]> www.infradead.org Git - users/jedix/linux-maple.git/commitdiff
projects / users / jedix / linux-maple.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c76a2f9)
selinux: convert policy read-write lock to RCU
authorStephen Smalley <stephen.smalley.work@gmail.com>
Wed, 19 Aug 2020 19:45:16 +0000 (15:45 -0400)
committerPaul Moore <paul@paul-moore.com>
Tue, 25 Aug 2020 12:34:47 +0000 (08:34 -0400)
Convert the policy read-write lock to RCU.  This is significantly
simplified by the earlier work to encapsulate the policy data
structures and refactor the policy load and boolean setting logic.
Move the latest_granting sequence number into the selinux_policy
structure so that it can be updated atomically with the policy.
Since removing the policy rwlock and moving latest_granting reduces
the selinux_ss structure to nothing more than a wrapper around the
selinux_policy pointer, get rid of the extra layer of indirection.

At present this change merely passes a hardcoded 1 to
rcu_dereference_check() in the cases where we know we do not need to
take rcu_read_lock(), with the preceding comment explaining why.
Alternatively we could pass fsi->mutex down from selinuxfs and
apply a lockdep check on it instead.

Based in part on earlier attempts to convert the policy rwlock
to RCU by Kaigai Kohei [1] and by Peter Enderborg [2].

[1] https://lore.kernel.org/selinux/6e2f9128-e191-ebb3-0e87-74bfccb0767f@tycho.nsa.gov/
[2] https://lore.kernel.org/selinux/20180530141104.28569-1-peter.enderborg@sony.com/

Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/hooks.c patch | blob | history
security/selinux/include/security.h patch | blob | history
security/selinux/ss/services.c patch | blob | history
security/selinux/ss/services.h patch | blob | history

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e3fe5647a366a553290689aa42133c9291c3bc28..6f30ba1a38dcad5440c2f4736e4e3c2b56d4be67 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -7235,7 +7235,6 @@ static __init int selinux_init(void)
        memset(&selinux_state, 0, sizeof(selinux_state));
        enforcing_set(&selinux_state, selinux_enforcing_boot);
        selinux_state.checkreqprot = selinux_checkreqprot_boot;
-       selinux_ss_init(&selinux_state.ss);
        selinux_avc_init(&selinux_state.avc);
        mutex_init(&selinux_state.status_lock);
 
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index c68ed2beadff46d3c6cc6c1042b7c7c7ce6486d3..505e51264d51c1e5bce676e4814cc89b5ae1cfed 100644 (file)
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -13,6 +13,7 @@
 #include <linux/dcache.h>
 #include <linux/magic.h>
 #include <linux/types.h>
+#include <linux/rcupdate.h>
 #include <linux/refcount.h>
 #include <linux/workqueue.h>
 #include "flask.h"
@@ -84,7 +85,6 @@ extern int selinux_enabled_boot;
 #define POLICYDB_BOUNDS_MAXDEPTH       4
 
 struct selinux_avc;
-struct selinux_ss;
 struct selinux_policy;
 
 struct selinux_state {
@@ -102,10 +102,9 @@ struct selinux_state {
        struct mutex status_lock;
 
        struct selinux_avc *avc;
-       struct selinux_ss *ss;
+       struct selinux_policy __rcu *policy;
 } __randomize_layout;
 
-void selinux_ss_init(struct selinux_ss **ss);
 void selinux_avc_init(struct selinux_avc **avc);
 
 extern struct selinux_state selinux_state;
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index a48fc1b337ba9cd7bad8dc538361bd2e7147433c..8381614627569070e7cd54d1a936508f752e9c2d 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -66,14 +66,6 @@
 #include "audit.h"
 #include "policycap_names.h"
 
-static struct selinux_ss selinux_ss;
-
-void selinux_ss_init(struct selinux_ss **ss)
-{
-       rwlock_init(&selinux_ss.policy_rwlock);
-       *ss = &selinux_ss;
-}
-
 /* Forward declaration. */
 static int context_struct_to_string(struct policydb *policydb,
                                    struct context *context,
@@ -239,13 +231,15 @@ static void map_decision(struct selinux_map *map,
 int security_mls_enabled(struct selinux_state *state)
 {
        int mls_enabled;
+       struct selinux_policy *policy;
 
        if (!selinux_initialized(state))
                return 0;
 
-       read_lock(&state->ss->policy_rwlock);
-       mls_enabled = state->ss->policy->policydb.mls_enabled;
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       mls_enabled = policy->policydb.mls_enabled;
+       rcu_read_unlock();
        return mls_enabled;
 }
 
@@ -717,13 +711,14 @@ static void context_struct_compute_av(struct policydb *policydb,
 }
 
 static int security_validtrans_handle_fail(struct selinux_state *state,
-                                          struct sidtab_entry *oentry,
-                                          struct sidtab_entry *nentry,
-                                          struct sidtab_entry *tentry,
-                                          u16 tclass)
+                                       struct selinux_policy *policy,
+                                       struct sidtab_entry *oentry,
+                                       struct sidtab_entry *nentry,
+                                       struct sidtab_entry *tentry,
+                                       u16 tclass)
 {
-       struct policydb *p = &state->ss->policy->policydb;
-       struct sidtab *sidtab = state->ss->policy->sidtab;
+       struct policydb *p = &policy->policydb;
+       struct sidtab *sidtab = policy->sidtab;
        char *o = NULL, *n = NULL, *t = NULL;
        u32 olen, nlen, tlen;
 
