selinux: move policy mutex to selinux_state, use in lockdep checks

Move the mutex used to synchronize policy changes (reloads and setting of booleans) from selinux_fs_info to selinux_state and use it in lockdep checks for rcu_dereference_protected() calls in the security server functions. This makes the dependency on the mutex explicit in the code rather than relying on comments. Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Stephen Smalley <stephen.smalley.work@gmail.com> 2020-08-26 19:28:53 +0200
committer: Paul Moore <paul@paul-moore.com> 2020-08-27 15:52:47 +0200
commit: 9ff9abc4c6be27ff27b6df625501a46711730520 (patch)
tree: db853e573a639e368db7ebc465b878451df612d5 /security/selinux/hooks.c
parent: selinux: fix error handling bugs in security_load_policy() (diff)
download: linux-9ff9abc4c6be27ff27b6df625501a46711730520.tar.xz
linux-9ff9abc4c6be27ff27b6df625501a46711730520.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6f30ba1a38dc..6210e98219a5 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -7237,6 +7237,7 @@ static __init int selinux_init(void)
 	selinux_state.checkreqprot = selinux_checkreqprot_boot;
 	selinux_avc_init(&selinux_state.avc);
 	mutex_init(&selinux_state.status_lock);
+	mutex_init(&selinux_state.policy_mutex);
 
 	/* Set the security state for the initial task. */
 	cred_init_security();
author	Stephen Smalley <stephen.smalley.work@gmail.com>	2020-08-26 19:28:53 +0200
committer	Paul Moore <paul@paul-moore.com>	2020-08-27 15:52:47 +0200
commit	9ff9abc4c6be27ff27b6df625501a46711730520 (patch)
tree	db853e573a639e368db7ebc465b878451df612d5 /security/selinux/hooks.c
parent	selinux: fix error handling bugs in security_load_policy() (diff)
download	linux-9ff9abc4c6be27ff27b6df625501a46711730520.tar.xz linux-9ff9abc4c6be27ff27b6df625501a46711730520.zip