From 1ccdbc2b76ceb521a0d3d375b2dbb04574b393ad Mon Sep 17 00:00:00 2001
From: Tashfin Shakeer Rhythm <tashfinshakeerrhythm@gmail.com>
Date: Wed, 13 Aug 2025 07:07:06 +0600
Subject: [PATCH] kernel: selinux: rules: Micro-optimize get_policydb() and fix
 illegal RCU lock usage in handle_sepolicy() (#2695)

Signed-off-by: Tashfin Shakeer Rhythm <tashfinshakeerrhythm@gmail.com>
---
 kernel/selinux/rules.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c
index 10f6506c..ddfe3dd2 100644
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -19,7 +19,7 @@
 static struct policydb *get_policydb(void)
 {
 	struct policydb *db;
-	struct selinux_policy *policy = rcu_dereference(selinux_state.policy);
+	struct selinux_policy *policy = selinux_state.policy;
 	db = &policy->policydb;
 	return db;
 }
@@ -189,6 +189,8 @@ static void reset_avc_cache()
 
 int handle_sepolicy(unsigned long arg3, void __user *arg4)
 {
+	struct policydb *db;
+
 	if (!arg4) {
 		return -1;
 	}
@@ -206,9 +208,9 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
 	u32 cmd = data.cmd;
 	u32 subcmd = data.subcmd;
 
-	rcu_read_lock();
+	mutex_lock(&ksu_rules);
 
-	struct policydb *db = get_policydb();
+	db = get_policydb();
 
 	int ret = -1;
 	if (cmd == CMD_NORMAL_PERM) {
@@ -458,7 +460,7 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
 	}
 
 exit:
-	rcu_read_unlock();
+	mutex_unlock(&ksu_rules);
 
 	// only allow and xallow needs to reset avc cache, but we cannot do that because
 	// we are in atomic context. so we just reset it every time.