From patchwork Mon Aug 24 13:18:39 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 11733193
Return-Path: <SRS0=rjXy=CC=vger.kernel.org=selinux-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D61821510
	for <patchwork-selinux@patchwork.kernel.org>;
 Mon, 24 Aug 2020 13:19:04 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id B3FAC2078D
	for <patchwork-selinux@patchwork.kernel.org>;
 Mon, 24 Aug 2020 13:19:04 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com
 header.b="Ivnm1/tT"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726765AbgHXNTB (ORCPT
        <rfc822;patchwork-selinux@patchwork.kernel.org>);
        Mon, 24 Aug 2020 09:19:01 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50882 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725780AbgHXNS6 (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 24 Aug 2020 09:18:58 -0400
Received: from mail-ej1-x643.google.com (mail-ej1-x643.google.com
 [IPv6:2a00:1450:4864:20::643])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E6097C061573
        for <selinux@vger.kernel.org>; Mon, 24 Aug 2020 06:18:57 -0700 (PDT)
Received: by mail-ej1-x643.google.com with SMTP id m22so11838662eje.10
        for <selinux@vger.kernel.org>; Mon, 24 Aug 2020 06:18:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=oxvgtkKW4r0x00FcaoXHLfF4wc6Z9Lp/MFZ0+yWzC4M=;
        b=Ivnm1/tThjx+Hegi78vsdTLa4Wqygf70OW8eh5zhyZ8Ux7BI2hIAjYc/ycFRTkuN5v
         G41RtaVzCjtpGDGKlr1dClcjhxPqL52CIP7yET0+iitdDknUxrOYSKwpdcQ+Dd8gcwIv
         ghcnk5JcEaJGOQmX0RfRevVngzh0mExZqONQC2YGPoHqiJ7R6tBVr3D6ja97E+kvVfin
         H+xOIDSernqvIr6fdp+BfpcSSO/HPBqkMrCykdgtz541cB39nq4QD8BNOWncoVP9/QfG
         tTAjNFZaeBgxR3sVWjPaXaZVIyt8A1Uyq2pbnwIwc291YiHuYs/kngacsSPoLmnVVffK
         j2cA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=oxvgtkKW4r0x00FcaoXHLfF4wc6Z9Lp/MFZ0+yWzC4M=;
        b=ZjNBClD19ym6MRnLwIp1Y++/6FGbV62yVwlN074NRyIFaC+ihCOBahRrctKbnhUTD3
         5a1BglEkqs97/4L21pJGftAxchn3a8IQjyRXaQw9PON7mrTx9vOD0iB0gX4C+J+rMXEN
         o5AJlRY5jrzFwj6nef+z0SFcoR1Wn7HRtzsF29g4gQwRRdRmT7ziyuOK+Up1NWVAxY0f
         Q76KoqQ7Afy1ifGe3uz1FnTjtyhUvpEci7RjdIGB33+1TE4XAB+7QX8+HLK74NyscCrW
         i7ZM2ox4PxQ6GDBgubE3gD7HxKw98phXKOr/XRekdT2Bf8glhqds7wQ3VlUw3EufRiUM
         XM3A==
X-Gm-Message-State: AOAM531by7Of5T5ARgkZ91H0Gej36yuKyZOQZeQ3JoO2l5y9heqIQKcj
        DQkt9IIzAT3rpmipHIdMwJiIW1rM6EQ=
X-Google-Smtp-Source: 
 ABdhPJyB6ncUHgMAQa++sy2Ak61H1TMlsMr6URneNzabB8vgrAnT20T+1bWAsqm8p89204E59ATYsg==
X-Received: by 2002:a17:907:41dc:: with SMTP id
 og20mr5723284ejb.183.1598275136436;
        Mon, 24 Aug 2020 06:18:56 -0700 (PDT)
Received: from debianHome.localdomain (x4d01ad51.dyn.telefonica.de.
 [77.1.173.81])
        by smtp.gmail.com with ESMTPSA id
 p3sm9369834edx.75.2020.08.24.06.18.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 24 Aug 2020 06:18:56 -0700 (PDT)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Cc: Mike Palmiotto <mike.palmiotto@crunchydata.com>
Subject: [PATCH 1/3] libselinux: refactor wrapper in sestatus.c for safe
 shared memory access
Date: Mon, 24 Aug 2020 15:18:39 +0200
Message-Id: <20200824131841.55687-1-cgzones@googlemail.com>
X-Mailer: git-send-email 2.28.0
MIME-Version: 1.0
Sender: selinux-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/src/sestatus.c | 35 +++++++++++------------------------
 1 file changed, 11 insertions(+), 24 deletions(-)

