diff options
| author | James Morris <jmorris@namei.org> | 2008-06-06 04:40:29 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-07-14 01:01:55 -0400 |
| commit | 0804d1133c02cbdfba0055de774f2c21a8b777dc (patch) | |
| tree | d9bbb58ed872f55887d2269abd9aec252894289d /security/selinux | |
| parent | 59dbd1ba9847837aa7095f3e4a29599dae412ac4 (diff) | |
SELinux: open code policy_rwlock
Open code policy_rwlock, as suggested by Andrew Morton.
Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/ss/services.c | 108 |
1 files changed, 52 insertions, 56 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 0696aadcab6f..e8ec54db95ba 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -71,10 +71,6 @@ int selinux_policycap_openperm; | |||
| 71 | extern const struct selinux_class_perm selinux_class_perm; | 71 | extern const struct selinux_class_perm selinux_class_perm; |
| 72 | 72 | ||
| 73 | static DEFINE_RWLOCK(policy_rwlock); | 73 | static DEFINE_RWLOCK(policy_rwlock); |
| 74 | #define POLICY_RDLOCK read_lock(&policy_rwlock) | ||
| 75 | #define POLICY_WRLOCK write_lock_irq(&policy_rwlock) | ||
| 76 | #define POLICY_RDUNLOCK read_unlock(&policy_rwlock) | ||
| 77 | #define POLICY_WRUNLOCK write_unlock_irq(&policy_rwlock) | ||
| 78 | 74 | ||
| 79 | static DEFINE_MUTEX(load_mutex); | 75 | static DEFINE_MUTEX(load_mutex); |
| 80 | #define LOAD_LOCK mutex_lock(&load_mutex) | 76 | #define LOAD_LOCK mutex_lock(&load_mutex) |
| @@ -429,7 +425,7 @@ int security_permissive_sid(u32 sid) | |||
| 429 | u32 type; | 425 | u32 type; |
| 430 | int rc; | 426 | int rc; |
| 431 | 427 | ||
| 432 | POLICY_RDLOCK; | 428 | read_lock(&policy_rwlock); |
| 433 | 429 | ||
| 434 | context = sidtab_search(&sidtab, sid); | 430 | context = sidtab_search(&sidtab, sid); |
| 435 | BUG_ON(!context); | 431 | BUG_ON(!context); |
| @@ -441,7 +437,7 @@ int security_permissive_sid(u32 sid) | |||
| 441 | */ | 437 | */ |
| 442 | rc = ebitmap_get_bit(&policydb.permissive_map, type); | 438 | rc = ebitmap_get_bit(&policydb.permissive_map, type); |
| 443 | 439 | ||
| 444 | POLICY_RDUNLOCK; | 440 | read_unlock(&policy_rwlock); |
| 445 | return rc; | 441 | return rc; |
| 446 | } | 442 | } |
| 447 | 443 | ||
| @@ -486,7 +482,7 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, | |||
| 486 | if (!ss_initialized) | 482 | if (!ss_initialized) |
| 487 | return 0; | 483 | return 0; |
| 488 | 484 | ||
| 489 | POLICY_RDLOCK; | 485 | read_lock(&policy_rwlock); |
| 490 | 486 | ||
| 491 | /* | 487 | /* |
| 492 | * Remap extended Netlink classes for old policy versions. | 488 | * Remap extended Netlink classes for old policy versions. |
| @@ -543,7 +539,7 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, | |||
| 543 | } | 539 | } |
| 544 | 540 | ||
| 545 | out: | 541 | out: |
| 546 | POLICY_RDUNLOCK; | 542 | read_unlock(&policy_rwlock); |