@@ -751,6 +746,7 @@ static int security_compute_validatetrans(struct selinux_state *state,
                                          u32 oldsid, u32 newsid, u32 tasksid,
                                          u16 orig_tclass, bool user)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        struct sidtab_entry *oentry;
@@ -765,13 +761,14 @@ static int security_compute_validatetrans(struct selinux_state *state,
        if (!selinux_initialized(state))
                return 0;
 
-       read_lock(&state->ss->policy_rwlock);
+       rcu_read_lock();
 
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        if (!user)
-               tclass = unmap_class(&state->ss->policy->map, orig_tclass);
+               tclass = unmap_class(&policy->map, orig_tclass);
        else
                tclass = orig_tclass;
 
@@ -814,17 +811,18 @@ static int security_compute_validatetrans(struct selinux_state *state,
                                rc = -EPERM;
                        else
                                rc = security_validtrans_handle_fail(state,
-                                                                    oentry,
-                                                                    nentry,
-                                                                    tentry,
-                                                                    tclass);
+                                                               policy,
+                                                               oentry,
+                                                               nentry,
+                                                               tentry,
+                                                               tclass);
                        goto out;
                }
                constraint = constraint->next;
        }
 
 out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return rc;
 }
 
@@ -856,6 +854,7 @@ int security_validate_transition(struct selinux_state *state,
 int security_bounded_transition(struct selinux_state *state,
                                u32 old_sid, u32 new_sid)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        struct sidtab_entry *old_entry, *new_entry;
@@ -866,10 +865,10 @@ int security_bounded_transition(struct selinux_state *state,
        if (!selinux_initialized(state))
                return 0;
 
-       read_lock(&state->ss->policy_rwlock);
-
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        rc = -EINVAL;
        old_entry = sidtab_search_entry(sidtab, old_sid);
@@ -930,17 +929,20 @@ int security_bounded_transition(struct selinux_state *state,
                kfree(old_name);
        }
 out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
 
        return rc;
 }
 
-static void avd_init(struct selinux_state *state, struct av_decision *avd)
+static void avd_init(struct selinux_policy *policy, struct av_decision *avd)
 {
        avd->allowed = 0;
        avd->auditallow = 0;
        avd->auditdeny = 0xffffffff;
-       avd->seqno = state->ss->latest_granting;
+       if (policy)
+               avd->seqno = policy->latest_granting;
+       else
+               avd->seqno = 0;
        avd->flags = 0;
 }
 
@@ -1005,6 +1007,7 @@ void security_compute_xperms_decision(struct selinux_state *state,
                                      u8 driver,
                                      struct extended_perms_decision *xpermd)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        u16 tclass;
@@ -1021,12 +1024,13 @@ void security_compute_xperms_decision(struct selinux_state *state,
        memset(xpermd->auditallow->p, 0, sizeof(xpermd->auditallow->p));
        memset(xpermd->dontaudit->p, 0, sizeof(xpermd->dontaudit->p));
 
-       read_lock(&state->ss->policy_rwlock);
+       rcu_read_lock();
        if (!selinux_initialized(state))
                goto allow;
 
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        scontext = sidtab_search(sidtab, ssid);
        if (!scontext) {
@@ -1042,7 +1046,7 @@ void security_compute_xperms_decision(struct selinux_state *state,
                goto out;
        }
 
-       tclass = unmap_class(&state->ss->policy->map, orig_tclass);
+       tclass = unmap_class(&policy->map, orig_tclass);
        if (unlikely(orig_tclass && !tclass)) {
                if (policydb->allow_unknown)
                        goto allow;
@@ -1074,7 +1078,7 @@ void security_compute_xperms_decision(struct selinux_state *state,
                }
        }
 out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return;
 allow:
        memset(xpermd->allowed->p, 0xff, sizeof(xpermd->allowed->p));
@@ -1099,19 +1103,21 @@ void security_compute_av(struct selinux_state *state,
                         struct av_decision *avd,
                         struct extended_perms *xperms)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        u16 tclass;
        struct context *scontext = NULL, *tcontext = NULL;
 
-       read_lock(&state->ss->policy_rwlock);
-       avd_init(state, avd);
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       avd_init(policy, avd);
        xperms->len = 0;
        if (!selinux_initialized(state))
                goto allow;
 
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        scontext = sidtab_search(sidtab, ssid);
        if (!scontext) {
@@ -1131,7 +1137,7 @@ void security_compute_av(struct selinux_state *state,
                goto out;
        }
 
-       tclass = unmap_class(&state->ss->policy->map, orig_tclass);
+       tclass = unmap_class(&policy->map, orig_tclass);
        if (unlikely(orig_tclass && !tclass)) {
                if (policydb->allow_unknown)
                        goto allow;
@@ -1139,10 +1145,10 @@ void security_compute_av(struct selinux_state *state,
        }
        context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,
                                  xperms);
-       map_decision(&state->ss->policy->map, orig_tclass, avd,
+       map_decision(&policy->map, orig_tclass, avd,
                     policydb->allow_unknown);
 out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return;
 allow:
        avd->allowed = 0xffffffff;
@@ -1155,17 +1161,19 @@ void security_compute_av_user(struct selinux_state *state,
                              u16 tclass,
                              struct av_decision *avd)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        struct context *scontext = NULL, *tcontext = NULL;
 
