aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/ss/services.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/ss/services.c')
-rw-r--r--security/selinux/ss/services.c108
1 files changed, 52 insertions, 56 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 0696aadcab6f..e8ec54db95ba 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -71,10 +71,6 @@ int selinux_policycap_openperm;
71extern const struct selinux_class_perm selinux_class_perm; 71extern const struct selinux_class_perm selinux_class_perm;
72 72
73static DEFINE_RWLOCK(policy_rwlock); 73static DEFINE_RWLOCK(policy_rwlock);
74#define POLICY_RDLOCK read_lock(&policy_rwlock)
75#define POLICY_WRLOCK write_lock_irq(&policy_rwlock)
76#define POLICY_RDUNLOCK read_unlock(&policy_rwlock)
77#define POLICY_WRUNLOCK write_unlock_irq(&policy_rwlock)
78 74
79static DEFINE_MUTEX(load_mutex); 75static DEFINE_MUTEX(load_mutex);
80#define LOAD_LOCK mutex_lock(&load_mutex) 76#define LOAD_LOCK mutex_lock(&load_mutex)
@@ -429,7 +425,7 @@ int security_permissive_sid(u32 sid)
429 u32 type; 425 u32 type;
430 int rc; 426 int rc;
431 427
432 POLICY_RDLOCK; 428 read_lock(&policy_rwlock);
433 429
434 context = sidtab_search(&sidtab, sid); 430 context = sidtab_search(&sidtab, sid);
435 BUG_ON(!context); 431 BUG_ON(!context);
@@ -441,7 +437,7 @@ int security_permissive_sid(u32 sid)
441 */ 437 */
442 rc = ebitmap_get_bit(&policydb.permissive_map, type); 438 rc = ebitmap_get_bit(&policydb.permissive_map, type);
443 439
444 POLICY_RDUNLOCK; 440 read_unlock(&policy_rwlock);
445 return rc; 441 return rc;
446} 442}
447 443
@@ -486,7 +482,7 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
486 if (!ss_initialized) 482 if (!ss_initialized)
487 return 0; 483 return 0;
488 484
489 POLICY_RDLOCK; 485 read_lock(&policy_rwlock);
490 486
491 /* 487 /*
492 * Remap extended Netlink classes for old policy versions. 488 * Remap extended Netlink classes for old policy versions.
@@ -543,7 +539,7 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
543 } 539 }
544 540
545out: 541out:
546 POLICY_RDUNLOCK; 542 read_unlock(&policy_rwlock);
547 return rc; 543 return rc;
548} 544}
549 545
@@ -578,7 +574,7 @@ int security_compute_av(u32 ssid,
578 return 0; 574 return 0;
579 } 575 }
580 576
581 POLICY_RDLOCK; 577 read_lock(&policy_rwlock);
582 578
583 scontext = sidtab_search(&sidtab, ssid); 579 scontext = sidtab_search(&sidtab, ssid);
584 if (!scontext) { 580 if (!scontext) {
@@ -598,7 +594,7 @@ int security_compute_av(u32 ssid,
598 rc = context_struct_compute_av(scontext, tcontext, tclass, 594 rc = context_struct_compute_av(scontext, tcontext, tclass,
599 requested, avd); 595 requested, avd);
600out: 596out:
601 POLICY_RDUNLOCK; 597 read_unlock(&policy_rwlock);
602 return rc; 598 return rc;
603} 599}
604 600
@@ -691,7 +687,7 @@ static int security_sid_to_context_core(u32 sid, char **scontext,
691 rc = -EINVAL; 687 rc = -EINVAL;
692 goto out; 688 goto out;
693 } 689 }
694 POLICY_RDLOCK; 690 read_lock(&policy_rwlock);
695 if (force) 691 if (force)