| 547 | return rc; | 543 | return rc; |
| 548 | } | 544 | } |
| 549 | 545 | ||
| @@ -578,7 +574,7 @@ int security_compute_av(u32 ssid, | |||
| 578 | return 0; | 574 | return 0; |
| 579 | } | 575 | } |
| 580 | 576 | ||
| 581 | POLICY_RDLOCK; | 577 | read_lock(&policy_rwlock); |
| 582 | 578 | ||
| 583 | scontext = sidtab_search(&sidtab, ssid); | 579 | scontext = sidtab_search(&sidtab, ssid); |
| 584 | if (!scontext) { | 580 | if (!scontext) { |
| @@ -598,7 +594,7 @@ int security_compute_av(u32 ssid, | |||
| 598 | rc = context_struct_compute_av(scontext, tcontext, tclass, | 594 | rc = context_struct_compute_av(scontext, tcontext, tclass, |
| 599 | requested, avd); | 595 | requested, avd); |
| 600 | out: | 596 | out: |
| 601 | POLICY_RDUNLOCK; | 597 | read_unlock(&policy_rwlock); |
| 602 | return rc; | 598 | return rc; |
| 603 | } | 599 | } |
| 604 | 600 | ||
| @@ -691,7 +687,7 @@ static int security_sid_to_context_core(u32 sid, char **scontext, | |||
| 691 | rc = -EINVAL; | 687 | rc = -EINVAL; |
| 692 | goto out; | 688 | goto out; |
| 693 | } | 689 | } |
| 694 | POLICY_RDLOCK; | 690 | read_lock(&policy_rwlock); |
| 695 | if (force) | 691 | if (force) |
| 696 | context = sidtab_search_force(&sidtab, sid); | 692 | context = sidtab_search_force(&sidtab, sid); |
| 697 | else | 693 | else |
| @@ -704,7 +700,7 @@ static int security_sid_to_context_core(u32 sid, char **scontext, | |||
| 704 | } | 700 | } |
| 705 | rc = context_struct_to_string(context, scontext, scontext_len); | 701 | rc = context_struct_to_string(context, scontext, scontext_len); |
| 706 | out_unlock: | 702 | out_unlock: |
| 707 | POLICY_RDUNLOCK; | 703 | read_unlock(&policy_rwlock); |
| 708 | out: | 704 | out: |
| 709 | return rc; | 705 | return rc; |
| 710 | 706 | ||
| @@ -855,7 +851,7 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len, | |||
| 855 | } | 851 | } |
| 856 | } | 852 | } |
| 857 | 853 | ||
| 858 | POLICY_RDLOCK; | 854 | read_lock(&policy_rwlock); |
| 859 | rc = string_to_context_struct(&policydb, &sidtab, | 855 | rc = string_to_context_struct(&policydb, &sidtab, |
| 860 | scontext2, scontext_len, | 856 | scontext2, scontext_len, |
| 861 | &context, def_sid); | 857 | &context, def_sid); |
| @@ -869,7 +865,7 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len, | |||
| 869 | if (rc) | 865 | if (rc) |
| 870 | context_destroy(&context); | 866 | context_destroy(&context); |
| 871 | out: | 867 | out: |
| 872 | POLICY_RDUNLOCK; | 868 | read_unlock(&policy_rwlock); |
| 873 | kfree(scontext2); | 869 | kfree(scontext2); |
| 874 | kfree(str); | 870 | kfree(str); |
| 875 | return rc; | 871 | return rc; |
| @@ -981,7 +977,7 @@ static int security_compute_sid(u32 ssid, | |||
| 981 | 977 | ||
| 982 | context_init(&newcontext); | 978 | context_init(&newcontext); |
| 983 | 979 | ||
