diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/ss/services.c | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index e8ec54db95ba..d06df335ee7b 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -71,10 +71,7 @@ int selinux_policycap_openperm; | |||
71 | extern const struct selinux_class_perm selinux_class_perm; | 71 | extern const struct selinux_class_perm selinux_class_perm; |
72 | 72 | ||
73 | static DEFINE_RWLOCK(policy_rwlock); | 73 | static DEFINE_RWLOCK(policy_rwlock); |
74 | |||
75 | static DEFINE_MUTEX(load_mutex); | 74 | static DEFINE_MUTEX(load_mutex); |
76 | #define LOAD_LOCK mutex_lock(&load_mutex) | ||
77 | #define LOAD_UNLOCK mutex_unlock(&load_mutex) | ||
78 | 75 | ||
79 | static struct sidtab sidtab; | 76 | static struct sidtab sidtab; |
80 | struct policydb policydb; | 77 | struct policydb policydb; |
@@ -1456,17 +1453,17 @@ int security_load_policy(void *data, size_t len) | |||
1456 | int rc = 0; | 1453 | int rc = 0; |
1457 | struct policy_file file = { data, len }, *fp = &file; | 1454 | struct policy_file file = { data, len }, *fp = &file; |
1458 | 1455 | ||
1459 | LOAD_LOCK; | 1456 | mutex_lock(&load_mutex); |
1460 | 1457 | ||
1461 | if (!ss_initialized) { | 1458 | if (!ss_initialized) { |
1462 | avtab_cache_init(); | 1459 | avtab_cache_init(); |
1463 | if (policydb_read(&policydb, fp)) { | 1460 | if (policydb_read(&policydb, fp)) { |
1464 | LOAD_UNLOCK; | 1461 | mutex_unlock(&load_mutex); |
1465 | avtab_cache_destroy(); | 1462 | avtab_cache_destroy(); |
1466 | return -EINVAL; | 1463 | return -EINVAL; |
1467 | } | 1464 | } |
1468 | if (policydb_load_isids(&policydb, &sidtab)) { | 1465 | if (policydb_load_isids(&policydb, &sidtab)) { |
1469 | LOAD_UNLOCK; | 1466 | mutex_unlock(&load_mutex); |
1470 | policydb_destroy(&policydb); | 1467 | policydb_destroy(&policydb); |
1471 | avtab_cache_destroy(); | 1468 | avtab_cache_destroy(); |
1472 | return -EINVAL; | 1469 | return -EINVAL; |
@@ -1475,7 +1472,7 @@ int security_load_policy(void *data, size_t len) | |||
1475 | if (validate_classes(&policydb)) { | 1472 | if (validate_classes(&policydb)) { |
1476 | printk(KERN_ERR | 1473 | printk(KERN_ERR |
1477 | "SELinux: the definition of a class is incorrect\n"); | 1474 | "SELinux: the definition of a class is incorrect\n"); |
1478 | LOAD_UNLOCK; | 1475 | mutex_unlock(&load_mutex); |
1479 | sidtab_destroy(&sidtab); | 1476 | sidtab_destroy(&sidtab); |
1480 | policydb_destroy(&policydb); | 1477 | policydb_destroy(&policydb); |
1481 | avtab_cache_destroy(); | 1478 | avtab_cache_destroy(); |
@@ -1485,7 +1482,7 @@ int security_load_policy(void *data, size_t len) | |||
1485 | policydb_loaded_version = policydb.policyvers; | 1482 | policydb_loaded_version = policydb.policyvers; |
1486 | ss_initialized = 1; | 1483 | ss_initialized = 1; |
1487 | seqno = ++latest_granting; | 1484 | seqno = ++latest_granting; |
1488 | LOAD_UNLOCK; | 1485 | mutex_unlock(&load_mutex); |
1489 | selinux_complete_init(); | 1486 | selinux_complete_init(); |
1490 | avc_ss_reset(seqno); | 1487 | avc_ss_reset(seqno); |
1491 | selnl_notify_policyload(seqno); | 1488 | selnl_notify_policyload(seqno); |
@@ -1499,12 +1496,12 @@ int security_load_policy(void *data, size_t len) | |||
1499 | #endif | 1496 | #endif |
1500 | 1497 | ||
1501 | if (policydb_read(&newpolicydb, fp)) { | 1498 | if (policydb_read(&newpolicydb, fp)) { |
1502 | LOAD_UNLOCK; | 1499 | mutex_unlock(&load_mutex); |
1503 | return -EINVAL; | 1500 | return -EINVAL; |
1504 | } | 1501 | } |
1505 | 1502 | ||
1506 | if (sidtab_init(&newsidtab)) { | 1503 | if (sidtab_init(&newsidtab)) { |
1507 | LOAD_UNLOCK; | 1504 | mutex_unlock(&load_mutex); |
1508 | policydb_destroy(&newpolicydb); | 1505 | policydb_destroy(&newpolicydb); |
1509 | return -ENOMEM; | 1506 | return -ENOMEM; |
1510 | } | 1507 | } |
@@ -1552,7 +1549,7 @@ int security_load_policy(void *data, size_t len) | |||
1552 | seqno = ++latest_granting; | 1549 | seqno = ++latest_granting; |
1553 | policydb_loaded_version = policydb.policyvers; | 1550 | policydb_loaded_version = policydb.policyvers; |
1554 | write_unlock_irq(&policy_rwlock); | 1551 | write_unlock_irq(&policy_rwlock); |
1555 | LOAD_UNLOCK; | 1552 | mutex_unlock(&load_mutex); |
1556 | 1553 | ||
1557 | /* Free the old policydb and SID table. */ | 1554 | /* Free the old policydb and SID table. */ |
1558 | policydb_destroy(&oldpolicydb); | 1555 | policydb_destroy(&oldpolicydb); |
@@ -1566,7 +1563,7 @@ int security_load_policy(void *data, size_t len) | |||
1566 | return 0; | 1563 | return 0; |
1567 | 1564 | ||
1568 | err: | 1565 | err: |
1569 | LOAD_UNLOCK; | 1566 | mutex_unlock(&load_mutex); |
1570 | sidtab_destroy(&newsidtab); | 1567 | sidtab_destroy(&newsidtab); |
1571 | policydb_destroy(&newpolicydb); | 1568 | policydb_destroy(&newpolicydb); |
1572 | return rc; | 1569 | return rc; |