aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/keys/process_keys.c7
-rw-r--r--security/selinux/selinuxfs.c19
-rw-r--r--security/selinux/ss/services.c9
3 files changed, 19 insertions, 16 deletions
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 74cb79eb917e..f6940618e345 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -16,11 +16,12 @@
16#include <linux/keyctl.h> 16#include <linux/keyctl.h>
17#include <linux/fs.h> 17#include <linux/fs.h>
18#include <linux/err.h> 18#include <linux/err.h>
19#include <linux/mutex.h>
19#include <asm/uaccess.h> 20#include <asm/uaccess.h>
20#include "internal.h" 21#include "internal.h"
21 22
22/* session keyring create vs join semaphore */ 23/* session keyring create vs join semaphore */
23static DECLARE_MUTEX(key_session_sem); 24static DEFINE_MUTEX(key_session_mutex);
24 25
25/* the root user's tracking struct */ 26/* the root user's tracking struct */
26struct key_user root_key_user = { 27struct key_user root_key_user = {
@@ -711,7 +712,7 @@ long join_session_keyring(const char *name)
711 } 712 }
712 713
713 /* allow the user to join or create a named keyring */ 714 /* allow the user to join or create a named keyring */
714 down(&key_session_sem); 715 mutex_lock(&key_session_mutex);
715 716
716 /* look for an existing keyring of this name */ 717 /* look for an existing keyring of this name */
717 keyring = find_keyring_by_name(name, 0); 718 keyring = find_keyring_by_name(name, 0);
@@ -737,7 +738,7 @@ long join_session_keyring(const char *name)
737 key_put(keyring); 738 key_put(keyring);
738 739
739error2: 740error2:
740 up(&key_session_sem); 741 mutex_unlock(&key_session_mutex);
741error: 742error:
742 return ret; 743 return ret;
743 744
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index b5fa02d17b1e..65efa8f76331 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -15,6 +15,7 @@
15#include <linux/slab.h> 15#include <linux/slab.h>
16#include <linux/vmalloc.h> 16#include <linux/vmalloc.h>
17#include <linux/fs.h> 17#include <linux/fs.h>
18#include <linux/mutex.h>
18#include <linux/init.h> 19#include <linux/init.h>
19#include <linux/string.h> 20#include <linux/string.h>
20#include <linux/security.h> 21#include <linux/security.h>
@@ -44,7 +45,7 @@ static int __init checkreqprot_setup(char *str)
44__setup("checkreqprot=", checkreqprot_setup); 45__setup("checkreqprot=", checkreqprot_setup);
45 46
46 47
47static DECLARE_MUTEX(sel_sem); 48static DEFINE_MUTEX(sel_mutex);
48 49
49/* global data for booleans */ 50/* global data for booleans */
50static struct dentry *bool_dir = NULL; 51static struct dentry *bool_dir = NULL;
@@ -230,7 +231,7 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf,
230 ssize_t length; 231 ssize_t length;
231 void *data = NULL; 232 void *data = NULL;
232 233
233 down(&sel_sem); 234 mutex_lock(&sel_mutex);
234 235
235 length = task_has_security(current, SECURITY__LOAD_POLICY); 236 length = task_has_security(current, SECURITY__LOAD_POLICY);
236 if (length) 237 if (length)
@@ -262,7 +263,7 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf,
262 else 263 else
263 length = count; 264 length = count;
264out: 265out:
265 up(&sel_sem); 266 mutex_unlock(&sel_mutex);
266 vfree(data); 267 vfree(data);
267 return length; 268 return length;
268} 269}
@@ -714,7 +715,7 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf,
714 int cur_enforcing; 715 int cur_enforcing;
715 struct inode *inode; 716 struct inode *inode;
716 717
717 down(&sel_sem); 718 mutex_lock(&sel_mutex);
718 719
719 ret = -EFAULT; 720 ret = -EFAULT;
720 721
@@ -759,7 +760,7 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf,
759 *ppos = end; 760 *ppos = end;
760 ret = count; 761 ret = count;
761out: 762out:
762 up(&sel_sem); 763 mutex_unlock(&sel_mutex);
763 if (page) 764 if (page)
764 free_page((unsigned long)page); 765 free_page((unsigned long)page);
765 return ret; 766 return ret;
@@ -773,7 +774,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
773 int new_value; 774 int new_value;
774 struct inode *inode; 775 struct inode *inode;
775 776
776 down(&sel_sem); 777 mutex_lock(&sel_mutex);
777 778
778 length = task_has_security(current, SECURITY__SETBOOL); 779 length = task_has_security(current, SECURITY__SETBOOL);
779 if (length) 780 if (length)
@@ -812,7 +813,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
812 length = count; 813 length = count;
813 814
814out: 815out:
815 up(&sel_sem); 816 mutex_unlock(&sel_mutex);
816 if (page) 817 if (page)
817 free_page((unsigned long) page); 818 free_page((unsigned long) page);
818 return length; 819 return length;
@@ -831,7 +832,7 @@ static ssize_t sel_commit_bools_write(struct file *filep,
831 ssize_t length = -EFAULT; 832 ssize_t length = -EFAULT;
832 int new_value; 833 int new_value;
833 834
834 down(&sel_sem); 835 mutex_lock(&sel_mutex);
835 836
836 length = task_has_security(current, SECURITY__SETBOOL); 837 length = task_has_security(current, SECURITY__SETBOOL);
837 if (length) 838 if (length)
@@ -869,7 +870,7 @@ static ssize_t sel_commit_bools_write(struct file *filep,
869 length = count; 870 length = count;
870 871
871out: 872out:
872 up(&sel_sem); 873 mutex_unlock(&sel_mutex);
873 if (page) 874 if (page)
874 free_page((unsigned long) page); 875 free_page((unsigned long) page);
875 return length; 876 return length;
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 8a764928ff4b..63e0b7f29cb5 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -27,7 +27,8 @@
27#include <linux/in.h> 27#include <linux/in.h>
28#include <linux/sched.h> 28#include <linux/sched.h>
29#include <linux/audit.h> 29#include <linux/audit.h>
30#include <asm/semaphore.h> 30#include <linux/mutex.h>
31
31#include "flask.h" 32#include "flask.h"
32#include "avc.h" 33#include "avc.h"
33#include "avc_ss.h" 34#include "avc_ss.h"
@@ -48,9 +49,9 @@ static DEFINE_RWLOCK(policy_rwlock);
48#define POLICY_RDUNLOCK read_unlock(&policy_rwlock) 49#define POLICY_RDUNLOCK read_unlock(&policy_rwlock)
49#define POLICY_WRUNLOCK write_unlock_irq(&policy_rwlock) 50#define POLICY_WRUNLOCK write_unlock_irq(&policy_rwlock)
50 51
51static DECLARE_MUTEX(load_sem); 52static DEFINE_MUTEX(load_mutex);
52#define LOAD_LOCK down(&load_sem) 53#define LOAD_LOCK mutex_lock(&load_mutex)
53#define LOAD_UNLOCK up(&load_sem) 54#define LOAD_UNLOCK mutex_unlock(&load_mutex)
54 55
55static struct sidtab sidtab; 56static struct sidtab sidtab;
56struct policydb policydb; 57struct policydb policydb;