diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/ss/services.c | 108 |
1 files changed, 52 insertions, 56 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 0696aadcab6f..e8ec54db95ba 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -71,10 +71,6 @@ int selinux_policycap_openperm; | |||
71 | extern const struct selinux_class_perm selinux_class_perm; | 71 | extern const struct selinux_class_perm selinux_class_perm; |
72 | 72 | ||
73 | static DEFINE_RWLOCK(policy_rwlock); | 73 | static DEFINE_RWLOCK(policy_rwlock); |
74 | #define POLICY_RDLOCK read_lock(&policy_rwlock) | ||
75 | #define POLICY_WRLOCK write_lock_irq(&policy_rwlock) | ||
76 | #define POLICY_RDUNLOCK read_unlock(&policy_rwlock) | ||
77 | #define POLICY_WRUNLOCK write_unlock_irq(&policy_rwlock) | ||
78 | 74 | ||
79 | static DEFINE_MUTEX(load_mutex); | 75 | static DEFINE_MUTEX(load_mutex); |
80 | #define LOAD_LOCK mutex_lock(&load_mutex) | 76 | #define LOAD_LOCK mutex_lock(&load_mutex) |
@@ -429,7 +425,7 @@ int security_permissive_sid(u32 sid) | |||
429 | u32 type; | 425 | u32 type; |
430 | int rc; | 426 | int rc; |
431 | 427 | ||
432 | POLICY_RDLOCK; | 428 | read_lock(&policy_rwlock); |
433 | 429 | ||
434 | context = sidtab_search(&sidtab, sid); | 430 | context = sidtab_search(&sidtab, sid); |
435 | BUG_ON(!context); | 431 | BUG_ON(!context); |
@@ -441,7 +437,7 @@ int security_permissive_sid(u32 sid) | |||
441 | */ | 437 | */ |
442 | rc = ebitmap_get_bit(&policydb.permissive_map, type); | 438 | rc = ebitmap_get_bit(&policydb.permissive_map, type); |
443 | 439 | ||
444 | POLICY_RDUNLOCK; | 440 | read_unlock(&policy_rwlock); |
445 | return rc; | 441 | return rc; |
446 | } | 442 | } |
447 | 443 | ||
@@ -486,7 +482,7 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, | |||
486 | if (!ss_initialized) | 482 | if (!ss_initialized) |
487 | return 0; | 483 | return 0; |
488 | 484 | ||
489 | POLICY_RDLOCK; | 485 | read_lock(&policy_rwlock); |
490 | 486 | ||
491 | /* | 487 | /* |
492 | * Remap extended Netlink classes for old policy versions. | 488 | * Remap extended Netlink classes for old policy versions. |
@@ -543,7 +539,7 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, | |||
543 | } | 539 | } |
544 | 540 | ||
545 | out: | 541 | out: |
546 | POLICY_RDUNLOCK; | 542 | read_unlock(&policy_rwlock); |
547 | return rc; | 543 | return rc; |
548 | } | 544 | } |
549 | 545 | ||
@@ -578,7 +574,7 @@ int security_compute_av(u32 ssid, | |||
578 | return 0; | 574 | return 0; |
579 | } | 575 | } |
580 | 576 | ||
581 | POLICY_RDLOCK; | 577 | read_lock(&policy_rwlock); |
582 | 578 | ||
583 | scontext = sidtab_search(&sidtab, ssid); | 579 | scontext = sidtab_search(&sidtab, ssid); |
584 | if (!scontext) { | 580 | if (!scontext) { |
@@ -598,7 +594,7 @@ int security_compute_av(u32 ssid, | |||
598 | rc = context_struct_compute_av(scontext, tcontext, tclass, | 594 | rc = context_struct_compute_av(scontext, tcontext, tclass, |
599 | requested, avd); | 595 | requested, avd); |
600 | out: | 596 | out: |
601 | POLICY_RDUNLOCK; | 597 | read_unlock(&policy_rwlock); |