| 984 | POLICY_RDLOCK; | 980 | read_lock(&policy_rwlock); |
| 985 | 981 | ||
| 986 | scontext = sidtab_search(&sidtab, ssid); | 982 | scontext = sidtab_search(&sidtab, ssid); |
| 987 | if (!scontext) { | 983 | if (!scontext) { |
| @@ -1086,7 +1082,7 @@ static int security_compute_sid(u32 ssid, | |||
| 1086 | /* Obtain the sid for the context. */ | 1082 | /* Obtain the sid for the context. */ |
| 1087 | rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid); | 1083 | rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid); |
| 1088 | out_unlock: | 1084 | out_unlock: |
| 1089 | POLICY_RDUNLOCK; | 1085 | read_unlock(&policy_rwlock); |
| 1090 | context_destroy(&newcontext); | 1086 | context_destroy(&newcontext); |
| 1091 | out: | 1087 | out: |
| 1092 | return rc; | 1088 | return rc; |
| @@ -1549,13 +1545,13 @@ int security_load_policy(void *data, size_t len) | |||
| 1549 | sidtab_set(&oldsidtab, &sidtab); | 1545 | sidtab_set(&oldsidtab, &sidtab); |
| 1550 | 1546 | ||
| 1551 | /* Install the new policydb and SID table. */ | 1547 | /* Install the new policydb and SID table. */ |
| 1552 | POLICY_WRLOCK; | 1548 | write_lock_irq(&policy_rwlock); |
| 1553 | memcpy(&policydb, &newpolicydb, sizeof policydb); | 1549 | memcpy(&policydb, &newpolicydb, sizeof policydb); |
| 1554 | sidtab_set(&sidtab, &newsidtab); | 1550 | sidtab_set(&sidtab, &newsidtab); |
| 1555 | security_load_policycaps(); | 1551 | security_load_policycaps(); |
| 1556 | seqno = ++latest_granting; | 1552 | seqno = ++latest_granting; |
| 1557 | policydb_loaded_version = policydb.policyvers; | 1553 | policydb_loaded_version = policydb.policyvers; |
| 1558 | POLICY_WRUNLOCK; | 1554 | write_unlock_irq(&policy_rwlock); |
| 1559 | LOAD_UNLOCK; | 1555 | LOAD_UNLOCK; |
| 1560 | 1556 | ||
| 1561 | /* Free the old policydb and SID table. */ | 1557 | /* Free the old policydb and SID table. */ |
| @@ -1588,7 +1584,7 @@ int security_port_sid(u8 protocol, u16 port, u32 *out_sid) | |||
| 1588 | struct ocontext *c; | 1584 | struct ocontext *c; |
| 1589 | int rc = 0; | 1585 | int rc = 0; |
| 1590 | 1586 | ||
| 1591 | POLICY_RDLOCK; | 1587 | read_lock(&policy_rwlock); |
| 1592 | 1588 | ||
| 1593 | c = policydb.ocontexts[OCON_PORT]; | 1589 | c = policydb.ocontexts[OCON_PORT]; |
| 1594 | while (c) { | 1590 | while (c) { |
| @@ -1613,7 +1609,7 @@ int security_port_sid(u8 protocol, u16 port, u32 *out_sid) | |||
| 1613 | } | 1609 | } |
| 1614 | 1610 | ||
| 1615 | out: | 1611 | out: |
| 1616 | POLICY_RDUNLOCK; | 1612 | read_unlock(&policy_rwlock); |
| 1617 | return rc; | 1613 | return rc; |
| 1618 | } | 1614 | } |
| 1619 | 1615 | ||
| @@ -1627,7 +1623,7 @@ int security_netif_sid(char *name, u32 *if_sid) | |||
| 1627 | int rc = 0; | 1623 | int rc = 0; |
| 1628 | struct ocontext *c; | 1624 | struct ocontext *c; |
| 1629 | 1625 | ||