696 context = sidtab_search_force(&sidtab, sid); 692 context = sidtab_search_force(&sidtab, sid);
697 else 693 else
@@ -704,7 +700,7 @@ static int security_sid_to_context_core(u32 sid, char **scontext,
704 } 700 }
705 rc = context_struct_to_string(context, scontext, scontext_len); 701 rc = context_struct_to_string(context, scontext, scontext_len);
706out_unlock: 702out_unlock:
707 POLICY_RDUNLOCK; 703 read_unlock(&policy_rwlock);
708out: 704out:
709 return rc; 705 return rc;
710 706
@@ -855,7 +851,7 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
855 } 851 }
856 } 852 }
857 853
858 POLICY_RDLOCK; 854 read_lock(&policy_rwlock);
859 rc = string_to_context_struct(&policydb, &sidtab, 855 rc = string_to_context_struct(&policydb, &sidtab,
860 scontext2, scontext_len, 856 scontext2, scontext_len,
861 &context, def_sid); 857 &context, def_sid);
@@ -869,7 +865,7 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
869 if (rc) 865 if (rc)
870 context_destroy(&context); 866 context_destroy(&context);
871out: 867out:
872 POLICY_RDUNLOCK; 868 read_unlock(&policy_rwlock);
873 kfree(scontext2); 869 kfree(scontext2);
874 kfree(str); 870 kfree(str);
875 return rc; 871 return rc;
@@ -981,7 +977,7 @@ static int security_compute_sid(u32 ssid,
981 977
982 context_init(&newcontext); 978 context_init(&newcontext);
983 979
984 POLICY_RDLOCK; 980 read_lock(&policy_rwlock);
985 981
986 scontext = sidtab_search(&sidtab, ssid); 982 scontext = sidtab_search(&sidtab, ssid);
987 if (!scontext) { 983 if (!scontext) {
@@ -1086,7 +1082,7 @@ static int security_compute_sid(u32 ssid,
1086 /* Obtain the sid for the context. */ 1082 /* Obtain the sid for the context. */
1087 rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid); 1083 rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid);
1088out_unlock: 1084out_unlock:
1089 POLICY_RDUNLOCK; 1085 read_unlock(&policy_rwlock);
1090 context_destroy(&newcontext); 1086 context_destroy(&newcontext);
1091out: 1087out:
1092 return rc; 1088 return rc;
@@ -1549,13 +1545,13 @@ int security_load_policy(void *data, size_t len)
1549 sidtab_set(&oldsidtab, &sidtab); 1545 sidtab_set(&oldsidtab, &sidtab);
1550 1546
1551 /* Install the new policydb and SID table. */ 1547 /* Install the new policydb and SID table. */
1552 POLICY_WRLOCK; 1548 write_lock_irq(&policy_rwlock);
1553 memcpy(&policydb, &newpolicydb, sizeof policydb); 1549 memcpy(&policydb, &newpolicydb, sizeof policydb);
1554 sidtab_set(&sidtab, &newsidtab); 1550 sidtab_set(&sidtab, &newsidtab);
1555 security_load_policycaps(); 1551 security_load_policycaps();
1556 seqno = ++latest_granting; 1552 seqno = ++latest_granting;
1557 policydb_loaded_version = policydb.policyvers; 1553 policydb_loaded_version = policydb.policyvers;
1558 POLICY_WRUNLOCK; 1554 write_unlock_irq(&policy_rwlock);
1559 LOAD_UNLOCK; 1555 LOAD_UNLOCK;
1560 1556
1561 /* Free the old policydb and SID table. */ 1557 /* Free the old policydb and SID table. */
@@ -1588,7 +1584,7 @@ int security_port_sid(u8 protocol, u16 port, u32 *out_sid)