602 | return rc; | 598 | return rc; |
603 | } | 599 | } |
604 | 600 | ||
@@ -691,7 +687,7 @@ static int security_sid_to_context_core(u32 sid, char **scontext, | |||
691 | rc = -EINVAL; | 687 | rc = -EINVAL; |
692 | goto out; | 688 | goto out; |
693 | } | 689 | } |
694 | POLICY_RDLOCK; | 690 | read_lock(&policy_rwlock); |
695 | if (force) | 691 | if (force) |
696 | context = sidtab_search_force(&sidtab, sid); | 692 | context = sidtab_search_force(&sidtab, sid); |
697 | else | 693 | else |
@@ -704,7 +700,7 @@ static int security_sid_to_context_core(u32 sid, char **scontext, | |||
704 | } | 700 | } |
705 | rc = context_struct_to_string(context, scontext, scontext_len); | 701 | rc = context_struct_to_string(context, scontext, scontext_len); |
706 | out_unlock: | 702 | out_unlock: |
707 | POLICY_RDUNLOCK; | 703 | read_unlock(&policy_rwlock); |
708 | out: | 704 | out: |
709 | return rc; | 705 | return rc; |
710 | 706 | ||
@@ -855,7 +851,7 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len, | |||
855 | } | 851 | } |
856 | } | 852 | } |
857 | 853 | ||
858 | POLICY_RDLOCK; | 854 | read_lock(&policy_rwlock); |
859 | rc = string_to_context_struct(&policydb, &sidtab, | 855 | rc = string_to_context_struct(&policydb, &sidtab, |
860 | scontext2, scontext_len, | 856 | scontext2, scontext_len, |
861 | &context, def_sid); | 857 | &context, def_sid); |
@@ -869,7 +865,7 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len, | |||
869 | if (rc) | 865 | if (rc) |
870 | context_destroy(&context); | 866 | context_destroy(&context); |
871 | out: | 867 | out: |
872 | POLICY_RDUNLOCK; | 868 | read_unlock(&policy_rwlock); |
873 | kfree(scontext2); | 869 | kfree(scontext2); |
874 | kfree(str); | 870 | kfree(str); |
875 | return rc; | 871 | return rc; |
@@ -981,7 +977,7 @@ static int security_compute_sid(u32 ssid, | |||
981 | 977 | ||
982 | context_init(&newcontext); | 978 | context_init(&newcontext); |
983 | 979 | ||
984 | POLICY_RDLOCK; | 980 | read_lock(&policy_rwlock); |
985 | 981 | ||
986 | scontext = sidtab_search(&sidtab, ssid); | 982 | scontext = sidtab_search(&sidtab, ssid); |
987 | if (!scontext) { | 983 | if (!scontext) { |
@@ -1086,7 +1082,7 @@ static int security_compute_sid(u32 ssid, | |||
1086 | /* Obtain the sid for the context. */ | 1082 | /* Obtain the sid for the context. */ |
1087 | rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid); | 1083 | rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid); |
1088 | out_unlock: | 1084 | out_unlock: |
1089 | POLICY_RDUNLOCK; | 1085 | read_unlock(&policy_rwlock); |
1090 | context_destroy(&newcontext); | 1086 | context_destroy(&newcontext); |
1091 | out: | 1087 | out: |
1092 | return rc; | 1088 | return rc; |
@@ -1549,13 +1545,13 @@ int security_load_policy(void *data, size_t len) | |||
1549 | sidtab_set(&oldsidtab, &sidtab); | 1545 | sidtab_set(&oldsidtab, &sidtab); |
1550 | 1546 | ||
1551 | /* Install the new policydb and SID table. */ | 1547 | /* Install the new policydb and SID table. */ |
