aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/selinux/ss/services.c21
1 files changed, 9 insertions, 12 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index e8ec54db95ba..d06df335ee7b 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -71,10 +71,7 @@ int selinux_policycap_openperm;
71extern const struct selinux_class_perm selinux_class_perm; 71extern const struct selinux_class_perm selinux_class_perm;
72 72
73static DEFINE_RWLOCK(policy_rwlock); 73static DEFINE_RWLOCK(policy_rwlock);
74
75static DEFINE_MUTEX(load_mutex); 74static DEFINE_MUTEX(load_mutex);
76#define LOAD_LOCK mutex_lock(&load_mutex)
77#define LOAD_UNLOCK mutex_unlock(&load_mutex)
78 75
79static struct sidtab sidtab; 76static struct sidtab sidtab;
80struct policydb policydb; 77struct policydb policydb;
@@ -1456,17 +1453,17 @@ int security_load_policy(void *data, size_t len)
1456 int rc = 0; 1453 int rc = 0;
1457 struct policy_file file = { data, len }, *fp = &file; 1454 struct policy_file file = { data, len }, *fp = &file;
1458 1455
1459 LOAD_LOCK; 1456 mutex_lock(&load_mutex);
1460 1457
1461 if (!ss_initialized) { 1458 if (!ss_initialized) {
1462 avtab_cache_init(); 1459 avtab_cache_init();
1463 if (policydb_read(&policydb, fp)) { 1460 if (policydb_read(&policydb, fp)) {
1464 LOAD_UNLOCK; 1461 mutex_unlock(&load_mutex);
1465 avtab_cache_destroy(); 1462 avtab_cache_destroy();
1466 return -EINVAL; 1463 return -EINVAL;
1467 } 1464 }
1468 if (policydb_load_isids(&policydb, &sidtab)) { 1465 if (policydb_load_isids(&policydb, &sidtab)) {
1469 LOAD_UNLOCK; 1466 mutex_unlock(&load_mutex);
1470 policydb_destroy(&policydb); 1467 policydb_destroy(&policydb);
1471 avtab_cache_destroy(); 1468 avtab_cache_destroy();
1472 return -EINVAL; 1469 return -EINVAL;
@@ -1475,7 +1472,7 @@ int security_load_policy(void *data, size_t len)
1475 if (validate_classes(&policydb)) { 1472 if (validate_classes(&policydb)) {
1476 printk(KERN_ERR 1473 printk(KERN_ERR
1477 "SELinux: the definition of a class is incorrect\n"); 1474 "SELinux: the definition of a class is incorrect\n");
1478 LOAD_UNLOCK; 1475 mutex_unlock(&load_mutex);
1479 sidtab_destroy(&sidtab); 1476 sidtab_destroy(&sidtab);
1480 policydb_destroy(&policydb); 1477 policydb_destroy(&policydb);
1481 avtab_cache_destroy(); 1478 avtab_cache_destroy();
@@ -1485,7 +1482,7 @@ int security_load_policy(void *data, size_t len)
1485 policydb_loaded_version = policydb.policyvers; 1482 policydb_loaded_version = policydb.policyvers;
1486 ss_initialized = 1; 1483 ss_initialized = 1;
1487 seqno = ++latest_granting; 1484 seqno = ++latest_granting;
1488 LOAD_UNLOCK; 1485 mutex_unlock(&load_mutex);
1489 selinux_complete_init(); 1486 selinux_complete_init();
1490 avc_ss_reset(seqno); 1487 avc_ss_reset(seqno);
1491 selnl_notify_policyload(seqno); 1488 selnl_notify_policyload(seqno);
@@ -1499,12 +1496,12 @@ int security_load_policy(void *data, size_t len)
1499#endif 1496#endif
1500 1497
1501 if (policydb_read(&newpolicydb, fp)) { 1498 if (policydb_read(&newpolicydb, fp)) {
1502 LOAD_UNLOCK; 1499 mutex_unlock(&load_mutex);
1503 return -EINVAL; 1500 return -EINVAL;
1504 } 1501 }
1505 1502
1506 if (sidtab_init(&newsidtab)) { 1503 if (sidtab_init(&newsidtab)) {
1507 LOAD_UNLOCK; 1504 mutex_unlock(&load_mutex);
1508 policydb_destroy(&newpolicydb); 1505 policydb_destroy(&newpolicydb);
1509 return -ENOMEM; 1506 return -ENOMEM;
1510 } 1507 }
@@ -1552,7 +1549,7 @@ int security_load_policy(void *data, size_t len)
1552 seqno = ++latest_granting; 1549 seqno = ++latest_granting;
1553 policydb_loaded_version = policydb.policyvers; 1550 policydb_loaded_version = policydb.policyvers;
1554 write_unlock_irq(&policy_rwlock); 1551 write_unlock_irq(&policy_rwlock);
1555 LOAD_UNLOCK; 1552 mutex_unlock(&load_mutex);
1556 1553
1557 /* Free the old policydb and SID table. */ 1554 /* Free the old policydb and SID table. */
1558 policydb_destroy(&oldpolicydb); 1555 policydb_destroy(&oldpolicydb);
@@ -1566,7 +1563,7 @@ int security_load_policy(void *data, size_t len)
1566 return 0; 1563 return 0;
1567 1564
1568err: 1565err:
1569 LOAD_UNLOCK; 1566 mutex_unlock(&load_mutex);
1570 sidtab_destroy(&newsidtab); 1567 sidtab_destroy(&newsidtab);
1571 policydb_destroy(&newpolicydb); 1568 policydb_destroy(&newpolicydb);
1572 return rc; 1569 return rc;