diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2009-10-19 10:08:50 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-10-20 09:22:07 +0900 |
commit | b7f3008ad1d795935551e4dd810b0255a7bfa3c9 (patch) | |
tree | 1933b20fd16d30f6f9b3043ee6a66f0ddedb4009 | |
parent | 825332e4ff1373c55d931b49408df7ec2298f71e (diff) | |
download | op-kernel-dev-b7f3008ad1d795935551e4dd810b0255a7bfa3c9.zip op-kernel-dev-b7f3008ad1d795935551e4dd810b0255a7bfa3c9.tar.gz |
SELinux: fix locking issue introduced with c6d3aaa4e35c71a3
Ensure that we release the policy read lock on all exit paths from
security_compute_av.
Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | security/selinux/ss/services.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index f270e37..77f6e54 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -935,19 +935,22 @@ int security_compute_av(u32 ssid, u32 requested; int rc; + read_lock(&policy_rwlock); + if (!ss_initialized) goto allow; - read_lock(&policy_rwlock); requested = unmap_perm(orig_tclass, orig_requested); tclass = unmap_class(orig_tclass); if (unlikely(orig_tclass && !tclass)) { if (policydb.allow_unknown) goto allow; - return -EINVAL; + rc = -EINVAL; + goto out; } rc = security_compute_av_core(ssid, tsid, tclass, requested, avd); map_decision(orig_tclass, avd, policydb.allow_unknown); +out: read_unlock(&policy_rwlock); return rc; allow: @@ -956,7 +959,8 @@ allow: avd->auditdeny = 0xffffffff; avd->seqno = latest_granting; avd->flags = 0; - return 0; + rc = 0; + goto out; } int security_compute_av_user(u32 ssid, |