1552 | POLICY_WRLOCK; | 1548 | write_lock_irq(&policy_rwlock); |
1553 | memcpy(&policydb, &newpolicydb, sizeof policydb); | 1549 | memcpy(&policydb, &newpolicydb, sizeof policydb); |
1554 | sidtab_set(&sidtab, &newsidtab); | 1550 | sidtab_set(&sidtab, &newsidtab); |
1555 | security_load_policycaps(); | 1551 | security_load_policycaps(); |
1556 | seqno = ++latest_granting; | 1552 | seqno = ++latest_granting; |
1557 | policydb_loaded_version = policydb.policyvers; | 1553 | policydb_loaded_version = policydb.policyvers; |
1558 | POLICY_WRUNLOCK; | 1554 | write_unlock_irq(&policy_rwlock); |
1559 | LOAD_UNLOCK; | 1555 | LOAD_UNLOCK; |
1560 | 1556 | ||
1561 | /* Free the old policydb and SID table. */ | 1557 | /* Free the old policydb and SID table. */ |
@@ -1588,7 +1584,7 @@ int security_port_sid(u8 protocol, u16 port, u32 *out_sid) | |||
1588 | struct ocontext *c; | 1584 | struct ocontext *c; |
1589 | int rc = 0; | 1585 | int rc = 0; |
1590 | 1586 | ||
1591 | POLICY_RDLOCK; | 1587 | read_lock(&policy_rwlock); |
1592 | 1588 | ||
1593 | c = policydb.ocontexts[OCON_PORT]; | 1589 | c = policydb.ocontexts[OCON_PORT]; |
1594 | while (c) { | 1590 | while (c) { |
@@ -1613,7 +1609,7 @@ int security_port_sid(u8 protocol, u16 port, u32 *out_sid) | |||
1613 | } | 1609 | } |
1614 | 1610 | ||
1615 | out: | 1611 | out: |
1616 | POLICY_RDUNLOCK; | 1612 | read_unlock(&policy_rwlock); |
1617 | return rc; | 1613 | return rc; |
1618 | } | 1614 | } |
1619 | 1615 | ||
@@ -1627,7 +1623,7 @@ int security_netif_sid(char *name, u32 *if_sid) | |||
1627 | int rc = 0; | 1623 | int rc = 0; |
1628 | struct ocontext *c; | 1624 | struct ocontext *c; |
1629 | 1625 | ||
1630 | POLICY_RDLOCK; | 1626 | read_lock(&policy_rwlock); |
1631 | 1627 | ||
1632 | c = policydb.ocontexts[OCON_NETIF]; | 1628 | c = policydb.ocontexts[OCON_NETIF]; |
1633 | while (c) { | 1629 | while (c) { |
@@ -1654,7 +1650,7 @@ int security_netif_sid(char *name, u32 *if_sid) | |||
1654 | *if_sid = SECINITSID_NETIF; | 1650 | *if_sid = SECINITSID_NETIF; |
1655 | 1651 | ||
1656 | out: | 1652 | out: |
1657 | POLICY_RDUNLOCK; | 1653 | read_unlock(&policy_rwlock); |
1658 | return rc; | 1654 | return rc; |
1659 | } | 1655 | } |
1660 | 1656 | ||
@@ -1686,7 +1682,7 @@ int security_node_sid(u16 domain, | |||
1686 | int rc = 0; | 1682 | int rc = 0; |
1687 | struct ocontext *c; | 1683 | struct ocontext *c; |
1688 | 1684 | ||
1689 | POLICY_RDLOCK; | 1685 | read_lock(&policy_rwlock); |
1690 | 1686 | ||
1691 | switch (domain) { | 1687 | switch (domain) { |
1692 | case AF_INET: { | 1688 | case AF_INET: { |
@@ -1741,7 +1737,7 @@ int security_node_sid(u16 domain, | |||
1741 | } | 1737 | } |
1742 | 1738 | ||
1743 | out: | 1739 | out: |
1744 | POLICY_RDUNLOCK; | 1740 | read_unlock(&policy_rwlock); |
1745 | return rc; | 1741 | return rc; |
1746 | } | 1742 | } |
1747 | 1743 | ||
@@ -1780,7 +1776,7 @@ int security_get_user_sids(u32 fromsid, | |||
1780 | if (!ss_initialized) | 1776 | if (!ss_initialized) |
1781 | goto out; | 1777 | goto out; |
1782 | 1778 | ||
1783 | POLICY_RDLOCK; | 1779 | read_lock(&policy_rwlock); |