diff --git a/libselinux/src/sestatus.c b/libselinux/src/sestatus.c
index 814e86ee..925e6079 100644
--- a/libselinux/src/sestatus.c
+++ b/libselinux/src/sestatus.c
@@ -80,6 +80,14 @@ static inline uint32_t read_sequence(struct selinux_status_t *status)
 	return seqno;
 }
 
+/* sequence must not be changed during references */
+#define sestatus_save_access(name, result)                          \
+	uint32_t _seqno;                                            \
+	do {                                                        \
+		_seqno = read_sequence(selinux_status);             \
+		(result) = selinux_status->name;                    \
+	} while (_seqno != read_sequence(selinux_status))           \
+
 /*
  * selinux_status_updated
  *
@@ -142,7 +150,6 @@ int selinux_status_updated(void)
  */
 int selinux_status_getenforce(void)
 {
-	uint32_t	seqno;
 	uint32_t	enforcing;
 
 	if (selinux_status == NULL) {
@@ -157,13 +164,7 @@ int selinux_status_getenforce(void)
 		return fallback_enforcing;
 	}
 
-	/* sequence must not be changed during references */
-	do {
-		seqno = read_sequence(selinux_status);
-
-		enforcing = selinux_status->enforcing;
-
-	} while (seqno != read_sequence(selinux_status));
+	sestatus_save_access(enforcing, enforcing);
 
 	return enforcing ? 1 : 0;
 }
@@ -179,7 +180,6 @@ int selinux_status_getenforce(void)
  */
 int selinux_status_policyload(void)
 {
-	uint32_t	seqno;
 	uint32_t	policyload;
 
 	if (selinux_status == NULL) {
@@ -194,13 +194,7 @@ int selinux_status_policyload(void)
 		return fallback_policyload;
 	}
 
-	/* sequence must not be changed during references */
-	do {
-		seqno = read_sequence(selinux_status);
-
-		policyload = selinux_status->policyload;
-
-	} while (seqno != read_sequence(selinux_status));
+	sestatus_save_access(policyload, policyload);
 
 	return policyload;
 }
@@ -214,7 +208,6 @@ int selinux_status_policyload(void)
  */
 int selinux_status_deny_unknown(void)
 {
-	uint32_t	seqno;
 	uint32_t	deny_unknown;
 
 	if (selinux_status == NULL) {
@@ -225,13 +218,7 @@ int selinux_status_deny_unknown(void)
 	if (selinux_status == MAP_FAILED)
 		return security_deny_unknown();
 
-	/* sequence must not be changed during references */
-	do {
-		seqno = read_sequence(selinux_status);
-
-		deny_unknown = selinux_status->deny_unknown;
-
-	} while (seqno != read_sequence(selinux_status));
+	sestatus_save_access(deny_unknown, deny_unknown);
 
