diff options
-rw-r--r-- | security/selinux/ss/services.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index f270e378c0e4..77f6e54bb43f 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -935,19 +935,22 @@ int security_compute_av(u32 ssid, | |||
935 | u32 requested; | 935 | u32 requested; |
936 | int rc; | 936 | int rc; |
937 | 937 | ||
938 | read_lock(&policy_rwlock); | ||
939 | |||
938 | if (!ss_initialized) | 940 | if (!ss_initialized) |
939 | goto allow; | 941 | goto allow; |
940 | 942 | ||
941 | read_lock(&policy_rwlock); | ||
942 | requested = unmap_perm(orig_tclass, orig_requested); | 943 | requested = unmap_perm(orig_tclass, orig_requested); |
943 | tclass = unmap_class(orig_tclass); | 944 | tclass = unmap_class(orig_tclass); |
944 | if (unlikely(orig_tclass && !tclass)) { | 945 | if (unlikely(orig_tclass && !tclass)) { |
945 | if (policydb.allow_unknown) | 946 | if (policydb.allow_unknown) |
946 | goto allow; | 947 | goto allow; |
947 | return -EINVAL; | 948 | rc = -EINVAL; |
949 | goto out; | ||
948 | } | 950 | } |
949 | rc = security_compute_av_core(ssid, tsid, tclass, requested, avd); | 951 | rc = security_compute_av_core(ssid, tsid, tclass, requested, avd); |
950 | map_decision(orig_tclass, avd, policydb.allow_unknown); | 952 | map_decision(orig_tclass, avd, policydb.allow_unknown); |
953 | out: | ||
951 | read_unlock(&policy_rwlock); | 954 | read_unlock(&policy_rwlock); |
952 | return rc; | 955 | return rc; |
953 | allow: | 956 | allow: |
@@ -956,7 +959,8 @@ allow: | |||
956 | avd->auditdeny = 0xffffffff; | 959 | avd->auditdeny = 0xffffffff; |
957 | avd->seqno = latest_granting; | 960 | avd->seqno = latest_granting; |
958 | avd->flags = 0; | 961 | avd->flags = 0; |
959 | return 0; | 962 | rc = 0; |
963 | goto out; | ||
960 | } | 964 | } |
961 | 965 | ||
962 | int security_compute_av_user(u32 ssid, | 966 | int security_compute_av_user(u32 ssid, |