kernel: refactor apply_kernelsu_rules to use mutex for synchronization

2025-08-15 11:00:34 +08:00
parent f6337e2d52
commit ec6991f98b
2 changed files with 13 additions and 4 deletions
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -24,14 +24,19 @@ static struct policydb *get_policydb(void)
 	return db;
 }

+static DEFINE_MUTEX(ksu_rules);
+
 void apply_kernelsu_rules()
 {
+	struct policydb *db;
+
 	if (!getenforce()) {
 		pr_info("SELinux permissive or disabled, apply rules!\n");
 	}

-	rcu_read_lock();
-	struct policydb *db = get_policydb();
+	mutex_lock(&ksu_rules);
+
+	db = get_policydb();

 	ksu_permissive(db, KERNEL_SU_DOMAIN);
 	ksu_typeattribute(db, KERNEL_SU_DOMAIN, "mlstrustedsubject");
@@ -125,7 +130,7 @@ void apply_kernelsu_rules()
 	// https://android-review.googlesource.com/c/platform/system/logging/+/3725346
 	ksu_dontaudit(db, ALL, KERNEL_SU_DOMAIN, "dir", "getattr");

-	rcu_read_unlock();
+	mutex_unlock(&ksu_rules);
 }

 #define MAX_SEPOL_LEN 128