1588 struct ocontext *c; 1584 struct ocontext *c;
1589 int rc = 0; 1585 int rc = 0;
1590 1586
1591 POLICY_RDLOCK; 1587 read_lock(&policy_rwlock);
1592 1588
1593 c = policydb.ocontexts[OCON_PORT]; 1589 c = policydb.ocontexts[OCON_PORT];
1594 while (c) { 1590 while (c) {
@@ -1613,7 +1609,7 @@ int security_port_sid(u8 protocol, u16 port, u32 *out_sid)
1613 } 1609 }
1614 1610
1615out: 1611out:
1616 POLICY_RDUNLOCK; 1612 read_unlock(&policy_rwlock);
1617 return rc; 1613 return rc;
1618} 1614}
1619 1615
@@ -1627,7 +1623,7 @@ int security_netif_sid(char *name, u32 *if_sid)
1627 int rc = 0; 1623 int rc = 0;
1628 struct ocontext *c; 1624 struct ocontext *c;
1629 1625
1630 POLICY_RDLOCK; 1626 read_lock(&policy_rwlock);
1631 1627
1632 c = policydb.ocontexts[OCON_NETIF]; 1628 c = policydb.ocontexts[OCON_NETIF];
1633 while (c) { 1629 while (c) {
@@ -1654,7 +1650,7 @@ int security_netif_sid(char *name, u32 *if_sid)
1654 *if_sid = SECINITSID_NETIF; 1650 *if_sid = SECINITSID_NETIF;
1655 1651
1656out: 1652out:
1657 POLICY_RDUNLOCK; 1653 read_unlock(&policy_rwlock);
1658 return rc; 1654 return rc;
1659} 1655}
1660 1656
@@ -1686,7 +1682,7 @@ int security_node_sid(u16 domain,
1686 int rc = 0; 1682 int rc = 0;
1687 struct ocontext *c; 1683 struct ocontext *c;
1688 1684
1689 POLICY_RDLOCK; 1685 read_lock(&policy_rwlock);
1690 1686
1691 switch (domain) { 1687 switch (domain) {
1692 case AF_INET: { 1688 case AF_INET: {
@@ -1741,7 +1737,7 @@ int security_node_sid(u16 domain,
1741 } 1737 }
1742 1738
1743out: 1739out:
1744 POLICY_RDUNLOCK; 1740 read_unlock(&policy_rwlock);
1745 return rc; 1741 return rc;
1746} 1742}
1747 1743
@@ -1780,7 +1776,7 @@ int security_get_user_sids(u32 fromsid,
1780 if (!ss_initialized) 1776 if (!ss_initialized)
1781 goto out; 1777 goto out;
1782 1778
1783 POLICY_RDLOCK; 1779 read_lock(&policy_rwlock);
1784 1780
1785 context_init(&usercon); 1781 context_init(&usercon);
1786 1782
@@ -1833,7 +1829,7 @@ int security_get_user_sids(u32 fromsid,
1833 } 1829 }
1834 1830
1835out_unlock: 1831out_unlock:
1836 POLICY_RDUNLOCK; 1832 read_unlock(&policy_rwlock);
1837 if (rc || !mynel) { 1833 if (rc || !mynel) {
1838 kfree(mysids); 1834 kfree(mysids);
1839 goto out; 1835 goto out;
@@ -1886,7 +1882,7 @@ int security_genfs_sid(const char *fstype,
1886 while (path[0] == '/' && path[1] == '/') 1882 while (path[0] == '/' && path[1] == '/')
1887 path++; 1883 path++;
1888 1884
1889 POLICY_RDLOCK; 1885 read_lock(&policy_rwlock);
1890 1886
1891 for (genfs = policydb.genfs; genfs; genfs = genfs->next) { 1887 for (genfs = policydb.genfs; genfs; genfs = genfs->next) {
1892 cmp = strcmp(fstype, genfs->fstype); 1888 cmp = strcmp(fstype, genfs->fstype);
@@ -1923,7 +1919,7 @@ int security_genfs_sid(const char *fstype,
1923 1919
1924 *sid = c->sid[0]; 1920 *sid = c->sid[0];
1925out: 1921out:
1926 POLICY_RDUNLOCK; 1922 read_unlock(&policy_rwlock);
1927 return rc; 1923 return rc;
1928} 1924}
1929 1925
@@ -1941,7 +1937,7 @@ int security_fs_use(
1941 int rc = 0; 1937 int rc = 0;
1942 struct ocontext *c; 1938 struct ocontext *c;
