From: Paul Moore <paul@paul-moore.com>
To: Stephen Smalley <stephen.smalley@gmail.com>
Cc: Jaejyn Shin <flagon22bass@gmail.com>, selinux <selinux@tycho.nsa.gov>
Subject: Re: Fwd: Booting time is increased after applying kernel 3.10
Date: Wed, 25 Jun 2014 15:29:01 -0400 [thread overview]
Message-ID: <58493927.vocElXfMed@sifl> (raw)
In-Reply-To: <CAB9W1A3HhfPimsRB4Qtf91hCM8u2Ds+yzK9XBYr6eEcdDP+wWQ@mail.gmail.com>
On Wednesday, June 25, 2014 03:14:56 PM Stephen Smalley wrote:
> ---------- Forwarded message ----------
> From: Jaejyn Shin <flagon22bass@gmail.com>
> Date: Wed, Jun 25, 2014 at 4:36 AM
> Subject: Booting time is increased after applying kernel 3.10
> To: "seandroid-list@tycho.nsa.gov" <seandroid-list@tycho.nsa.gov>
>
>
>
> Dear SEAndroid and SELinux developer
> First of all, I always appreciate that I get lots of information in
> this e-mailing list.
>
> After applying kernel 3.10, the booting time of my device has been increased
> Especially, the selinux initializing time is increased (about 0.5s).
>
> I analized the reason, and I found that the synchronize_net function
> has 0.1s delay.
I would need to give it some more thought, but since the netport/netnode/netif
caches all have their own locks it may be possible to skip the
synchronize_net() call. Although, looking at this a bit closer, I wonder if
it would be possible to just skip the avc_ss_reset() call for the initial
policy load, or at least skip the callback processing. Am I missing
something?
> before)
> selinux_initialize
> -> selinux_android_load_policy
> -> selinux_android_reload_policy
> -> security_load_policy
> -> avc_ss_reset
> -> sel_netport_avc_callback -> synchronize_net
> -> sel_netnode_avc_callback -> synchronize_net
> -> sel_netif_avc_callback -> synchronize_net
> -> security_setenforce
> -> sel_write_enforce
> -> avc_ss_reset
> -> sel_netport_avc_callback -> synchronize_net
> -> sel_netnode_avc_callback -> synchronize_net
> -> sel_netif_avc_callback -> synchronize_net
> To make fast the booting time, can I don't call the avc_ss_reset
> function only during initializing selinux ?
>
> after)
> selinux_initialize
> -> selinux_android_load_policy
> -> selinux_android_reload_policy
> -> security_load_policy
> X-> avc_ss_reset
> -> security_setenforce
> -> sel_write_enforce
> X-> avc_ss_reset
>
> Is it possible?
>
> Thank you
> Best regards
>
> _______________________________________________
> Seandroid-list mailing list
> Seandroid-list@tycho.nsa.gov
> To unsubscribe, send email to Seandroid-list-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to
> Seandroid-list-request@tycho.nsa.gov.
--
paul moore
www.paul-moore.com
next prev parent reply other threads:[~2014-06-25 19:29 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAEFn6A4mzF208e1s_OHEzJ-1Kq-DUGgzVNbQXrW6NbB0e8DSpQ@mail.gmail.com>
2014-06-25 19:14 ` Fwd: Booting time is increased after applying kernel 3.10 Stephen Smalley
2014-06-25 19:29 ` Paul Moore [this message]
2014-06-25 19:49 ` Stephen Smalley
2014-06-25 23:19 ` Jaejyn Shin
2014-06-26 13:57 ` Stephen Smalley
2014-06-26 14:17 ` Paul Moore
2014-06-27 12:15 ` Stephen Smalley
2014-06-27 12:52 ` Stephen Smalley
2014-06-27 13:11 ` Paul Moore
2015-04-01 18:58 Ravi Kumar
2015-04-01 19:20 ` Stephen Smalley
2015-04-01 19:24 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=58493927.vocElXfMed@sifl \
--to=paul@paul-moore.com \
--cc=flagon22bass@gmail.com \
--cc=selinux@tycho.nsa.gov \
--cc=stephen.smalley@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.