad

Ondrej Mosnacek (3):
  selinux: simplify away security_policydb_len()
  selinux: remove the 'initialized' flag from selinux_state
  selinux: track policy lifetime with refcount

 security/selinux/include/security.h |  11 +-
 security/selinux/selinuxfs.c        |  12 +-
 security/selinux/ss/services.c      | 327 +++++++++++++---------------
 security/selinux/ss/services.h      |   6 +
 4 files changed, 165 insertions(+), 191 deletions(-)