From de58778a442defd39d433def55e8878d5227399a Mon Sep 17 00:00:00 2001
From: Matt Sheets <masheets@linux.microsoft.com>
Date: Wed, 16 Oct 2024 08:03:27 -0700
Subject: [PATCH 1/2] Reload config on SELinux policy load

When a new SELinux policy is loaded the dbus config file it carries may
have been updated as well.  As such, we should reload the dbus
configuration to catch any changes.  This logic already exists in the
dbus-daemon code and this change is largely based off of that code.
---
 src/util/selinux.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/util/selinux.c b/src/util/selinux.c
index a72cc0a8..7dcf47d4 100644
--- a/src/util/selinux.c
+++ b/src/util/selinux.c
@@ -6,6 +6,7 @@
 #include <c-stdaux.h>
 #include <selinux/selinux.h>
 #include <selinux/avc.h>
+#include <signal.h>
 #include <stdlib.h>
 #include "util/audit.h"
 #include "util/error.h"
@@ -340,6 +341,19 @@ static int bus_selinux_log(int type, const char *fmt, ...) {
         return 0;
 }
 
+/**
+ * On a policy reload we need to reparse the SELinux configuration file, since
+ * this could have changed. The call back is registered in the broker, and
+ * the SIGHUP is caught in the launcher. So, send a SIGHUP to our parent to
+ * reload all configs.
+ */
+static int
+policy_reload_callback (int seqno)
+{
+        pid_t ppid = getppid();
+        return kill(ppid, SIGHUP);
+}
+
 /**
  * bus_selinux_init_global() - initialize the global SELinux context
  *
@@ -386,6 +400,7 @@ int bus_selinux_init_global(void) {
         }
 
         selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback)bus_selinux_log);
+        selinux_set_callback(SELINUX_CB_POLICYLOAD, (union selinux_callback)policy_reload_callback);
 
         /* XXX: set audit callback to get more metadata in the audit log? */
 

From f17d94ed1e99111777a88c4f47cd38f77b32260b Mon Sep 17 00:00:00 2001
From: Matt Sheets <masheets@linux.microsoft.com>
Date: Wed, 16 Oct 2024 08:17:24 -0700
Subject: [PATCH 2/2] Formatting cleanup

---
 src/util/selinux.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/util/selinux.c b/src/util/selinux.c
index 7dcf47d4..1b76e1a3 100644
--- a/src/util/selinux.c
+++ b/src/util/selinux.c
@@ -347,9 +347,7 @@ static int bus_selinux_log(int type, const char *fmt, ...) {
  * the SIGHUP is caught in the launcher. So, send a SIGHUP to our parent to
  * reload all configs.
  */
-static int
-policy_reload_callback (int seqno)
-{
+static int policy_reload_callback(int seqno) {
         pid_t ppid = getppid();
         return kill(ppid, SIGHUP);
 }