-       read_lock(&state->ss->policy_rwlock);
-       avd_init(state, avd);
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       avd_init(policy, avd);
        if (!selinux_initialized(state))
                goto allow;
 
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        scontext = sidtab_search(sidtab, ssid);
        if (!scontext) {
@@ -1194,7 +1202,7 @@ void security_compute_av_user(struct selinux_state *state,
        context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,
                                  NULL);
  out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return;
 allow:
        avd->allowed = 0xffffffff;
@@ -1279,6 +1287,7 @@ static int sidtab_entry_to_string(struct policydb *p,
 
 int security_sidtab_hash_stats(struct selinux_state *state, char *page)
 {
+       struct selinux_policy *policy;
        int rc;
 
        if (!selinux_initialized(state)) {
@@ -1287,9 +1296,10 @@ int security_sidtab_hash_stats(struct selinux_state *state, char *page)
                return -EINVAL;
        }
 
-       read_lock(&state->ss->policy_rwlock);
-       rc = sidtab_hash_stats(state->ss->policy->sidtab, page);
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       rc = sidtab_hash_stats(policy->sidtab, page);
+       rcu_read_unlock();
 
        return rc;
 }
@@ -1306,6 +1316,7 @@ static int security_sid_to_context_core(struct selinux_state *state,
                                        u32 *scontext_len, int force,
                                        int only_invalid)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        struct sidtab_entry *entry;
@@ -1335,9 +1346,10 @@ static int security_sid_to_context_core(struct selinux_state *state,
                       "load_policy on unknown SID %d\n", __func__, sid);
                return -EINVAL;
        }
-       read_lock(&state->ss->policy_rwlock);
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        if (force)
                entry = sidtab_search_entry_force(sidtab, sid);
@@ -1356,7 +1368,7 @@ static int security_sid_to_context_core(struct selinux_state *state,
                                    scontext_len);
 
 out_unlock:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return rc;
 
 }
@@ -1491,6 +1503,7 @@ static int security_context_to_sid_core(struct selinux_state *state,
                                        u32 *sid, u32 def_sid, gfp_t gfp_flags,
                                        int force)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        char *scontext2, *str = NULL;
@@ -1529,9 +1542,10 @@ static int security_context_to_sid_core(struct selinux_state *state,
                if (!str)
                        goto out;
        }
-       read_lock(&state->ss->policy_rwlock);
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
        rc = string_to_context_struct(policydb, sidtab, scontext2,
                                      &context, def_sid);
        if (rc == -EINVAL && force) {
@@ -1543,7 +1557,7 @@ static int security_context_to_sid_core(struct selinux_state *state,
        rc = sidtab_context_to_sid(sidtab, &context, sid);
        context_destroy(&context);
 out_unlock:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
 out:
        kfree(scontext2);
        kfree(str);
@@ -1613,13 +1627,14 @@ int security_context_to_sid_force(struct selinux_state *state,
 
 static int compute_sid_handle_invalid_context(
        struct selinux_state *state,
+       struct selinux_policy *policy,
        struct sidtab_entry *sentry,
        struct sidtab_entry *tentry,
        u16 tclass,
        struct context *newcontext)
 {
-       struct policydb *policydb = &state->ss->policy->policydb;
-       struct sidtab *sidtab = state->ss->policy->sidtab;
+       struct policydb *policydb = &policy->policydb;
+       struct sidtab *sidtab = policy->sidtab;
        char *s = NULL, *t = NULL, *n = NULL;
        u32 slen, tlen, nlen;
        struct audit_buffer *ab;
@@ -1686,6 +1701,7 @@ static int security_compute_sid(struct selinux_state *state,
                                u32 *out_sid,
                                bool kern)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        struct class_datum *cladatum = NULL;
@@ -1712,19 +1728,21 @@ static int security_compute_sid(struct selinux_state *state,
 
        context_init(&newcontext);
 
-       read_lock(&state->ss->policy_rwlock);
+       rcu_read_lock();
+
+       policy = rcu_dereference(state->policy);
 
        if (kern) {
-               tclass = unmap_class(&state->ss->policy->map, orig_tclass);
+               tclass = unmap_class(&policy->map, orig_tclass);
                sock = security_is_socket_class(orig_tclass);
        } else {
                tclass = orig_tclass;
-               sock = security_is_socket_class(map_class(&state->ss->policy->map,
+               sock = security_is_socket_class(map_class(&policy->map,
                                                          tclass));
        }
 
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        sentry = sidtab_search_entry(sidtab, ssid);
        if (!sentry) {
@@ -1844,15 +1862,16 @@ static int security_compute_sid(struct selinux_state *state,
 