| 1630 | POLICY_RDLOCK; | 1626 | read_lock(&policy_rwlock); |
| 1631 | 1627 | ||
| 1632 | c = policydb.ocontexts[OCON_NETIF]; | 1628 | c = policydb.ocontexts[OCON_NETIF]; |
| 1633 | while (c) { | 1629 | while (c) { |
| @@ -1654,7 +1650,7 @@ int security_netif_sid(char *name, u32 *if_sid) | |||
| 1654 | *if_sid = SECINITSID_NETIF; | 1650 | *if_sid = SECINITSID_NETIF; |
| 1655 | 1651 | ||
| 1656 | out: | 1652 | out: |
| 1657 | POLICY_RDUNLOCK; | 1653 | read_unlock(&policy_rwlock); |
| 1658 | return rc; | 1654 | return rc; |
| 1659 | } | 1655 | } |
| 1660 | 1656 | ||
| @@ -1686,7 +1682,7 @@ int security_node_sid(u16 domain, | |||
| 1686 | int rc = 0; | 1682 | int rc = 0; |
| 1687 | struct ocontext *c; | 1683 | struct ocontext *c; |
| 1688 | 1684 | ||
| 1689 | POLICY_RDLOCK; | 1685 | read_lock(&policy_rwlock); |
| 1690 | 1686 | ||
| 1691 | switch (domain) { | 1687 | switch (domain) { |
| 1692 | case AF_INET: { | 1688 | case AF_INET: { |
| @@ -1741,7 +1737,7 @@ int security_node_sid(u16 domain, | |||
| 1741 | } | 1737 | } |
| 1742 | 1738 | ||
| 1743 | out: | 1739 | out: |
| 1744 | POLICY_RDUNLOCK; | 1740 | read_unlock(&policy_rwlock); |
| 1745 | return rc; | 1741 | return rc; |
| 1746 | } | 1742 | } |
| 1747 | 1743 | ||
| @@ -1780,7 +1776,7 @@ int security_get_user_sids(u32 fromsid, | |||
| 1780 | if (!ss_initialized) | 1776 | if (!ss_initialized) |
| 1781 | goto out; | 1777 | goto out; |
| 1782 | 1778 | ||
| 1783 | POLICY_RDLOCK; | 1779 | read_lock(&policy_rwlock); |
| 1784 | 1780 | ||
| 1785 | context_init(&usercon); | 1781 | context_init(&usercon); |
| 1786 | 1782 | ||
| @@ -1833,7 +1829,7 @@ int security_get_user_sids(u32 fromsid, | |||
| 1833 | } | 1829 | } |
| 1834 | 1830 | ||
| 1835 | out_unlock: | 1831 | out_unlock: |
| 1836 | POLICY_RDUNLOCK; | 1832 | read_unlock(&policy_rwlock); |
| 1837 | if (rc || !mynel) { | 1833 | if (rc || !mynel) { |
| 1838 | kfree(mysids); | 1834 | kfree(mysids); |
| 1839 | goto out; | 1835 | goto out; |
| @@ -1886,7 +1882,7 @@ int security_genfs_sid(const char *fstype, | |||
| 1886 | while (path[0] == '/' && path[1] == '/') | 1882 | while (path[0] == '/' && path[1] == '/') |
| 1887 | path++; | 1883 | path++; |
| 1888 | 1884 | ||
| 1889 | POLICY_RDLOCK; | 1885 | read_lock(&policy_rwlock); |
| 1890 | 1886 | ||
| 1891 | for (genfs = policydb.genfs; genfs; genfs = genfs->next) { | 1887 | for (genfs = policydb.genfs; genfs; genfs = genfs->next) { |
| 1892 | cmp = strcmp(fstype, genfs->fstype); | 1888 | cmp = strcmp(fstype, genfs->fstype); |
| @@ -1923,7 +1919,7 @@ int security_genfs_sid(const char *fstype, | |||
| 1923 | 1919 | ||
| 1924 | *sid = c->sid[0]; | 1920 | *sid = c->sid[0]; |
| 1925 | out: | 1921 | out: |
| 1926 | POLICY_RDUNLOCK; | 1922 | read_unlock(&policy_rwlock); |
| 1927 | return rc; | 1923 | return rc; |
| 1928 | } | 1924 | } |
| 1929 | 1925 | ||
