libselinux: Export reset_selinux_config()

In integrating SELinux policy into rpm, we have a need to be able to reset the configuration data (e.g. policy type) loaded into libselinux. These values are currently loaded lazily by a number of different functions (e.g. matchpatchcon_init()). Since we are changing rpm to install policy, including initial base policy, we need to be able to reload these configuration items after the policy has been installed. reset_selinux_config() already exists and is used by selinux_init_load_policy() for a similar reason, but it is not exported. This was probably intentionaly since it is not thread safe at all. That said, rpm needs to do the same thing. This patch makes the function public, and places a warning in the header comment that it is not thread safe. Signed-off-by: Chad Sellers <csellers@tresys.com>
2025-02-17 18:16:52 +00:00 · 2009-10-20 11:21:59 -04:00 · 2009-10-20 11:21:59 -04:00 · 7d19f9df51
commit 7d19f9df51
parent 0857e3e478
4 changed files with 12 additions and 3 deletions
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@ -568,6 +568,13 @@ extern int selinux_file_context_verify(const char *path, mode_t mode);
 /* This function sets the file context on to the system defaults returns 0 on success */
 extern int selinux_lsetfilecon_default(const char *path);

+/* 
+ * Force a reset of the loaded configuration
+ * WARNING: This is not thread safe. Be very sure that no other threads
+ * are calling into libselinux when this is called.
+ */
+extern void selinux_reset_config(void);
+
 #ifdef __cplusplus
 }
 #endif
--- a/libselinux/src/load_policy.c
+++ b/libselinux/src/load_policy.c
@ -320,7 +320,7 @@ int selinux_init_load_policy(int *enforce)
 	 * Example:  Caller has chroot'd and is now loading policy from
 	 * chroot'd environment.
 	 */
-	reset_selinux_config();
+	selinux_reset_config();

 	/*
 	 * Get desired mode (disabled, permissive, enforcing) from 
--- a/libselinux/src/selinux_config.c
+++ b/libselinux/src/selinux_config.c
@ -230,12 +230,14 @@ static void fini_selinux_policyroot(void)
 	selinux_policytype = NULL;
 }

-void reset_selinux_config(void)
+void selinux_reset_config(void)
 {
 	fini_selinux_policyroot();
 	init_selinux_config();
 }

+hidden_def(selinux_reset_config)
+
 static const char *get_path(int idx)
 {
 	__selinux_once(once, init_selinux_config);
--- a/libselinux/src/selinux_internal.h
+++ b/libselinux/src/selinux_internal.h
@ -88,8 +88,8 @@ hidden_proto(selinux_trans_to_raw_context);
    hidden_proto(selinux_raw_context_to_color);
 hidden_proto(security_get_initial_context);
 hidden_proto(security_get_initial_context_raw);
+hidden_proto(selinux_reset_config);

-extern void reset_selinux_config(void) hidden;
 extern int load_setlocaldefs hidden;
 extern int require_seusers hidden;
 extern int selinux_page_size hidden;