diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2009-10-19 16:08:50 +0200 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-10-20 02:22:07 +0200 |
commit | b7f3008ad1d795935551e4dd810b0255a7bfa3c9 (patch) | |
tree | 1933b20fd16d30f6f9b3043ee6a66f0ddedb4009 /security | |
parent | capabilities: simplify bound checks for copy_from_user() (diff) | |
download | linux-b7f3008ad1d795935551e4dd810b0255a7bfa3c9.tar.xz linux-b7f3008ad1d795935551e4dd810b0255a7bfa3c9.zip |
SELinux: fix locking issue introduced with c6d3aaa4e35c71a3
Ensure that we release the policy read lock on all exit paths from
security_compute_av.
Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/ss/services.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index f270e378c0e4..77f6e54bb43f 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -935,19 +935,22 @@ int security_compute_av(u32 ssid, u32 requested; int rc; + read_lock(&policy_rwlock); + if (!ss_initialized) goto allow; - read_lock(&policy_rwlock); requested = unmap_perm(orig_tclass, orig_requested); tclass = unmap_class(orig_tclass); if (unlikely(orig_tclass && !tclass)) { if (policydb.allow_unknown) goto allow; - return -EINVAL; + rc = -EINVAL; + goto out; } rc = security_compute_av_core(ssid, tsid, tclass, requested, avd); map_decision(orig_tclass, avd, policydb.allow_unknown); +out: read_unlock(&policy_rwlock); return rc; allow: @@ -956,7 +959,8 @@ allow: avd->auditdeny = 0xffffffff; avd->seqno = latest_granting; avd->flags = 0; - return 0; + rc = 0; + goto out; } int security_compute_av_user(u32 ssid, |