| @@ -1941,7 +1937,7 @@ int security_fs_use( | |||
| 1941 | int rc = 0; | 1937 | int rc = 0; |
| 1942 | struct ocontext *c; | 1938 | struct ocontext *c; |
| 1943 | 1939 | ||
| 1944 | POLICY_RDLOCK; | 1940 | read_lock(&policy_rwlock); |
| 1945 | 1941 | ||
| 1946 | c = policydb.ocontexts[OCON_FSUSE]; | 1942 | c = policydb.ocontexts[OCON_FSUSE]; |
| 1947 | while (c) { | 1943 | while (c) { |
| @@ -1971,7 +1967,7 @@ int security_fs_use( | |||
| 1971 | } | 1967 | } |
| 1972 | 1968 | ||
| 1973 | out: | 1969 | out: |
| 1974 | POLICY_RDUNLOCK; | 1970 | read_unlock(&policy_rwlock); |
| 1975 | return rc; | 1971 | return rc; |
| 1976 | } | 1972 | } |
| 1977 | 1973 | ||
| @@ -1979,7 +1975,7 @@ int security_get_bools(int *len, char ***names, int **values) | |||
| 1979 | { | 1975 | { |
| 1980 | int i, rc = -ENOMEM; | 1976 | int i, rc = -ENOMEM; |
| 1981 | 1977 | ||
| 1982 | POLICY_RDLOCK; | 1978 | read_lock(&policy_rwlock); |
| 1983 | *names = NULL; | 1979 | *names = NULL; |
| 1984 | *values = NULL; | 1980 | *values = NULL; |
| 1985 | 1981 | ||
| @@ -2009,7 +2005,7 @@ int security_get_bools(int *len, char ***names, int **values) | |||
| 2009 | } | 2005 | } |
| 2010 | rc = 0; | 2006 | rc = 0; |
| 2011 | out: | 2007 | out: |
| 2012 | POLICY_RDUNLOCK; | 2008 | read_unlock(&policy_rwlock); |
| 2013 | return rc; | 2009 | return rc; |
| 2014 | err: | 2010 | err: |
| 2015 | if (*names) { | 2011 | if (*names) { |
| @@ -2027,7 +2023,7 @@ int security_set_bools(int len, int *values) | |||
| 2027 | int lenp, seqno = 0; | 2023 | int lenp, seqno = 0; |
| 2028 | struct cond_node *cur; | 2024 | struct cond_node *cur; |
| 2029 | 2025 | ||
| 2030 | POLICY_WRLOCK; | 2026 | write_lock_irq(&policy_rwlock); |
| 2031 | 2027 | ||
| 2032 | lenp = policydb.p_bools.nprim; | 2028 | lenp = policydb.p_bools.nprim; |
| 2033 | if (len != lenp) { | 2029 | if (len != lenp) { |
| @@ -2061,7 +2057,7 @@ int security_set_bools(int len, int *values) | |||
| 2061 | seqno = ++latest_granting; | 2057 | seqno = ++latest_granting; |
| 2062 | 2058 | ||
| 2063 | out: | 2059 | out: |
| 2064 | POLICY_WRUNLOCK; | 2060 | write_unlock_irq(&policy_rwlock); |
| 2065 | if (!rc) { | 2061 | if (!rc) { |
| 2066 | avc_ss_reset(seqno); | 2062 | avc_ss_reset(seqno); |
| 2067 | selnl_notify_policyload(seqno); | 2063 | selnl_notify_policyload(seqno); |
| @@ -2075,7 +2071,7 @@ int security_get_bool_value(int bool) | |||
| 2075 | int rc = 0; | 2071 | int rc = 0; |
| 2076 | int len; | 2072 | int len; |
| 2077 | 2073 | ||
| 2078 | POLICY_RDLOCK; | 2074 | read_lock(&policy_rwlock); |
| 2079 | 2075 | ||
| 2080 | len = policydb.p_bools.nprim; | 2076 | len = policydb.p_bools.nprim; |
| 2081 | if (bool >= len) { | 2077 | if (bool >= len) { |
| @@ -2085,7 +2081,7 @@ int security_get_bool_value(int bool) | |||
| 2085 | 2081 | ||