 	return deny_unknown ? 1 : 0;
 }

From patchwork Mon Aug 24 13:18:40 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 11733197
Return-Path: <SRS0=rjXy=CC=vger.kernel.org=selinux-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 727711751
	for <patchwork-selinux@patchwork.kernel.org>;
 Mon, 24 Aug 2020 13:19:16 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 5AC3B20838
	for <patchwork-selinux@patchwork.kernel.org>;
 Mon, 24 Aug 2020 13:19:16 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com
 header.b="uj69UXiG"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726449AbgHXNTQ (ORCPT
        <rfc822;patchwork-selinux@patchwork.kernel.org>);
        Mon, 24 Aug 2020 09:19:16 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50890 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726723AbgHXNTB (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 24 Aug 2020 09:19:01 -0400
Received: from mail-ej1-x644.google.com (mail-ej1-x644.google.com
 [IPv6:2a00:1450:4864:20::644])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF694C061574
        for <selinux@vger.kernel.org>; Mon, 24 Aug 2020 06:18:59 -0700 (PDT)
Received: by mail-ej1-x644.google.com with SMTP id oz20so6912624ejb.5
        for <selinux@vger.kernel.org>; Mon, 24 Aug 2020 06:18:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=6q5XKoaQZAkstNVrR2O1cS6kbEUSS03/ZJ5oenvzs2k=;
        b=uj69UXiGByywxIzxGaDuOkTHG2AfCZclTPIIIp48hcaF6iHucDz9ySpqCGIOhn5x1K
         +tU7fiWvSY3euWIE/pujq2VVSU3uvm4ERhfsXnCJYesoHQND+JSmbvZ149FhyjHBlAQa
         8h3lnp07gGCs42ujqYfsLeZAOFs/PubZzo4952+MY4P2QVFtNNVKjrumlyr81O47btA/
         n6EZTWs31KAz3W7jNh53qeoMUFPBgyTuqDH9euZ4F2aL6YY/oOjyNeaV70fxHJXNQbT6
         oysoBvOa/NUW/NyyoPbIAAQfxI9U8ukTb+lXmDCzn/pfuFJEm/Nz+3avyu5Pdspt6MWY
         ZoWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=6q5XKoaQZAkstNVrR2O1cS6kbEUSS03/ZJ5oenvzs2k=;
        b=Ba1jL97l2bFRSad0bQlGSY18CVrFEBe5zxRb7WEkypWm45eb2mp7p5ae5lXs6ydUx9
         U/pjkKumdekTikbL6cypcoj2XOYWUTQyq9jC1lop1ZKhVspqi2fPk25/+q6M7RDvi5eJ
         ieenKV4O8FktmKECqfkn3wPQT7BGq2rUe3MVW3IboanulRkQUTeiQWYc6NRcPiJs9X4d
         p0i1dlyDBjncLboFQL8vi6X23KKJsRVAQYkSbEFZTdpvq2mHEygxI9GKC047h6W2so40
         UocD110H0WUBuIEOIcdEbQwt5UBhltYpJZWIjAw+Oxpz4bf5MrhFXOraCGd5eUr7HQ8W
         DlMQ==
X-Gm-Message-State: AOAM532IzftTOUC16JqFiGgS2LDrqVj7aw0IORPtc/WiSacvWnejLar1
        K7WREcPFLddVliuVtYd5T3q2FO+r0s0=
X-Google-Smtp-Source: 
 ABdhPJyXzXcL028T5CYW5McCSluUKjVqHAV62m51V3Vk+YEUEUBFhFWuUf+O5QBvgi3ikxuXAM/L1A==
X-Received: by 2002:a17:907:aa2:: with SMTP id
 bz2mr5363242ejc.521.1598275136899;
        Mon, 24 Aug 2020 06:18:56 -0700 (PDT)
Received: from debianHome.localdomain (x4d01ad51.dyn.telefonica.de.
 [77.1.173.81])
        by smtp.gmail.com with ESMTPSA id
 p3sm9369834edx.75.2020.08.24.06.18.56
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 24 Aug 2020 06:18:56 -0700 (PDT)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Cc: Mike Palmiotto <mike.palmiotto@crunchydata.com>
Subject: [PATCH 2/3] libselinux: safely access shared memory in
 selinux_status_updated()
Date: Mon, 24 Aug 2020 15:18:40 +0200
Message-Id: <20200824131841.55687-2-cgzones@googlemail.com>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200824131841.55687-1-cgzones@googlemail.com>
References: <20200824131841.55687-1-cgzones@googlemail.com>
MIME-Version: 1.0
Sender: selinux-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/src/sestatus.c | 39 ++++++++++++++++++++++++---------------
 1 file changed, 24 insertions(+), 15 deletions(-)