1784 | 1780 | ||
1785 | context_init(&usercon); | 1781 | context_init(&usercon); |
1786 | 1782 | ||
@@ -1833,7 +1829,7 @@ int security_get_user_sids(u32 fromsid, | |||
1833 | } | 1829 | } |
1834 | 1830 | ||
1835 | out_unlock: | 1831 | out_unlock: |
1836 | POLICY_RDUNLOCK; | 1832 | read_unlock(&policy_rwlock); |
1837 | if (rc || !mynel) { | 1833 | if (rc || !mynel) { |
1838 | kfree(mysids); | 1834 | kfree(mysids); |
1839 | goto out; | 1835 | goto out; |
@@ -1886,7 +1882,7 @@ int security_genfs_sid(const char *fstype, | |||
1886 | while (path[0] == '/' && path[1] == '/') | 1882 | while (path[0] == '/' && path[1] == '/') |
1887 | path++; | 1883 | path++; |
1888 | 1884 | ||
1889 | POLICY_RDLOCK; | 1885 | read_lock(&policy_rwlock); |
1890 | 1886 | ||
1891 | for (genfs = policydb.genfs; genfs; genfs = genfs->next) { | 1887 | for (genfs = policydb.genfs; genfs; genfs = genfs->next) { |
1892 | cmp = strcmp(fstype, genfs->fstype); | 1888 | cmp = strcmp(fstype, genfs->fstype); |
@@ -1923,7 +1919,7 @@ int security_genfs_sid(const char *fstype, | |||
1923 | 1919 | ||
1924 | *sid = c->sid[0]; | 1920 | *sid = c->sid[0]; |
1925 | out: | 1921 | out: |
1926 | POLICY_RDUNLOCK; | 1922 | read_unlock(&policy_rwlock); |
1927 | return rc; | 1923 | return rc; |
1928 | } | 1924 | } |
1929 | 1925 | ||
@@ -1941,7 +1937,7 @@ int security_fs_use( | |||
1941 | int rc = 0; | 1937 | int rc = 0; |
1942 | struct ocontext *c; | 1938 | struct ocontext *c; |
1943 | 1939 | ||
1944 | POLICY_RDLOCK; | 1940 | read_lock(&policy_rwlock); |
1945 | 1941 | ||
1946 | c = policydb.ocontexts[OCON_FSUSE]; | 1942 | c = policydb.ocontexts[OCON_FSUSE]; |
1947 | while (c) { | 1943 | while (c) { |
@@ -1971,7 +1967,7 @@ int security_fs_use( | |||
1971 | } | 1967 | } |
1972 | 1968 | ||
1973 | out: | 1969 | out: |
1974 | POLICY_RDUNLOCK; | 1970 | read_unlock(&policy_rwlock); |
1975 | return rc; | 1971 | return rc; |
1976 | } | 1972 | } |
1977 | 1973 | ||
@@ -1979,7 +1975,7 @@ int security_get_bools(int *len, char ***names, int **values) | |||
1979 | { | 1975 | { |
1980 | int i, rc = -ENOMEM; | 1976 | int i, rc = -ENOMEM; |
1981 | 1977 | ||
1982 | POLICY_RDLOCK; | 1978 | read_lock(&policy_rwlock); |
1983 | *names = NULL; | 1979 | *names = NULL; |
1984 | *values = NULL; | 1980 | *values = NULL; |
1985 | 1981 | ||
@@ -2009,7 +2005,7 @@ int security_get_bools(int *len, char ***names, int **values) | |||
2009 | } | 2005 | } |
2010 | rc = 0; | 2006 | rc = 0; |
2011 | out: | 2007 | out: |
2012 | POLICY_RDUNLOCK; | 2008 | read_unlock(&policy_rwlock); |
2013 | return rc; | 2009 | return rc; |
2014 | err: | 2010 | err: |
2015 | if (*names) { | 2011 | if (*names) { |
@@ -2027,7 +2023,7 @@ int security_set_bools(int len, int *values) | |||
2027 | int lenp, seqno = 0; | 2023 | int lenp, seqno = 0; |
2028 | struct cond_node *cur; | 2024 | struct cond_node *cur; |
2029 | 2025 | ||
2030 | POLICY_WRLOCK; | 2026 | write_lock_irq(&policy_rwlock); |
2031 | 2027 | ||
2032 | lenp = policydb.p_bools.nprim; | 2028 | lenp = policydb.p_bools.nprim; |