        /* Check the validity of the context. */
        if (!policydb_context_isvalid(policydb, &newcontext)) {
-               rc = compute_sid_handle_invalid_context(state, sentry, tentry,
-                                                       tclass, &newcontext);
+               rc = compute_sid_handle_invalid_context(state, policy, sentry,
+                                                       tentry, tclass,
+                                                       &newcontext);
                if (rc)
                        goto out_unlock;
        }
        /* Obtain the sid for the context. */
        rc = sidtab_context_to_sid(sidtab, &newcontext, out_sid);
 out_unlock:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        context_destroy(&newcontext);
 out:
        return rc;
@@ -1939,9 +1958,9 @@ int security_change_sid(struct selinux_state *state,
 
 static inline int convert_context_handle_invalid_context(
        struct selinux_state *state,
+       struct policydb *policydb,
        struct context *context)
 {
-       struct policydb *policydb = &state->ss->policy->policydb;
        char *s;
        u32 len;
 
@@ -2073,7 +2092,9 @@ static int convert_context(struct context *oldc, struct context *newc, void *p)
 
        /* Check the validity of the new context. */
        if (!policydb_context_isvalid(args->newp, newc)) {
-               rc = convert_context_handle_invalid_context(args->state, oldc);
+               rc = convert_context_handle_invalid_context(args->state,
+                                                       args->oldp,
+                                                       oldc);
                if (rc)
                        goto bad;
        }
@@ -2092,15 +2113,14 @@ bad:
        return 0;
 }
 
-static void security_load_policycaps(struct selinux_state *state)
+static void security_load_policycaps(struct selinux_state *state,
+                               struct selinux_policy *policy)
 {
        struct policydb *p;
        unsigned int i;
        struct ebitmap_node *node;
 
-       read_lock(&state->ss->policy_rwlock);
-
-       p = &state->ss->policy->policydb;
+       p = &policy->policydb;
 
        for (i = 0; i < ARRAY_SIZE(state->policycap); i++)
                state->policycap[i] = ebitmap_get_bit(&p->policycaps, i);
@@ -2115,12 +2135,10 @@ static void security_load_policycaps(struct selinux_state *state)
                        pr_info("SELinux:  unknown policy capability %u\n",
                                i);
        }
-
-       read_unlock(&state->ss->policy_rwlock);
 }
 
-static int security_preserve_bools(struct selinux_state *state,
-                                  struct policydb *newpolicydb);
+static int security_preserve_bools(struct selinux_policy *oldpolicy,
+                               struct selinux_policy *newpolicy);
 
 static void selinux_policy_free(struct selinux_policy *policy)
 {
@@ -2134,10 +2152,26 @@ static void selinux_policy_free(struct selinux_policy *policy)
        kfree(policy);
 }
 
+static void selinux_policy_cond_free(struct selinux_policy *policy)
+{
+       cond_policydb_destroy_dup(&policy->policydb);
+       kfree(policy);
+}
+
 void selinux_policy_cancel(struct selinux_state *state,
                        struct selinux_policy *policy)
 {
-       sidtab_cancel_convert(state->ss->policy->sidtab);
+       struct selinux_policy *oldpolicy;
+
+       /*
+        * NOTE: We do not need to take the rcu read lock
+        * around the code below because other policy-modifying
+        * operations are already excluded by selinuxfs via
+        * fsi->mutex.
+        */
+       oldpolicy = rcu_dereference_check(state->policy, 1);
+
+       sidtab_cancel_convert(oldpolicy->sidtab);
        selinux_policy_free(policy);
 }
 
@@ -2159,14 +2193,14 @@ void selinux_policy_commit(struct selinux_state *state,
        u32 seqno;
 
        /*
-        * NOTE: We do not need to take the policy read-lock
+        * NOTE: We do not need to take the rcu read lock
         * around the code below because other policy-modifying
         * operations are already excluded by selinuxfs via
         * fsi->mutex.
         */
+       oldpolicy = rcu_dereference_check(state->policy, 1);
 
        /* If switching between different policy types, log MLS status */
-       oldpolicy = state->ss->policy;
        if (oldpolicy) {
                if (oldpolicy->policydb.mls_enabled && !newpolicy->policydb.mls_enabled)
                        pr_info("SELinux: Disabling MLS support...\n");
@@ -2174,14 +2208,18 @@ void selinux_policy_commit(struct selinux_state *state,
                        pr_info("SELinux: Enabling MLS support...\n");
        }
 
+       /* Set latest granting seqno for new policy. */
+       if (oldpolicy)
+               newpolicy->latest_granting = oldpolicy->latest_granting + 1;
+       else
+               newpolicy->latest_granting = 1;
+       seqno = newpolicy->latest_granting;
+
        /* Install the new policy. */
-       write_lock_irq(&state->ss->policy_rwlock);
-       state->ss->policy = newpolicy;
-       seqno = ++state->ss->latest_granting;
-       write_unlock_irq(&state->ss->policy_rwlock);
+       rcu_assign_pointer(state->policy, newpolicy);
 
        /* Load the policycaps from the new policy */
-       security_load_policycaps(state);
+       security_load_policycaps(state, newpolicy);
 
        if (!selinux_initialized(state)) {
                /*
@@ -2194,6 +2232,7 @@ void selinux_policy_commit(struct selinux_state *state,
        }
 
        /* Free the old policy */
+       synchronize_rcu();
        selinux_policy_free(oldpolicy);
 