| 2086 | rc = policydb.bool_val_to_struct[bool]->state; | 2082 | rc = policydb.bool_val_to_struct[bool]->state; |
| 2087 | out: | 2083 | out: |
| 2088 | POLICY_RDUNLOCK; | 2084 | read_unlock(&policy_rwlock); |
| 2089 | return rc; | 2085 | return rc; |
| 2090 | } | 2086 | } |
| 2091 | 2087 | ||
| @@ -2140,7 +2136,7 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid) | |||
| 2140 | 2136 | ||
| 2141 | context_init(&newcon); | 2137 | context_init(&newcon); |
| 2142 | 2138 | ||
| 2143 | POLICY_RDLOCK; | 2139 | read_lock(&policy_rwlock); |
| 2144 | context1 = sidtab_search(&sidtab, sid); | 2140 | context1 = sidtab_search(&sidtab, sid); |
| 2145 | if (!context1) { | 2141 | if (!context1) { |
| 2146 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", | 2142 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", |
| @@ -2182,7 +2178,7 @@ bad: | |||
| 2182 | } | 2178 | } |
| 2183 | 2179 | ||
| 2184 | out_unlock: | 2180 | out_unlock: |
| 2185 | POLICY_RDUNLOCK; | 2181 | read_unlock(&policy_rwlock); |
| 2186 | context_destroy(&newcon); | 2182 | context_destroy(&newcon); |
| 2187 | out: | 2183 | out: |
| 2188 | return rc; | 2184 | return rc; |
| @@ -2239,7 +2235,7 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, | |||
| 2239 | return 0; | 2235 | return 0; |
| 2240 | } | 2236 | } |
| 2241 | 2237 | ||
| 2242 | POLICY_RDLOCK; | 2238 | read_lock(&policy_rwlock); |
| 2243 | 2239 | ||
| 2244 | nlbl_ctx = sidtab_search(&sidtab, nlbl_sid); | 2240 | nlbl_ctx = sidtab_search(&sidtab, nlbl_sid); |
| 2245 | if (!nlbl_ctx) { | 2241 | if (!nlbl_ctx) { |
| @@ -2258,7 +2254,7 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, | |||
| 2258 | rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES); | 2254 | rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES); |
| 2259 | 2255 | ||
| 2260 | out_slowpath: | 2256 | out_slowpath: |
| 2261 | POLICY_RDUNLOCK; | 2257 | read_unlock(&policy_rwlock); |
| 2262 | if (rc == 0) | 2258 | if (rc == 0) |
| 2263 | /* at present NetLabel SIDs/labels really only carry MLS | 2259 | /* at present NetLabel SIDs/labels really only carry MLS |
| 2264 | * information so if the MLS portion of the NetLabel SID | 2260 | * information so if the MLS portion of the NetLabel SID |
| @@ -2288,7 +2284,7 @@ int security_get_classes(char ***classes, int *nclasses) | |||
| 2288 | { | 2284 | { |
| 2289 | int rc = -ENOMEM; | 2285 | int rc = -ENOMEM; |
| 2290 | 2286 | ||
| 2291 | POLICY_RDLOCK; | 2287 | read_lock(&policy_rwlock); |
| 2292 | 2288 | ||
| 2293 | *nclasses = policydb.p_classes.nprim; | 2289 | *nclasses = policydb.p_classes.nprim; |
| 2294 | *classes = kcalloc(*nclasses, sizeof(*classes), GFP_ATOMIC); | 2290 | *classes = kcalloc(*nclasses, sizeof(*classes), GFP_ATOMIC); |
| @@ -2305,7 +2301,7 @@ int security_get_classes(char ***classes, int *nclasses) | |||
| 2305 | } | 2301 | } |