2033 | if (len != lenp) { | 2029 | if (len != lenp) { |
@@ -2061,7 +2057,7 @@ int security_set_bools(int len, int *values) | |||
2061 | seqno = ++latest_granting; | 2057 | seqno = ++latest_granting; |
2062 | 2058 | ||
2063 | out: | 2059 | out: |
2064 | POLICY_WRUNLOCK; | 2060 | write_unlock_irq(&policy_rwlock); |
2065 | if (!rc) { | 2061 | if (!rc) { |
2066 | avc_ss_reset(seqno); | 2062 | avc_ss_reset(seqno); |
2067 | selnl_notify_policyload(seqno); | 2063 | selnl_notify_policyload(seqno); |
@@ -2075,7 +2071,7 @@ int security_get_bool_value(int bool) | |||
2075 | int rc = 0; | 2071 | int rc = 0; |
2076 | int len; | 2072 | int len; |
2077 | 2073 | ||
2078 | POLICY_RDLOCK; | 2074 | read_lock(&policy_rwlock); |
2079 | 2075 | ||
2080 | len = policydb.p_bools.nprim; | 2076 | len = policydb.p_bools.nprim; |
2081 | if (bool >= len) { | 2077 | if (bool >= len) { |
@@ -2085,7 +2081,7 @@ int security_get_bool_value(int bool) | |||
2085 | 2081 | ||
2086 | rc = policydb.bool_val_to_struct[bool]->state; | 2082 | rc = policydb.bool_val_to_struct[bool]->state; |
2087 | out: | 2083 | out: |
2088 | POLICY_RDUNLOCK; | 2084 | read_unlock(&policy_rwlock); |
2089 | return rc; | 2085 | return rc; |
2090 | } | 2086 | } |
2091 | 2087 | ||
@@ -2140,7 +2136,7 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid) | |||
2140 | 2136 | ||
2141 | context_init(&newcon); | 2137 | context_init(&newcon); |
2142 | 2138 | ||
2143 | POLICY_RDLOCK; | 2139 | read_lock(&policy_rwlock); |
2144 | context1 = sidtab_search(&sidtab, sid); | 2140 | context1 = sidtab_search(&sidtab, sid); |
2145 | if (!context1) { | 2141 | if (!context1) { |
2146 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", | 2142 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", |
@@ -2182,7 +2178,7 @@ bad: | |||
2182 | } | 2178 | } |
2183 | 2179 | ||
2184 | out_unlock: | 2180 | out_unlock: |
2185 | POLICY_RDUNLOCK; | 2181 | read_unlock(&policy_rwlock); |
2186 | context_destroy(&newcon); | 2182 | context_destroy(&newcon); |
2187 | out: | 2183 | out: |
2188 | return rc; | 2184 | return rc; |
@@ -2239,7 +2235,7 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, | |||
2239 | return 0; | 2235 | return 0; |
2240 | } | 2236 | } |
2241 | 2237 | ||
2242 | POLICY_RDLOCK; | 2238 | read_lock(&policy_rwlock); |
2243 | 2239 | ||
2244 | nlbl_ctx = sidtab_search(&sidtab, nlbl_sid); | 2240 | nlbl_ctx = sidtab_search(&sidtab, nlbl_sid); |
2245 | if (!nlbl_ctx) { | 2241 | if (!nlbl_ctx) { |
@@ -2258,7 +2254,7 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, | |||
2258 | rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES); | 2254 | rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES); |
2259 | 2255 | ||
2260 | out_slowpath: | 2256 | out_slowpath: |
2261 | POLICY_RDUNLOCK; | 2257 | read_unlock(&policy_rwlock); |
2262 | if (rc == 0) | 2258 | if (rc == 0) |
2263 | /* at present NetLabel SIDs/labels really only carry MLS | 2259 | /* at present NetLabel SIDs/labels really only carry MLS |