        /* Notify others of the policy change */
@@ -2213,7 +2252,7 @@ void selinux_policy_commit(struct selinux_state *state,
 int security_load_policy(struct selinux_state *state, void *data, size_t len,
                        struct selinux_policy **newpolicyp)
 {
-       struct selinux_policy *newpolicy;
+       struct selinux_policy *newpolicy, *oldpolicy;
        struct sidtab_convert_params convert_params;
        struct convert_context_args args;
        int rc = 0;
@@ -2250,8 +2289,16 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len,
                return 0;
        }
 
+       /*
+        * NOTE: We do not need to take the rcu read lock
+        * around the code below because other policy-modifying
+        * operations are already excluded by selinuxfs via
+        * fsi->mutex.
+        */
+       oldpolicy = rcu_dereference_check(state->policy, 1);
+
        /* Preserve active boolean values from the old policy */
-       rc = security_preserve_bools(state, &newpolicy->policydb);
+       rc = security_preserve_bools(oldpolicy, newpolicy);
        if (rc) {
                pr_err("SELinux:  unable to preserve booleans\n");
                goto err;
@@ -2260,21 +2307,16 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len,
        /*
         * Convert the internal representations of contexts
         * in the new SID table.
-        *
-        * NOTE: We do not need to take the policy read-lock
-        * around the code below because other policy-modifying
-        * operations are already excluded by selinuxfs via
-        * fsi->mutex.
         */
        args.state = state;
-       args.oldp = &state->ss->policy->policydb;
+       args.oldp = &oldpolicy->policydb;
        args.newp = &newpolicy->policydb;
 
        convert_params.func = convert_context;
        convert_params.args = &args;
        convert_params.target = newpolicy->sidtab;
 
-       rc = sidtab_convert(state->ss->policy->sidtab, &convert_params);
+       rc = sidtab_convert(oldpolicy->sidtab, &convert_params);
        if (rc) {
                pr_err("SELinux:  unable to convert the internal"
                        " representation of contexts in the new SID"
@@ -2291,14 +2333,16 @@ err:
 
 size_t security_policydb_len(struct selinux_state *state)
 {
+       struct selinux_policy *policy;
        size_t len;
 
        if (!selinux_initialized(state))
                return 0;
 
-       read_lock(&state->ss->policy_rwlock);
-       len = state->ss->policy->policydb.len;
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       len = policy->policydb.len;
+       rcu_read_unlock();
 
        return len;
 }
@@ -2312,6 +2356,7 @@ size_t security_policydb_len(struct selinux_state *state)
 int security_port_sid(struct selinux_state *state,
                      u8 protocol, u16 port, u32 *out_sid)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        struct ocontext *c;
@@ -2322,10 +2367,10 @@ int security_port_sid(struct selinux_state *state,
                return 0;
        }
 
-       read_lock(&state->ss->policy_rwlock);
-
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        c = policydb->ocontexts[OCON_PORT];
        while (c) {
@@ -2349,7 +2394,7 @@ int security_port_sid(struct selinux_state *state,
        }
 
 out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return rc;
 }
 
@@ -2362,6 +2407,7 @@ out:
 int security_ib_pkey_sid(struct selinux_state *state,
                         u64 subnet_prefix, u16 pkey_num, u32 *out_sid)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        struct ocontext *c;
@@ -2372,10 +2418,10 @@ int security_ib_pkey_sid(struct selinux_state *state,
                return 0;
        }
 
-       read_lock(&state->ss->policy_rwlock);
-
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        c = policydb->ocontexts[OCON_IBPKEY];
        while (c) {
@@ -2400,7 +2446,7 @@ int security_ib_pkey_sid(struct selinux_state *state,
                *out_sid = SECINITSID_UNLABELED;
 
 out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return rc;
 }
 
@@ -2413,6 +2459,7 @@ out:
 int security_ib_endport_sid(struct selinux_state *state,
                            const char *dev_name, u8 port_num, u32 *out_sid)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        struct ocontext *c;
@@ -2423,10 +2470,10 @@ int security_ib_endport_sid(struct selinux_state *state,
                return 0;
        }
 
-       read_lock(&state->ss->policy_rwlock);
-
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        c = policydb->ocontexts[OCON_IBENDPORT];
        while (c) {
@@ -2451,7 +2498,7 @@ int security_ib_endport_sid(struct selinux_state *state,
                *out_sid = SECINITSID_UNLABELED;
 
 out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return rc;
 }
 
@@ -2463,6 +2510,7 @@ out:
 int security_netif_sid(struct selinux_state *state,
                       char *name, u32 *if_sid)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        int rc = 0;
@@ -2473,10 +2521,10 @@ int security_netif_sid(struct selinux_state *state,
                return 0;
        }
 
-       read_lock(&state->ss->policy_rwlock);
-
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        c = policydb->ocontexts[OCON_NETIF];
        while (c) {
@@ -2501,7 +2549,7 @@ int security_netif_sid(struct selinux_state *state,
                *if_sid = SECINITSID_NETIF;
 
 out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return rc;
 }
 
@@ -2531,6 +2579,7 @@ int security_node_sid(struct selinux_state *state,
                      u32 addrlen,
                      u32 *out_sid)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        int rc;
@@ -2541,10 +2590,10 @@ int security_node_sid(struct selinux_state *state,
                return 0;
        }
 
