Reload config on SELinux policy load

src/util/selinux.c

@@ -6,6 +6,7 @@
 #include <c-stdaux.h>
 #include <selinux/selinux.h>
 #include <selinux/avc.h>
+#include <signal.h>
 #include <stdlib.h>
 #include "util/audit.h"
 #include "util/error.h"
@@ -340,6 +341,17 @@ static int bus_selinux_log(int type, const char *fmt, ...) {
  return 0;
 }
 
+/**
+ * On a policy reload we need to reparse the SELinux configuration file, since
+ * this could have changed. The call back is registered in the broker, and
+ * the SIGHUP is caught in the launcher. So, send a SIGHUP to our parent to
+ * reload all configs.
+ */
+static int policy_reload_callback(int seqno) {
+ pid_t ppid = getppid();
+ return kill(ppid, SIGHUP);
+}
+
 /**
  * bus_selinux_init_global() - initialize the global SELinux context
  *
@@ -386,6 +398,7 @@ int bus_selinux_init_global(void) {
  }
 
  selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback)bus_selinux_log);
+ selinux_set_callback(SELINUX_CB_POLICYLOAD, (union selinux_callback)policy_reload_callback);
 
  /* XXX: set audit callback to get more metadata in the audit log? */