aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/ss
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2009-10-19 10:08:50 -0400
committerJames Morris <jmorris@namei.org>2009-10-19 20:22:07 -0400
commitb7f3008ad1d795935551e4dd810b0255a7bfa3c9 (patch)
tree1933b20fd16d30f6f9b3043ee6a66f0ddedb4009 /security/selinux/ss
parent825332e4ff1373c55d931b49408df7ec2298f71e (diff)
SELinux: fix locking issue introduced with c6d3aaa4e35c71a3
Ensure that we release the policy read lock on all exit paths from security_compute_av. Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss')
-rw-r--r--security/selinux/ss/services.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index f270e378c0e4..77f6e54bb43f 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -935,19 +935,22 @@ int security_compute_av(u32 ssid,
935 u32 requested; 935 u32 requested;
936 int rc; 936 int rc;
937 937
938 read_lock(&policy_rwlock);
939
938 if (!ss_initialized) 940 if (!ss_initialized)
939 goto allow; 941 goto allow;
940 942
941 read_lock(&policy_rwlock);
942 requested = unmap_perm(orig_tclass, orig_requested); 943 requested = unmap_perm(orig_tclass, orig_requested);
943 tclass = unmap_class(orig_tclass); 944 tclass = unmap_class(orig_tclass);
944 if (unlikely(orig_tclass && !tclass)) { 945 if (unlikely(orig_tclass && !tclass)) {
945 if (policydb.allow_unknown) 946 if (policydb.allow_unknown)
946 goto allow; 947 goto allow;
947 return -EINVAL; 948 rc = -EINVAL;
949 goto out;
948 } 950 }
949 rc = security_compute_av_core(ssid, tsid, tclass, requested, avd); 951 rc = security_compute_av_core(ssid, tsid, tclass, requested, avd);
950 map_decision(orig_tclass, avd, policydb.allow_unknown); 952 map_decision(orig_tclass, avd, policydb.allow_unknown);
953out:
951 read_unlock(&policy_rwlock); 954 read_unlock(&policy_rwlock);
952 return rc; 955 return rc;
953allow: 956allow:
@@ -956,7 +959,8 @@ allow:
956 avd->auditdeny = 0xffffffff; 959 avd->auditdeny = 0xffffffff;
957 avd->seqno = latest_granting; 960 avd->seqno = latest_granting;
958 avd->flags = 0; 961 avd->flags = 0;
959 return 0; 962 rc = 0;
963 goto out;
960} 964}
961 965
962int security_compute_av_user(u32 ssid, 966int security_compute_av_user(u32 ssid,