-       read_lock(&state->ss->policy_rwlock);
-
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        switch (domain) {
        case AF_INET: {
@@ -2599,7 +2648,7 @@ int security_node_sid(struct selinux_state *state,
 
        rc = 0;
 out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return rc;
 }
 
@@ -2625,6 +2674,7 @@ int security_get_user_sids(struct selinux_state *state,
                           u32 **sids,
                           u32 *nel)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        struct context *fromcon, usercon;
@@ -2641,10 +2691,10 @@ int security_get_user_sids(struct selinux_state *state,
        if (!selinux_initialized(state))
                goto out;
 
-       read_lock(&state->ss->policy_rwlock);
-
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        context_init(&usercon);
 
@@ -2695,7 +2745,7 @@ int security_get_user_sids(struct selinux_state *state,
        }
        rc = 0;
 out_unlock:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        if (rc || !mynel) {
                kfree(mysids);
                goto out;
@@ -2806,6 +2856,7 @@ int security_genfs_sid(struct selinux_state *state,
                       u16 orig_sclass,
                       u32 *sid)
 {
+       struct selinux_policy *policy;
        int retval;
 
        if (!selinux_initialized(state)) {
@@ -2813,10 +2864,11 @@ int security_genfs_sid(struct selinux_state *state,
                return 0;
        }
 
-       read_lock(&state->ss->policy_rwlock);
-       retval = __security_genfs_sid(state->ss->policy,
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       retval = __security_genfs_sid(policy,
                                fstype, path, orig_sclass, sid);
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return retval;
 }
 
@@ -2836,6 +2888,7 @@ int selinux_policy_genfs_sid(struct selinux_policy *policy,
  */
 int security_fs_use(struct selinux_state *state, struct super_block *sb)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        int rc = 0;
@@ -2849,10 +2902,10 @@ int security_fs_use(struct selinux_state *state, struct super_block *sb)
                return 0;
        }
 
-       read_lock(&state->ss->policy_rwlock);
-
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        c = policydb->ocontexts[OCON_FSUSE];
        while (c) {
@@ -2871,7 +2924,7 @@ int security_fs_use(struct selinux_state *state, struct super_block *sb)
                }
                sbsec->sid = c->sid[0];
        } else {
-               rc = __security_genfs_sid(state->ss->policy, fstype, "/",
+               rc = __security_genfs_sid(policy, fstype, "/",
                                        SECCLASS_DIR, &sbsec->sid);
                if (rc) {
                        sbsec->behavior = SECURITY_FS_USE_NONE;
@@ -2882,7 +2935,7 @@ int security_fs_use(struct selinux_state *state, struct super_block *sb)
        }
 
 out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return rc;
 }
 
@@ -2949,23 +3002,22 @@ int security_set_bools(struct selinux_state *state, u32 len, int *values)
                return -EINVAL;
 
        /*
-        * NOTE: We do not need to take the policy read-lock
+        * NOTE: We do not need to take the rcu read lock
         * around the code below because other policy-modifying
         * operations are already excluded by selinuxfs via
         * fsi->mutex.
         */
 
+       oldpolicy = rcu_dereference_check(state->policy, 1);
+
        /* Consistency check on number of booleans, should never fail */
-       if (WARN_ON(len != state->ss->policy->policydb.p_bools.nprim))
+       if (WARN_ON(len != oldpolicy->policydb.p_bools.nprim))
                return -EINVAL;
 
-       newpolicy = kmemdup(state->ss->policy, sizeof(*newpolicy),
-                       GFP_KERNEL);
+       newpolicy = kmemdup(oldpolicy, sizeof(*newpolicy), GFP_KERNEL);
        if (!newpolicy)
                return -ENOMEM;
 
-       oldpolicy = state->ss->policy;
-
        /*
         * Deep copy only the parts of the policydb that might be
         * modified as a result of changing booleans.
@@ -2997,20 +3049,20 @@ int security_set_bools(struct selinux_state *state, u32 len, int *values)
        /* Re-evaluate the conditional rules in the copy */
        evaluate_cond_nodes(&newpolicy->policydb);
 
+       /* Set latest granting seqno for new policy */
+       newpolicy->latest_granting = oldpolicy->latest_granting + 1;
+       seqno = newpolicy->latest_granting;
+
        /* Install the new policy */
-       write_lock_irq(&state->ss->policy_rwlock);
-       state->ss->policy = newpolicy;
-       seqno = ++state->ss->latest_granting;
-       write_unlock_irq(&state->ss->policy_rwlock);
+       rcu_assign_pointer(state->policy, newpolicy);
 
        /*
         * Free the conditional portions of the old policydb
-        * that were copied for the new policy.
+        * that were copied for the new policy, and the oldpolicy
+        * structure itself but not what it references.
         */
-       cond_policydb_destroy_dup(&oldpolicy->policydb);
-
-       /* Free the old policy structure but not what it references. */
-       kfree(oldpolicy);
+       synchronize_rcu();
+       selinux_policy_cond_free(oldpolicy);
 
        /* Notify others of the policy change */
        selinux_notify_policy_change(state, seqno);
@@ -3020,6 +3072,7 @@ int security_set_bools(struct selinux_state *state, u32 len, int *values)
 int security_get_bool_value(struct selinux_state *state,
                            u32 index)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        int rc;
        u32 len;
@@ -3027,9 +3080,9 @@ int security_get_bool_value(struct selinux_state *state,
        if (!selinux_initialized(state))
                return 0;
 