2264 | * information so if the MLS portion of the NetLabel SID | 2260 | * information so if the MLS portion of the NetLabel SID |
@@ -2288,7 +2284,7 @@ int security_get_classes(char ***classes, int *nclasses) | |||
2288 | { | 2284 | { |
2289 | int rc = -ENOMEM; | 2285 | int rc = -ENOMEM; |
2290 | 2286 | ||
2291 | POLICY_RDLOCK; | 2287 | read_lock(&policy_rwlock); |
2292 | 2288 | ||
2293 | *nclasses = policydb.p_classes.nprim; | 2289 | *nclasses = policydb.p_classes.nprim; |
2294 | *classes = kcalloc(*nclasses, sizeof(*classes), GFP_ATOMIC); | 2290 | *classes = kcalloc(*nclasses, sizeof(*classes), GFP_ATOMIC); |
@@ -2305,7 +2301,7 @@ int security_get_classes(char ***classes, int *nclasses) | |||
2305 | } | 2301 | } |
2306 | 2302 | ||
2307 | out: | 2303 | out: |
2308 | POLICY_RDUNLOCK; | 2304 | read_unlock(&policy_rwlock); |
2309 | return rc; | 2305 | return rc; |
2310 | } | 2306 | } |
2311 | 2307 | ||
@@ -2327,7 +2323,7 @@ int security_get_permissions(char *class, char ***perms, int *nperms) | |||
2327 | int rc = -ENOMEM, i; | 2323 | int rc = -ENOMEM, i; |
2328 | struct class_datum *match; | 2324 | struct class_datum *match; |
2329 | 2325 | ||
2330 | POLICY_RDLOCK; | 2326 | read_lock(&policy_rwlock); |
2331 | 2327 | ||
2332 | match = hashtab_search(policydb.p_classes.table, class); | 2328 | match = hashtab_search(policydb.p_classes.table, class); |
2333 | if (!match) { | 2329 | if (!match) { |
@@ -2355,11 +2351,11 @@ int security_get_permissions(char *class, char ***perms, int *nperms) | |||
2355 | goto err; | 2351 | goto err; |
2356 | 2352 | ||
2357 | out: | 2353 | out: |
2358 | POLICY_RDUNLOCK; | 2354 | read_unlock(&policy_rwlock); |
2359 | return rc; | 2355 | return rc; |
2360 | 2356 | ||
2361 | err: | 2357 | err: |
2362 | POLICY_RDUNLOCK; | 2358 | read_unlock(&policy_rwlock); |
2363 | for (i = 0; i < *nperms; i++) | 2359 | for (i = 0; i < *nperms; i++) |
2364 | kfree((*perms)[i]); | 2360 | kfree((*perms)[i]); |
2365 | kfree(*perms); | 2361 | kfree(*perms); |
@@ -2390,9 +2386,9 @@ int security_policycap_supported(unsigned int req_cap) | |||
2390 | { | 2386 | { |
2391 | int rc; | 2387 | int rc; |
2392 | 2388 | ||
2393 | POLICY_RDLOCK; | 2389 | read_lock(&policy_rwlock); |
2394 | rc = ebitmap_get_bit(&policydb.policycaps, req_cap); | 2390 | rc = ebitmap_get_bit(&policydb.policycaps, req_cap); |
2395 | POLICY_RDUNLOCK; | 2391 | read_unlock(&policy_rwlock); |
2396 | 2392 | ||
2397 | return rc; | 2393 | return rc; |
2398 | } | 2394 | } |
@@ -2456,7 +2452,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) | |||
2456 | 2452 | ||
2457 | context_init(&tmprule->au_ctxt); | 2453 | context_init(&tmprule->au_ctxt); |
2458 | 2454 | ||
2459 | POLICY_RDLOCK; | 2455 | read_lock(&policy_rwlock); |
2460 | 2456 | ||
2461 | tmprule->au_seqno = latest_granting; | 2457 | tmprule->au_seqno = latest_granting; |
2462 | 2458 | ||
@@ -2493,7 +2489,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) | |||
2493 | break; | 2489 | break; |
2494 | } | 2490 | } |
2495 | 2491 | ||
2496 | POLICY_RDUNLOCK; | 2492 | read_unlock(&policy_rwlock); |
2497 | 2493 | ||