| 2306 | 2302 | ||
| 2307 | out: | 2303 | out: |
| 2308 | POLICY_RDUNLOCK; | 2304 | read_unlock(&policy_rwlock); |
| 2309 | return rc; | 2305 | return rc; |
| 2310 | } | 2306 | } |
| 2311 | 2307 | ||
| @@ -2327,7 +2323,7 @@ int security_get_permissions(char *class, char ***perms, int *nperms) | |||
| 2327 | int rc = -ENOMEM, i; | 2323 | int rc = -ENOMEM, i; |
| 2328 | struct class_datum *match; | 2324 | struct class_datum *match; |
| 2329 | 2325 | ||
| 2330 | POLICY_RDLOCK; | 2326 | read_lock(&policy_rwlock); |
| 2331 | 2327 | ||
| 2332 | match = hashtab_search(policydb.p_classes.table, class); | 2328 | match = hashtab_search(policydb.p_classes.table, class); |
| 2333 | if (!match) { | 2329 | if (!match) { |
| @@ -2355,11 +2351,11 @@ int security_get_permissions(char *class, char ***perms, int *nperms) | |||
| 2355 | goto err; | 2351 | goto err; |
| 2356 | 2352 | ||
| 2357 | out: | 2353 | out: |
| 2358 | POLICY_RDUNLOCK; | 2354 | read_unlock(&policy_rwlock); |
| 2359 | return rc; | 2355 | return rc; |
| 2360 | 2356 | ||
| 2361 | err: | 2357 | err: |
| 2362 | POLICY_RDUNLOCK; | 2358 | read_unlock(&policy_rwlock); |
| 2363 | for (i = 0; i < *nperms; i++) | 2359 | for (i = 0; i < *nperms; i++) |
| 2364 | kfree((*perms)[i]); | 2360 | kfree((*perms)[i]); |
| 2365 | kfree(*perms); | 2361 | kfree(*perms); |
| @@ -2390,9 +2386,9 @@ int security_policycap_supported(unsigned int req_cap) | |||
| 2390 | { | 2386 | { |
| 2391 | int rc; | 2387 | int rc; |
| 2392 | 2388 | ||
| 2393 | POLICY_RDLOCK; | 2389 | read_lock(&policy_rwlock); |
| 2394 | rc = ebitmap_get_bit(&policydb.policycaps, req_cap); | 2390 | rc = ebitmap_get_bit(&policydb.policycaps, req_cap); |
| 2395 | POLICY_RDUNLOCK; | 2391 | read_unlock(&policy_rwlock); |
| 2396 | 2392 | ||
| 2397 | return rc; | 2393 | return rc; |
| 2398 | } | 2394 | } |
| @@ -2456,7 +2452,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) | |||
| 2456 | 2452 | ||
| 2457 | context_init(&tmprule->au_ctxt); | 2453 | context_init(&tmprule->au_ctxt); |
| 2458 | 2454 | ||
| 2459 | POLICY_RDLOCK; | 2455 | read_lock(&policy_rwlock); |
| 2460 | 2456 | ||
| 2461 | tmprule->au_seqno = latest_granting; | 2457 | tmprule->au_seqno = latest_granting; |
| 2462 | 2458 | ||
| @@ -2493,7 +2489,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) | |||
| 2493 | break; | 2489 | break; |
| 2494 | } | 2490 | } |
| 2495 | 2491 | ||
| 2496 | POLICY_RDUNLOCK; | 2492 | read_unlock(&policy_rwlock); |
| 2497 | 2493 | ||
| 2498 | if (rc) { | 2494 | if (rc) { |
| 2499 | selinux_audit_rule_free(tmprule); | 2495 | selinux_audit_rule_free(tmprule); |
| @@ -2544,7 +2540,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, | |||
| 2544 | return -ENOENT; | 2540 | return -ENOENT; |
| 2545 | } | 2541 | } |
| 2546 | 2542 | ||
| 2547 | POLICY_RDLOCK; | 2543 | read_lock(&policy_rwlock); |
