diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2009-10-19 10:08:50 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2009-10-19 20:22:07 -0400 |
| commit | b7f3008ad1d795935551e4dd810b0255a7bfa3c9 (patch) | |
| tree | 1933b20fd16d30f6f9b3043ee6a66f0ddedb4009 /security/selinux | |
| parent | 825332e4ff1373c55d931b49408df7ec2298f71e (diff) | |
SELinux: fix locking issue introduced with c6d3aaa4e35c71a3
Ensure that we release the policy read lock on all exit paths from
security_compute_av.
Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/ss/services.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index f270e378c0e4..77f6e54bb43f 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -935,19 +935,22 @@ int security_compute_av(u32 ssid, | |||
| 935 | u32 requested; | 935 | u32 requested; |
| 936 | int rc; | 936 | int rc; |
| 937 | 937 | ||
| 938 | read_lock(&policy_rwlock); | ||
| 939 | |||
| 938 | if (!ss_initialized) | 940 | if (!ss_initialized) |
| 939 | goto allow; | 941 | goto allow; |
| 940 | 942 | ||
| 941 | read_lock(&policy_rwlock); | ||
| 942 | requested = unmap_perm(orig_tclass, orig_requested); | 943 | requested = unmap_perm(orig_tclass, orig_requested); |
| 943 | tclass = unmap_class(orig_tclass); | 944 | tclass = unmap_class(orig_tclass); |
| 944 | if (unlikely(orig_tclass && !tclass)) { | 945 | if (unlikely(orig_tclass && !tclass)) { |
| 945 | if (policydb.allow_unknown) | 946 | if (policydb.allow_unknown) |
| 946 | goto allow; | 947 | goto allow; |
| 947 | return -EINVAL; | 948 | rc = -EINVAL; |
| 949 | goto out; | ||
| 948 | } | 950 | } |
| 949 | rc = security_compute_av_core(ssid, tsid, tclass, requested, avd); | 951 | rc = security_compute_av_core(ssid, tsid, tclass, requested, avd); |
| 950 | map_decision(orig_tclass, avd, policydb.allow_unknown); | 952 | map_decision(orig_tclass, avd, policydb.allow_unknown); |
| 953 | out: | ||
| 951 | read_unlock(&policy_rwlock); | 954 | read_unlock(&policy_rwlock); |
| 952 | return rc; | 955 | return rc; |
| 953 | allow: | 956 | allow: |
| @@ -956,7 +959,8 @@ allow: | |||
| 956 | avd->auditdeny = 0xffffffff; | 959 | avd->auditdeny = 0xffffffff; |
| 957 | avd->seqno = latest_granting; | 960 | avd->seqno = latest_granting; |
| 958 | avd->flags = 0; | 961 | avd->flags = 0; |
| 959 | return 0; | 962 | rc = 0; |
| 963 | goto out; | ||
| 960 | } | 964 | } |
| 961 | 965 | ||
| 962 | int security_compute_av_user(u32 ssid, | 966 | int security_compute_av_user(u32 ssid, |