2498 | if (rc) { | 2494 | if (rc) { |
2499 | selinux_audit_rule_free(tmprule); | 2495 | selinux_audit_rule_free(tmprule); |
@@ -2544,7 +2540,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, | |||
2544 | return -ENOENT; | 2540 | return -ENOENT; |
2545 | } | 2541 | } |
2546 | 2542 | ||
2547 | POLICY_RDLOCK; | 2543 | read_lock(&policy_rwlock); |
2548 | 2544 | ||
2549 | if (rule->au_seqno < latest_granting) { | 2545 | if (rule->au_seqno < latest_granting) { |
2550 | audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR, | 2546 | audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR, |
@@ -2638,7 +2634,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, | |||
2638 | } | 2634 | } |
2639 | 2635 | ||
2640 | out: | 2636 | out: |
2641 | POLICY_RDUNLOCK; | 2637 | read_unlock(&policy_rwlock); |
2642 | return match; | 2638 | return match; |
2643 | } | 2639 | } |
2644 | 2640 | ||
@@ -2726,7 +2722,7 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, | |||
2726 | return 0; | 2722 | return 0; |
2727 | } | 2723 | } |
2728 | 2724 | ||
2729 | POLICY_RDLOCK; | 2725 | read_lock(&policy_rwlock); |
2730 | 2726 | ||
2731 | if (secattr->flags & NETLBL_SECATTR_CACHE) { | 2727 | if (secattr->flags & NETLBL_SECATTR_CACHE) { |
2732 | *sid = *(u32 *)secattr->cache->data; | 2728 | *sid = *(u32 *)secattr->cache->data; |
@@ -2771,7 +2767,7 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, | |||
2771 | } | 2767 | } |
2772 | 2768 | ||
2773 | netlbl_secattr_to_sid_return: | 2769 | netlbl_secattr_to_sid_return: |
2774 | POLICY_RDUNLOCK; | 2770 | read_unlock(&policy_rwlock); |
2775 | return rc; | 2771 | return rc; |
2776 | netlbl_secattr_to_sid_return_cleanup: | 2772 | netlbl_secattr_to_sid_return_cleanup: |
2777 | ebitmap_destroy(&ctx_new.range.level[0].cat); | 2773 | ebitmap_destroy(&ctx_new.range.level[0].cat); |
@@ -2796,7 +2792,7 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr) | |||
2796 | if (!ss_initialized) | 2792 | if (!ss_initialized) |
2797 | return 0; | 2793 | return 0; |
2798 | 2794 | ||
2799 | POLICY_RDLOCK; | 2795 | read_lock(&policy_rwlock); |
2800 | ctx = sidtab_search(&sidtab, sid); | 2796 | ctx = sidtab_search(&sidtab, sid); |
2801 | if (ctx == NULL) | 2797 | if (ctx == NULL) |
2802 | goto netlbl_sid_to_secattr_failure; | 2798 | goto netlbl_sid_to_secattr_failure; |
@@ -2807,12 +2803,12 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr) | |||
2807 | rc = mls_export_netlbl_cat(ctx, secattr); | 2803 | rc = mls_export_netlbl_cat(ctx, secattr); |
2808 | if (rc != 0) | 2804 | if (rc != 0) |
2809 | goto netlbl_sid_to_secattr_failure; | 2805 | goto netlbl_sid_to_secattr_failure; |
2810 | POLICY_RDUNLOCK; | 2806 | read_unlock(&policy_rwlock); |
2811 | 2807 | ||
2812 | return 0; | 2808 | return 0; |
2813 | 2809 | ||
2814 | netlbl_sid_to_secattr_failure: | 2810 | netlbl_sid_to_secattr_failure: |
2815 | POLICY_RDUNLOCK; | 2811 | read_unlock(&policy_rwlock); |
2816 | return rc; | 2812 | return rc; |
2817 | } | 2813 | } |
2818 | #endif /* CONFIG_NETLABEL */ | 2814 | #endif /* CONFIG_NETLABEL */ |