| 2548 | 2544 | ||
| 2549 | if (rule->au_seqno < latest_granting) { | 2545 | if (rule->au_seqno < latest_granting) { |
| 2550 | audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR, | 2546 | audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR, |
| @@ -2638,7 +2634,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, | |||
| 2638 | } | 2634 | } |
| 2639 | 2635 | ||
| 2640 | out: | 2636 | out: |
| 2641 | POLICY_RDUNLOCK; | 2637 | read_unlock(&policy_rwlock); |
| 2642 | return match; | 2638 | return match; |
| 2643 | } | 2639 | } |
| 2644 | 2640 | ||
| @@ -2726,7 +2722,7 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, | |||
| 2726 | return 0; | 2722 | return 0; |
| 2727 | } | 2723 | } |
| 2728 | 2724 | ||
| 2729 | POLICY_RDLOCK; | 2725 | read_lock(&policy_rwlock); |
| 2730 | 2726 | ||
| 2731 | if (secattr->flags & NETLBL_SECATTR_CACHE) { | 2727 | if (secattr->flags & NETLBL_SECATTR_CACHE) { |
| 2732 | *sid = *(u32 *)secattr->cache->data; | 2728 | *sid = *(u32 *)secattr->cache->data; |
| @@ -2771,7 +2767,7 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, | |||
| 2771 | } | 2767 | } |
| 2772 | 2768 | ||
| 2773 | netlbl_secattr_to_sid_return: | 2769 | netlbl_secattr_to_sid_return: |
| 2774 | POLICY_RDUNLOCK; | 2770 | read_unlock(&policy_rwlock); |
| 2775 | return rc; | 2771 | return rc; |
| 2776 | netlbl_secattr_to_sid_return_cleanup: | 2772 | netlbl_secattr_to_sid_return_cleanup: |
| 2777 | ebitmap_destroy(&ctx_new.range.level[0].cat); | 2773 | ebitmap_destroy(&ctx_new.range.level[0].cat); |
| @@ -2796,7 +2792,7 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr) | |||
| 2796 | if (!ss_initialized) | 2792 | if (!ss_initialized) |
| 2797 | return 0; | 2793 | return 0; |
| 2798 | 2794 | ||
| 2799 | POLICY_RDLOCK; | 2795 | read_lock(&policy_rwlock); |
| 2800 | ctx = sidtab_search(&sidtab, sid); | 2796 | ctx = sidtab_search(&sidtab, sid); |
| 2801 | if (ctx == NULL) | 2797 | if (ctx == NULL) |
| 2802 | goto netlbl_sid_to_secattr_failure; | 2798 | goto netlbl_sid_to_secattr_failure; |
| @@ -2807,12 +2803,12 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr) | |||
| 2807 | rc = mls_export_netlbl_cat(ctx, secattr); | 2803 | rc = mls_export_netlbl_cat(ctx, secattr); |
| 2808 | if (rc != 0) | 2804 | if (rc != 0) |
| 2809 | goto netlbl_sid_to_secattr_failure; | 2805 | goto netlbl_sid_to_secattr_failure; |
| 2810 | POLICY_RDUNLOCK; | 2806 | read_unlock(&policy_rwlock); |
| 2811 | 2807 | ||
| 2812 | return 0; | 2808 | return 0; |
| 2813 | 2809 | ||
| 2814 | netlbl_sid_to_secattr_failure: | 2810 | netlbl_sid_to_secattr_failure: |
| 2815 | POLICY_RDUNLOCK; | 2811 | read_unlock(&policy_rwlock); |
| 2816 | return rc; | 2812 | return rc; |
| 2817 | } | 2813 | } |
| 2818 | #endif /* CONFIG_NETLABEL */ | 2814 | #endif /* CONFIG_NETLABEL */ |