diff --git a/libselinux/src/sestatus.c b/libselinux/src/sestatus.c
index 925e6079..62a864b1 100644
--- a/libselinux/src/sestatus.c
+++ b/libselinux/src/sestatus.c
@@ -99,7 +99,9 @@ static inline uint32_t read_sequence(struct selinux_status_t *status)
 int selinux_status_updated(void)
 {
 	uint32_t	curr_seqno;
-	int		result = 0;
+	uint32_t	tmp_seqno;
+	uint32_t	enforcing;
+	uint32_t	policyload;
 
 	if (selinux_status == NULL) {
 		errno = EINVAL;
@@ -125,21 +127,28 @@ int selinux_status_updated(void)
 	if (last_seqno & 0x0001)
 		last_seqno = curr_seqno;
 
-	if (last_seqno != curr_seqno)
-	{
-		if (avc_enforcing != (int) selinux_status->enforcing) {
-			if (avc_process_setenforce(selinux_status->enforcing) < 0)
-				return -1;
-		}
-		if (last_policyload != selinux_status->policyload) {
-			if (avc_process_policyload(selinux_status->policyload) < 0)
-				return -1;
-			last_policyload = selinux_status->policyload;
-		}
-		last_seqno = curr_seqno;
-		result = 1;
+	if (last_seqno == curr_seqno)
+		return 0;
+
+	do {
+		enforcing = selinux_status->enforcing;
+		policyload = selinux_status->policyload;
+		tmp_seqno = curr_seqno;
+		curr_seqno = read_sequence(selinux_status);
+	} while (tmp_seqno != curr_seqno);
+
+	if (avc_enforcing != (int) enforcing) {
+		if (avc_process_setenforce(enforcing) < 0)
+			return -1;
 	}
-	return result;
+	if (last_policyload != policyload) {
+		if (avc_process_policyload(policyload) < 0)
+			return -1;
+		last_policyload = policyload;
+	}
+	last_seqno = curr_seqno;
+
+	return 1;
 }
 