1943 1939
1944 POLICY_RDLOCK; 1940 read_lock(&policy_rwlock);
1945 1941
1946 c = policydb.ocontexts[OCON_FSUSE]; 1942 c = policydb.ocontexts[OCON_FSUSE];
1947 while (c) { 1943 while (c) {
@@ -1971,7 +1967,7 @@ int security_fs_use(
1971 } 1967 }
1972 1968
1973out: 1969out:
1974 POLICY_RDUNLOCK; 1970 read_unlock(&policy_rwlock);
1975 return rc; 1971 return rc;
1976} 1972}
1977 1973
@@ -1979,7 +1975,7 @@ int security_get_bools(int *len, char ***names, int **values)
1979{ 1975{
1980 int i, rc = -ENOMEM; 1976 int i, rc = -ENOMEM;
1981 1977
1982 POLICY_RDLOCK; 1978 read_lock(&policy_rwlock);
1983 *names = NULL; 1979 *names = NULL;
1984 *values = NULL; 1980 *values = NULL;
1985 1981
@@ -2009,7 +2005,7 @@ int security_get_bools(int *len, char ***names, int **values)
2009 } 2005 }
2010 rc = 0; 2006 rc = 0;
2011out: 2007out:
2012 POLICY_RDUNLOCK; 2008 read_unlock(&policy_rwlock);
2013 return rc; 2009 return rc;
2014err: 2010err:
2015 if (*names) { 2011 if (*names) {
@@ -2027,7 +2023,7 @@ int security_set_bools(int len, int *values)
2027 int lenp, seqno = 0; 2023 int lenp, seqno = 0;
2028 struct cond_node *cur; 2024 struct cond_node *cur;
2029 2025
2030 POLICY_WRLOCK; 2026 write_lock_irq(&policy_rwlock);
2031 2027
2032 lenp = policydb.p_bools.nprim; 2028 lenp = policydb.p_bools.nprim;
2033 if (len != lenp) { 2029 if (len != lenp) {
@@ -2061,7 +2057,7 @@ int security_set_bools(int len, int *values)
2061 seqno = ++latest_granting; 2057 seqno = ++latest_granting;
2062 2058
2063out: 2059out:
2064 POLICY_WRUNLOCK; 2060 write_unlock_irq(&policy_rwlock);
2065 if (!rc) { 2061 if (!rc) {
2066 avc_ss_reset(seqno); 2062 avc_ss_reset(seqno);
2067 selnl_notify_policyload(seqno); 2063 selnl_notify_policyload(seqno);
@@ -2075,7 +2071,7 @@ int security_get_bool_value(int bool)
2075 int rc = 0; 2071 int rc = 0;
2076 int len; 2072 int len;
2077 2073
2078 POLICY_RDLOCK; 2074 read_lock(&policy_rwlock);
2079 2075
2080 len = policydb.p_bools.nprim; 2076 len = policydb.p_bools.nprim;
2081 if (bool >= len) { 2077 if (bool >= len) {
@@ -2085,7 +2081,7 @@ int security_get_bool_value(int bool)
2085 2081
2086 rc = policydb.bool_val_to_struct[bool]->state; 2082 rc = policydb.bool_val_to_struct[bool]->state;
2087out: 2083out:
2088 POLICY_RDUNLOCK; 2084 read_unlock(&policy_rwlock);
2089 return rc; 2085 return rc;
2090} 2086}
2091 2087
@@ -2140,7 +2136,7 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
2140 2136
2141 context_init(&newcon); 2137 context_init(&newcon);
2142 2138
2143 POLICY_RDLOCK; 2139 read_lock(&policy_rwlock);
2144 context1 = sidtab_search(&sidtab, sid); 2140 context1 = sidtab_search(&sidtab, sid);
2145 if (!context1) { 2141 if (!context1) {
2146 printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", 2142 printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
@@ -2182,7 +2178,7 @@ bad:
2182 } 2178 }
2183 2179
2184out_unlock: 2180out_unlock:
2185 POLICY_RDUNLOCK; 2181 read_unlock(&policy_rwlock);
2186 context_destroy(&newcon); 2182 context_destroy(&newcon);
2187out: 2183out:
