From f2d4bb3c0e9a4167dec56df5ca1ec03bfae7ad97 Mon Sep 17 00:00:00 2001
From: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Date: Tue, 5 Oct 2021 17:24:09 +0800
Subject: [PATCH] ANDROID: selinux: add restricted vendor hook in selinux

Add restricted vendor hook for selinux_state, so we can
know if the selinux_state is initialized

Bug: 186363840

Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Change-Id: Ideed051a1d53ed1bce7d7915e38366264a7d77eb
---
 drivers/android/vendor_hooks.c |  2 ++
 include/trace/hooks/selinux.h  | 21 +++++++++++++++++++++
 security/selinux/ss/services.c |  3 +++
 3 files changed, 26 insertions(+)
 create mode 100644 include/trace/hooks/selinux.h

diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c
index fc1d5ad82b66..7ca599775a00 100644
--- a/drivers/android/vendor_hooks.c
+++ b/drivers/android/vendor_hooks.c
@@ -41,6 +41,7 @@
 #include <trace/hooks/creds.h>
 #include <trace/hooks/memory.h>
 #include <trace/hooks/module.h>
+#include <trace/hooks/selinux.h>
 
 /*
  * Export tracepoints that act as a bare tracehook (ie: have no trace event
@@ -190,3 +191,4 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_set_memory_nx);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_set_memory_rw);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_set_module_permit_before_init);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_set_module_permit_after_init);
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_selinux_is_initialized);
diff --git a/include/trace/hooks/selinux.h b/include/trace/hooks/selinux.h
new file mode 100644
index 000000000000..fb0e8a50635f
--- /dev/null
+++ b/include/trace/hooks/selinux.h
@@ -0,0 +1,21 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#undef TRACE_SYSTEM
+#define TRACE_SYSTEM selinux
+
+#define TRACE_INCLUDE_PATH trace/hooks
+#if !defined(_TRACE_HOOK_SELINUX_H) || defined(TRACE_HEADER_MULTI_READ)
+#define _TRACE_HOOK_SELINUX_H
+#include <linux/tracepoint.h>
+#include <trace/hooks/vendor_hooks.h>
+/*
+ * Following tracepoints are not exported in tracefs and provide a
+ * mechanism for vendor modules to hook and extend functionality
+ */
+struct selinux_state;
+DECLARE_RESTRICTED_HOOK(android_rvh_selinux_is_initialized,
+	TP_PROTO(const struct selinux_state *state),
+	TP_ARGS(state), 1);
+
+#endif /* _TRACE_HOOK_SELINUX_H */
+/* This part must be outside protection */
+#include <trace/define_trace.h>
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index d175780ff136..8dfb4af34045 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -68,6 +68,8 @@
 #include "policycap_names.h"
 #include "ima.h"
 
+#include <trace/hooks/selinux.h>
+
 struct convert_context_args {
 	struct selinux_state *state;
 	struct policydb *oldp;
@@ -2261,6 +2263,7 @@ void selinux_policy_commit(struct selinux_state *state,
 		 */
 		selinux_mark_initialized(state);
 		selinux_complete_init();
+		trace_android_rvh_selinux_is_initialized(state);
 	}
 
 	/* Free the old policy */