diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2009-10-19 10:08:50 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-10-19 20:22:07 -0400 |
commit | b7f3008ad1d795935551e4dd810b0255a7bfa3c9 (patch) | |
tree | 1933b20fd16d30f6f9b3043ee6a66f0ddedb4009 /security/selinux/ss | |
parent | 825332e4ff1373c55d931b49408df7ec2298f71e (diff) |
SELinux: fix locking issue introduced with c6d3aaa4e35c71a3
Ensure that we release the policy read lock on all exit paths from
security_compute_av.
Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss')
-rw-r--r-- | security/selinux/ss/services.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index f270e378c0e4..77f6e54bb43f 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -935,19 +935,22 @@ int security_compute_av(u32 ssid, | |||
935 | u32 requested; | 935 | u32 requested; |
936 | int rc; | 936 | int rc; |
937 | 937 | ||
938 | read_lock(&policy_rwlock); | ||
939 | |||
938 | if (!ss_initialized) | 940 | if (!ss_initialized) |
939 | goto allow; | 941 | goto allow; |
940 | 942 | ||
941 | read_lock(&policy_rwlock); | ||
942 | requested = unmap_perm(orig_tclass, orig_requested); | 943 | requested = unmap_perm(orig_tclass, orig_requested); |
943 | tclass = unmap_class(orig_tclass); | 944 | tclass = unmap_class(orig_tclass); |
944 | if (unlikely(orig_tclass && !tclass)) { | 945 | if (unlikely(orig_tclass && !tclass)) { |
945 | if (policydb.allow_unknown) | 946 | if (policydb.allow_unknown) |
946 | goto allow; | 947 | goto allow; |
947 | return -EINVAL; | 948 | rc = -EINVAL; |
949 | goto out; | ||
948 | } | 950 | } |
949 | rc = security_compute_av_core(ssid, tsid, tclass, requested, avd); | 951 | rc = security_compute_av_core(ssid, tsid, tclass, requested, avd); |
950 | map_decision(orig_tclass, avd, policydb.allow_unknown); | 952 | map_decision(orig_tclass, avd, policydb.allow_unknown); |
953 | out: | ||
951 | read_unlock(&policy_rwlock); | 954 | read_unlock(&policy_rwlock); |
952 | return rc; | 955 | return rc; |
953 | allow: | 956 | allow: |
@@ -956,7 +959,8 @@ allow: | |||
956 | avd->auditdeny = 0xffffffff; | 959 | avd->auditdeny = 0xffffffff; |
957 | avd->seqno = latest_granting; | 960 | avd->seqno = latest_granting; |
958 | avd->flags = 0; | 961 | avd->flags = 0; |
959 | return 0; | 962 | rc = 0; |
963 | goto out; | ||
960 | } | 964 | } |
961 | 965 | ||
962 | int security_compute_av_user(u32 ssid, | 966 | int security_compute_av_user(u32 ssid, |