2188 return rc; 2184 return rc;
@@ -2239,7 +2235,7 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
2239 return 0; 2235 return 0;
2240 } 2236 }
2241 2237
2242 POLICY_RDLOCK; 2238 read_lock(&policy_rwlock);
2243 2239
2244 nlbl_ctx = sidtab_search(&sidtab, nlbl_sid); 2240 nlbl_ctx = sidtab_search(&sidtab, nlbl_sid);
2245 if (!nlbl_ctx) { 2241 if (!nlbl_ctx) {
@@ -2258,7 +2254,7 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
2258 rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES); 2254 rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES);
2259 2255
2260out_slowpath: 2256out_slowpath:
2261 POLICY_RDUNLOCK; 2257 read_unlock(&policy_rwlock);
2262 if (rc == 0) 2258 if (rc == 0)
2263 /* at present NetLabel SIDs/labels really only carry MLS 2259 /* at present NetLabel SIDs/labels really only carry MLS
2264 * information so if the MLS portion of the NetLabel SID 2260 * information so if the MLS portion of the NetLabel SID
@@ -2288,7 +2284,7 @@ int security_get_classes(char ***classes, int *nclasses)
2288{ 2284{
2289 int rc = -ENOMEM; 2285 int rc = -ENOMEM;
2290 2286
2291 POLICY_RDLOCK; 2287 read_lock(&policy_rwlock);
2292 2288
2293 *nclasses = policydb.p_classes.nprim; 2289 *nclasses = policydb.p_classes.nprim;
2294 *classes = kcalloc(*nclasses, sizeof(*classes), GFP_ATOMIC); 2290 *classes = kcalloc(*nclasses, sizeof(*classes), GFP_ATOMIC);
@@ -2305,7 +2301,7 @@ int security_get_classes(char ***classes, int *nclasses)
2305 } 2301 }
2306 2302
2307out: 2303out:
2308 POLICY_RDUNLOCK; 2304 read_unlock(&policy_rwlock);
2309 return rc; 2305 return rc;
2310} 2306}
2311 2307
@@ -2327,7 +2323,7 @@ int security_get_permissions(char *class, char ***perms, int *nperms)
2327 int rc = -ENOMEM, i; 2323 int rc = -ENOMEM, i;
2328 struct class_datum *match; 2324 struct class_datum *match;
2329 2325
2330 POLICY_RDLOCK; 2326 read_lock(&policy_rwlock);
2331 2327
2332 match = hashtab_search(policydb.p_classes.table, class); 2328 match = hashtab_search(policydb.p_classes.table, class);
2333 if (!match) { 2329 if (!match) {
@@ -2355,11 +2351,11 @@ int security_get_permissions(char *class, char ***perms, int *nperms)
2355 goto err; 2351 goto err;
2356 2352
2357out: 2353out:
2358 POLICY_RDUNLOCK; 2354 read_unlock(&policy_rwlock);
2359 return rc; 2355 return rc;
2360 2356
2361err: 2357err:
2362 POLICY_RDUNLOCK; 2358 read_unlock(&policy_rwlock);
2363 for (i = 0; i < *nperms; i++) 2359 for (i = 0; i < *nperms; i++)
2364 kfree((*perms)[i]); 2360 kfree((*perms)[i]);
2365 kfree(*perms); 2361 kfree(*perms);
@@ -2390,9 +2386,9 @@ int security_policycap_supported(unsigned int req_cap)
2390{ 2386{
2391 int rc; 2387 int rc;
2392 2388
2393 POLICY_RDLOCK; 2389 read_lock(&policy_rwlock);
2394 rc = ebitmap_get_bit(&policydb.policycaps, req_cap); 2390 rc = ebitmap_get_bit(&policydb.policycaps, req_cap);
2395 POLICY_RDUNLOCK; 2391 read_unlock(&policy_rwlock);
2396 2392
2397 return rc; 2393 return rc;
2398} 2394}
@@ -2456,7 +2452,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
2456 2452
