aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/ss
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-06-09 15:58:04 -0400
committerJames Morris <jmorris@namei.org>2008-07-14 01:01:58 -0400
commit89abd0acf0335f3f760a3c0698d43bb1eaa83e44 (patch)
treec71f08fd6b9fa3969352f96d88daa1409474e2d6 /security/selinux/ss
parentcea78dc4ca044e9666e8f5d797ec50ab85253e49 (diff)
SELinux: drop load_mutex in security_load_policy
We used to protect against races of policy load in security_load_policy by using the load_mutex. Since then we have added a new mutex, sel_mutex, in sel_write_load() which is always held across all calls to security_load_policy we are covered and can safely just drop this one. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss')
-rw-r--r--security/selinux/ss/services.c14
1 files changed, 1 insertions, 13 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index f26a8cad06e7..543fd0f31b33 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -71,7 +71,6 @@ int selinux_policycap_openperm;
71extern const struct selinux_class_perm selinux_class_perm; 71extern const struct selinux_class_perm selinux_class_perm;
72 72
73static DEFINE_RWLOCK(policy_rwlock); 73static DEFINE_RWLOCK(policy_rwlock);
74static DEFINE_MUTEX(load_mutex);
75 74
76static struct sidtab sidtab; 75static struct sidtab sidtab;
77struct policydb policydb; 76struct policydb policydb;
@@ -1453,17 +1452,13 @@ int security_load_policy(void *data, size_t len)
1453 int rc = 0; 1452 int rc = 0;
1454 struct policy_file file = { data, len }, *fp = &file; 1453 struct policy_file file = { data, len }, *fp = &file;
1455 1454
1456 mutex_lock(&load_mutex);
1457
1458 if (!ss_initialized) { 1455 if (!ss_initialized) {
1459 avtab_cache_init(); 1456 avtab_cache_init();
1460 if (policydb_read(&policydb, fp)) { 1457 if (policydb_read(&policydb, fp)) {
1461 mutex_unlock(&load_mutex);
1462 avtab_cache_destroy(); 1458 avtab_cache_destroy();
1463 return -EINVAL; 1459 return -EINVAL;
1464 } 1460 }
1465 if (policydb_load_isids(&policydb, &sidtab)) { 1461 if (policydb_load_isids(&policydb, &sidtab)) {
1466 mutex_unlock(&load_mutex);
1467 policydb_destroy(&policydb); 1462 policydb_destroy(&policydb);
1468 avtab_cache_destroy(); 1463 avtab_cache_destroy();
1469 return -EINVAL; 1464 return -EINVAL;
@@ -1472,7 +1467,6 @@ int security_load_policy(void *data, size_t len)
1472 if (validate_classes(&policydb)) { 1467 if (validate_classes(&policydb)) {
1473 printk(KERN_ERR 1468 printk(KERN_ERR
1474 "SELinux: the definition of a class is incorrect\n"); 1469 "SELinux: the definition of a class is incorrect\n");
1475 mutex_unlock(&load_mutex);
1476 sidtab_destroy(&sidtab); 1470 sidtab_destroy(&sidtab);
1477 policydb_destroy(&policydb); 1471 policydb_destroy(&policydb);
1478 avtab_cache_destroy(); 1472 avtab_cache_destroy();
@@ -1482,7 +1476,6 @@ int security_load_policy(void *data, size_t len)
1482 policydb_loaded_version = policydb.policyvers; 1476 policydb_loaded_version = policydb.policyvers;
1483 ss_initialized = 1; 1477 ss_initialized = 1;
1484 seqno = ++latest_granting; 1478 seqno = ++latest_granting;
1485 mutex_unlock(&load_mutex);
1486 selinux_complete_init(); 1479 selinux_complete_init();
1487 avc_ss_reset(seqno); 1480 avc_ss_reset(seqno);
1488 selnl_notify_policyload(seqno); 1481 selnl_notify_policyload(seqno);
@@ -1495,13 +1488,10 @@ int security_load_policy(void *data, size_t len)
1495 sidtab_hash_eval(&sidtab, "sids"); 1488 sidtab_hash_eval(&sidtab, "sids");
1496#endif 1489#endif
1497 1490
1498 if (policydb_read(&newpolicydb, fp)) { 1491 if (policydb_read(&newpolicydb, fp))
1499 mutex_unlock(&load_mutex);
1500 return -EINVAL; 1492 return -EINVAL;
1501 }
1502 1493
1503 if (sidtab_init(&newsidtab)) { 1494 if (sidtab_init(&newsidtab)) {
1504 mutex_unlock(&load_mutex);
1505 policydb_destroy(&newpolicydb); 1495 policydb_destroy(&newpolicydb);
1506 return -ENOMEM; 1496 return -ENOMEM;
1507 } 1497 }
@@ -1549,7 +1539,6 @@ int security_load_policy(void *data, size_t len)
1549 seqno = ++latest_granting; 1539 seqno = ++latest_granting;
1550 policydb_loaded_version = policydb.policyvers; 1540 policydb_loaded_version = policydb.policyvers;
1551 write_unlock_irq(&policy_rwlock); 1541 write_unlock_irq(&policy_rwlock);
1552 mutex_unlock(&load_mutex);
1553 1542
1554 /* Free the old policydb and SID table. */ 1543 /* Free the old policydb and SID table. */
1555 policydb_destroy(&oldpolicydb); 1544 policydb_destroy(&oldpolicydb);
@@ -1563,7 +1552,6 @@ int security_load_policy(void *data, size_t len)
1563 return 0; 1552 return 0;
1564 1553
1565err: 1554err:
1566 mutex_unlock(&load_mutex);
1567 sidtab_destroy(&newsidtab); 1555 sidtab_destroy(&newsidtab);
1568 policydb_destroy(&newpolicydb); 1556 policydb_destroy(&newpolicydb);
1569 return rc; 1557 return rc;