-       read_lock(&state->ss->policy_rwlock);
-
-       policydb = &state->ss->policy->policydb;
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
 
        rc = -EFAULT;
        len = policydb->p_bools.nprim;
@@ -3038,29 +3091,28 @@ int security_get_bool_value(struct selinux_state *state,
 
        rc = policydb->bool_val_to_struct[index]->state;
 out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return rc;
 }
 
-static int security_preserve_bools(struct selinux_state *state,
-                                  struct policydb *policydb)
+static int security_preserve_bools(struct selinux_policy *oldpolicy,
+                               struct selinux_policy *newpolicy)
 {
        int rc, *bvalues = NULL;
        char **bnames = NULL;
        struct cond_bool_datum *booldatum;
        u32 i, nbools = 0;
 
-       read_lock(&state->ss->policy_rwlock);
-       rc = security_get_bools(state->ss->policy, &nbools, &bnames, &bvalues);
-       read_unlock(&state->ss->policy_rwlock);
+       rc = security_get_bools(oldpolicy, &nbools, &bnames, &bvalues);
        if (rc)
                goto out;
        for (i = 0; i < nbools; i++) {
-               booldatum = symtab_search(&policydb->p_bools, bnames[i]);
+               booldatum = symtab_search(&newpolicy->policydb.p_bools,
+                                       bnames[i]);
                if (booldatum)
                        booldatum->state = bvalues[i];
        }
-       evaluate_cond_nodes(policydb);
+       evaluate_cond_nodes(&newpolicy->policydb);
 
 out:
        if (bnames) {
@@ -3079,6 +3131,7 @@ out:
 int security_sid_mls_copy(struct selinux_state *state,
                          u32 sid, u32 mls_sid, u32 *new_sid)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        struct context *context1;
@@ -3096,10 +3149,10 @@ int security_sid_mls_copy(struct selinux_state *state,
 
        context_init(&newcon);
 
-       read_lock(&state->ss->policy_rwlock);
-
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        if (!policydb->mls_enabled) {
                *new_sid = sid;
@@ -3131,7 +3184,8 @@ int security_sid_mls_copy(struct selinux_state *state,
 
        /* Check the validity of the new context. */
        if (!policydb_context_isvalid(policydb, &newcon)) {
-               rc = convert_context_handle_invalid_context(state, &newcon);
+               rc = convert_context_handle_invalid_context(state, policydb,
+                                                       &newcon);
                if (rc) {
                        if (!context_struct_to_string(policydb, &newcon, &s,
                                                      &len)) {
@@ -3152,7 +3206,7 @@ int security_sid_mls_copy(struct selinux_state *state,
        }
        rc = sidtab_context_to_sid(sidtab, &newcon, new_sid);
 out_unlock:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        context_destroy(&newcon);
 out:
        return rc;
@@ -3183,6 +3237,7 @@ int security_net_peersid_resolve(struct selinux_state *state,
                                 u32 xfrm_sid,
                                 u32 *peer_sid)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        int rc;
@@ -3209,10 +3264,10 @@ int security_net_peersid_resolve(struct selinux_state *state,
        if (!selinux_initialized(state))
                return 0;
 
-       read_lock(&state->ss->policy_rwlock);
-
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        /*
         * We don't need to check initialized here since the only way both
@@ -3249,7 +3304,7 @@ int security_net_peersid_resolve(struct selinux_state *state,
         * expressive */
        *peer_sid = xfrm_sid;
 out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return rc;
 }
 
@@ -3353,27 +3408,31 @@ err:
 
 int security_get_reject_unknown(struct selinux_state *state)
 {
+       struct selinux_policy *policy;
        int value;
 
        if (!selinux_initialized(state))
                return 0;
 
-       read_lock(&state->ss->policy_rwlock);
-       value = state->ss->policy->policydb.reject_unknown;
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       value = policy->policydb.reject_unknown;
+       rcu_read_unlock();
        return value;
 }
 
 int security_get_allow_unknown(struct selinux_state *state)
 {
+       struct selinux_policy *policy;
        int value;
 
        if (!selinux_initialized(state))
                return 0;
 
-       read_lock(&state->ss->policy_rwlock);
-       value = state->ss->policy->policydb.allow_unknown;
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       value = policy->policydb.allow_unknown;
+       rcu_read_unlock();
        return value;
 }
 
@@ -3390,14 +3449,16 @@ int security_get_allow_unknown(struct selinux_state *state)
 int security_policycap_supported(struct selinux_state *state,
                                 unsigned int req_cap)
 {
+       struct selinux_policy *policy;
        int rc;
 
        if (!selinux_initialized(state))
                return 0;
 
-       read_lock(&state->ss->policy_rwlock);
-       rc = ebitmap_get_bit(&state->ss->policy->policydb.policycaps, req_cap);
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       rc = ebitmap_get_bit(&policy->policydb.policycaps, req_cap);
+       rcu_read_unlock();
 
        return rc;
 }
@@ -3420,6 +3481,7 @@ void selinux_audit_rule_free(void *vrule)
 int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
 {
        struct selinux_state *state = &selinux_state;
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct selinux_audit_rule *tmprule;
        struct role_datum *roledatum;
@@ -3463,11 +3525,11 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
 
        context_init(&tmprule->au_ctxt);
 