2457 context_init(&tmprule->au_ctxt); 2453 context_init(&tmprule->au_ctxt);
2458 2454
2459 POLICY_RDLOCK; 2455 read_lock(&policy_rwlock);
2460 2456
2461 tmprule->au_seqno = latest_granting; 2457 tmprule->au_seqno = latest_granting;
2462 2458
@@ -2493,7 +2489,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
2493 break; 2489 break;
2494 } 2490 }
2495 2491
2496 POLICY_RDUNLOCK; 2492 read_unlock(&policy_rwlock);
2497 2493
2498 if (rc) { 2494 if (rc) {
2499 selinux_audit_rule_free(tmprule); 2495 selinux_audit_rule_free(tmprule);
@@ -2544,7 +2540,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
2544 return -ENOENT; 2540 return -ENOENT;
2545 } 2541 }
2546 2542
2547 POLICY_RDLOCK; 2543 read_lock(&policy_rwlock);
2548 2544
2549 if (rule->au_seqno < latest_granting) { 2545 if (rule->au_seqno < latest_granting) {
2550 audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR, 2546 audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
@@ -2638,7 +2634,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
2638 } 2634 }
2639 2635
2640out: 2636out:
2641 POLICY_RDUNLOCK; 2637 read_unlock(&policy_rwlock);
2642 return match; 2638 return match;
2643} 2639}
2644 2640
@@ -2726,7 +2722,7 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
2726 return 0; 2722 return 0;
2727 } 2723 }
2728 2724
2729 POLICY_RDLOCK; 2725 read_lock(&policy_rwlock);
2730 2726
2731 if (secattr->flags & NETLBL_SECATTR_CACHE) { 2727 if (secattr->flags & NETLBL_SECATTR_CACHE) {
2732 *sid = *(u32 *)secattr->cache->data; 2728 *sid = *(u32 *)secattr->cache->data;
@@ -2771,7 +2767,7 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
2771 } 2767 }
2772 2768
2773netlbl_secattr_to_sid_return: 2769netlbl_secattr_to_sid_return:
2774 POLICY_RDUNLOCK; 2770 read_unlock(&policy_rwlock);
2775 return rc; 2771 return rc;
2776netlbl_secattr_to_sid_return_cleanup: 2772netlbl_secattr_to_sid_return_cleanup:
2777 ebitmap_destroy(&ctx_new.range.level[0].cat); 2773 ebitmap_destroy(&ctx_new.range.level[0].cat);
@@ -2796,7 +2792,7 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
2796 if (!ss_initialized) 2792 if (!ss_initialized)
2797 return 0; 2793 return 0;
2798 2794
2799 POLICY_RDLOCK; 2795 read_lock(&policy_rwlock);
2800 ctx = sidtab_search(&sidtab, sid); 2796 ctx = sidtab_search(&sidtab, sid);
2801 if (ctx == NULL) 2797 if (ctx == NULL)
2802 goto netlbl_sid_to_secattr_failure; 2798 goto netlbl_sid_to_secattr_failure;
@@ -2807,12 +2803,12 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
2807 rc = mls_export_netlbl_cat(ctx, secattr); 2803 rc = mls_export_netlbl_cat(ctx, secattr);
2808 if (rc != 0) 2804 if (rc != 0)
2809 goto netlbl_sid_to_secattr_failure; 2805 goto netlbl_sid_to_secattr_failure;
2810 POLICY_RDUNLOCK; 2806 read_unlock(&policy_rwlock);
2811 2807
2812 return 0; 2808 return 0;
2813 2809
2814netlbl_sid_to_secattr_failure: 2810netlbl_sid_to_secattr_failure:
2815 POLICY_RDUNLOCK; 2811 read_unlock(&policy_rwlock);
2816 return rc; 2812 return rc;
2817} 2813}
2818#endif /* CONFIG_NETLABEL */ 2814#endif /* CONFIG_NETLABEL */