 /*

From patchwork Mon Aug 24 13:18:41 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 11733195
Return-Path: <SRS0=rjXy=CC=vger.kernel.org=selinux-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 32EE313B1
	for <patchwork-selinux@patchwork.kernel.org>;
 Mon, 24 Aug 2020 13:19:16 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 1CA6C20838
	for <patchwork-selinux@patchwork.kernel.org>;
 Mon, 24 Aug 2020 13:19:16 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com
 header.b="hIRKJ6Dw"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725780AbgHXNTI (ORCPT
        <rfc822;patchwork-selinux@patchwork.kernel.org>);
        Mon, 24 Aug 2020 09:19:08 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50892 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726599AbgHXNTB (ORCPT
        <rfc822;selinux@vger.kernel.org>); Mon, 24 Aug 2020 09:19:01 -0400
Received: from mail-ed1-x541.google.com (mail-ed1-x541.google.com
 [IPv6:2a00:1450:4864:20::541])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF71EC061575
        for <selinux@vger.kernel.org>; Mon, 24 Aug 2020 06:18:59 -0700 (PDT)
Received: by mail-ed1-x541.google.com with SMTP id w14so7508420eds.0
        for <selinux@vger.kernel.org>; Mon, 24 Aug 2020 06:18:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=bJWErSjc52UoeFEQkRSKVNZc4I4fzP79JfPH731UsnE=;
        b=hIRKJ6DwuWlq4T7J443eRGx9eUQOQpmSBxukbG0DEASvvZCedw8IslaCccGWQwrgEH
         AwyM2l8bp5YvoliWedJgPR8BeEOf2U6jZEymYy0EbBfl0DcjcRRUrKuFDjfOf37Bo+7t
         sAgToAIY+V8khaWFnLFupoSl+rpRRjtslV18QvZ/LQYpT6awykOdV05okqYHQMDlmjED
         i4/mFJrrChLk4k1+A4D995tsRp/OkbPDDRiE1q2zQ1Jb0NAD8B/V9qhnIJb7mMC/KfK1
         W36ZPIoVAB+j1iNs+eTQr+RKknPP8FB9tBN+IDYBxUbD9AsYdPmAmrcCENII0uwUIh/p
         ElZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=bJWErSjc52UoeFEQkRSKVNZc4I4fzP79JfPH731UsnE=;
        b=jY/IvfBQaBYTHqAy3WZmTSnqpNV2NN3jydIFsrgt1rgnBIvOhcHh8gyPKs640VHZSN
         ICoi24BT/wAEmsa1XUBcIonVkPcY+aO/v+8bpv6SJmEUJ/pcOJKmkU4M17/Kt/Kvpu2d
         GQ1dXDMCJ3KXT+zqdy02gXcSJmzg3r4SKVYqQPaHd3uz3aOZw1E88IIQxuAR5T2cjsv1
         niAjHLHPNrMtykmHXAExru8xsUsQIvusM1meyafu/e8nV8l/IjwbxR8UyMFV38xZuZbr
         3M92Eze33yYGKcEJ3i2ieEBdNOhvUFYhZWZJI74p/IWAGTPaupEpSqSchYY/sUS8lsCb
         yDUA==
X-Gm-Message-State: AOAM533NOrzNeosgfB66l8ccO5i9QSTKRV5qpjx/8ZA7qmV5uerpVPNW
        5FUgpdjbazFNkvsaY0ApdHFq7D1BHAc=
X-Google-Smtp-Source: 
 ABdhPJyA7A1wzwubY88LN31N076a3k8DDLbMDGL+gYps+op3jtU/0SREF3b1DM7mmJnf5VpAPEbh1w==
X-Received: by 2002:a50:ec90:: with SMTP id e16mr5442232edr.234.1598275137676;
        Mon, 24 Aug 2020 06:18:57 -0700 (PDT)
Received: from debianHome.localdomain (x4d01ad51.dyn.telefonica.de.
 [77.1.173.81])
        by smtp.gmail.com with ESMTPSA id
 p3sm9369834edx.75.2020.08.24.06.18.56
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 24 Aug 2020 06:18:57 -0700 (PDT)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Cc: Mike Palmiotto <mike.palmiotto@crunchydata.com>
Subject: [PATCH 3/3] libselinux: initialize last_policyload in
 selinux_status_open()
Date: Mon, 24 Aug 2020 15:18:41 +0200
Message-Id: <20200824131841.55687-3-cgzones@googlemail.com>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200824131841.55687-1-cgzones@googlemail.com>
References: <20200824131841.55687-1-cgzones@googlemail.com>
MIME-Version: 1.0
Sender: selinux-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

If not initialized to the current policyload count, an enforcing change
will trigger policyload-callbacks in selinux_status_updated().

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/src/sestatus.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libselinux/src/sestatus.c b/libselinux/src/sestatus.c
index 62a864b1..dcd7f2dc 100644
--- a/libselinux/src/sestatus.c
+++ b/libselinux/src/sestatus.c
@@ -289,6 +289,7 @@ int selinux_status_open(int fallback)
 	}
 	selinux_status_fd = fd;
 	last_seqno = (uint32_t)(-1);
+	sestatus_save_access(policyload, last_policyload);
 
 	/* No need to use avc threads if the kernel status page is available */
 	avc_using_threads = 0;