-       read_lock(&state->ss->policy_rwlock);
-
-       policydb = &state->ss->policy->policydb;
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
 
-       tmprule->au_seqno = state->ss->latest_granting;
+       tmprule->au_seqno = policy->latest_granting;
 
        switch (field) {
        case AUDIT_SUBJ_USER:
@@ -3506,7 +3568,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
        }
        rc = 0;
 out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
 
        if (rc) {
                selinux_audit_rule_free(tmprule);
@@ -3546,6 +3608,7 @@ int selinux_audit_rule_known(struct audit_krule *rule)
 int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule)
 {
        struct selinux_state *state = &selinux_state;
+       struct selinux_policy *policy;
        struct context *ctxt;
        struct mls_level *level;
        struct selinux_audit_rule *rule = vrule;
@@ -3559,14 +3622,16 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule)
        if (!selinux_initialized(state))
                return 0;
 
-       read_lock(&state->ss->policy_rwlock);
+       rcu_read_lock();
+
+       policy = rcu_dereference(state->policy);
 
-       if (rule->au_seqno < state->ss->latest_granting) {
+       if (rule->au_seqno < policy->latest_granting) {
                match = -ESTALE;
                goto out;
        }
 
-       ctxt = sidtab_search(state->ss->policy->sidtab, sid);
+       ctxt = sidtab_search(policy->sidtab, sid);
        if (unlikely(!ctxt)) {
                WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n",
                          sid);
@@ -3650,7 +3715,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule)
        }
 
 out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return match;
 }
 
@@ -3728,6 +3793,7 @@ int security_netlbl_secattr_to_sid(struct selinux_state *state,
                                   struct netlbl_lsm_secattr *secattr,
                                   u32 *sid)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        struct sidtab *sidtab;
        int rc;
@@ -3739,10 +3805,10 @@ int security_netlbl_secattr_to_sid(struct selinux_state *state,
                return 0;
        }
 
-       read_lock(&state->ss->policy_rwlock);
-
-       policydb = &state->ss->policy->policydb;
-       sidtab = state->ss->policy->sidtab;
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
+       sidtab = policy->sidtab;
 
        if (secattr->flags & NETLBL_SECATTR_CACHE)
                *sid = *(u32 *)secattr->cache->data;
@@ -3778,12 +3844,12 @@ int security_netlbl_secattr_to_sid(struct selinux_state *state,
        } else
                *sid = SECSID_NULL;
 
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return 0;
 out_free:
        ebitmap_destroy(&ctx_new.range.level[0].cat);
 out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return rc;
 }
 
@@ -3800,6 +3866,7 @@ out:
 int security_netlbl_sid_to_secattr(struct selinux_state *state,
                                   u32 sid, struct netlbl_lsm_secattr *secattr)
 {
+       struct selinux_policy *policy;
        struct policydb *policydb;
        int rc;
        struct context *ctx;
@@ -3807,12 +3874,12 @@ int security_netlbl_sid_to_secattr(struct selinux_state *state,
        if (!selinux_initialized(state))
                return 0;
 
-       read_lock(&state->ss->policy_rwlock);
-
-       policydb = &state->ss->policy->policydb;
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       policydb = &policy->policydb;
 
        rc = -ENOENT;
-       ctx = sidtab_search(state->ss->policy->sidtab, sid);
+       ctx = sidtab_search(policy->sidtab, sid);
        if (ctx == NULL)
                goto out;
 
@@ -3827,7 +3894,7 @@ int security_netlbl_sid_to_secattr(struct selinux_state *state,
        mls_export_netlbl_lvl(policydb, ctx, secattr);
        rc = mls_export_netlbl_cat(policydb, ctx, secattr);
 out:
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_unlock();
        return rc;
 }
 #endif /* CONFIG_NETLABEL */
@@ -3841,6 +3908,7 @@ out:
 int security_read_policy(struct selinux_state *state,
                         void **data, size_t *len)
 {
+       struct selinux_policy *policy;
        int rc;
        struct policy_file fp;
 
@@ -3856,9 +3924,10 @@ int security_read_policy(struct selinux_state *state,
        fp.data = *data;
        fp.len = *len;
 
-       read_lock(&state->ss->policy_rwlock);
-       rc = policydb_write(&state->ss->policy->policydb, &fp);
-       read_unlock(&state->ss->policy_rwlock);
+       rcu_read_lock();
+       policy = rcu_dereference(state->policy);
+       rc = policydb_write(&policy->policydb, &fp);
+       rcu_read_unlock();
 
        if (rc)
                return rc;
diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h
index 06931e34cb24b2cb22e8d2769da4b78eff12d43b..9555ad074303c9954a6ba9a327d07be3bbdb8d05 100644 (file)
--- a/security/selinux/ss/services.h
+++ b/security/selinux/ss/services.h
@@ -26,12 +26,7 @@ struct selinux_policy {
        struct sidtab *sidtab;
        struct policydb policydb;
        struct selinux_map map;
-};
-
-struct selinux_ss {
-       rwlock_t policy_rwlock;
        u32 latest_granting;
-       struct selinux_policy *policy;
 } __randomize_layout;
 
 void services_compute_xperms_drivers(struct extended_perms *xperms,
Unnamed repository; edit this file 'description' to name the repository.