summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2009-10-19 16:08:50 +0200
committerJames Morris <jmorris@namei.org>2009-10-20 02:22:07 +0200
commitb7f3008ad1d795935551e4dd810b0255a7bfa3c9 (patch)
tree1933b20fd16d30f6f9b3043ee6a66f0ddedb4009 /security
parentcapabilities: simplify bound checks for copy_from_user() (diff)
downloadlinux-b7f3008ad1d795935551e4dd810b0255a7bfa3c9.tar.xz
linux-b7f3008ad1d795935551e4dd810b0255a7bfa3c9.zip
SELinux: fix locking issue introduced with c6d3aaa4e35c71a3
Ensure that we release the policy read lock on all exit paths from security_compute_av. Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/ss/services.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index f270e378c0e4..77f6e54bb43f 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -935,19 +935,22 @@ int security_compute_av(u32 ssid,
u32 requested;
int rc;
+ read_lock(&policy_rwlock);
+
if (!ss_initialized)
goto allow;
- read_lock(&policy_rwlock);
requested = unmap_perm(orig_tclass, orig_requested);
tclass = unmap_class(orig_tclass);
if (unlikely(orig_tclass && !tclass)) {
if (policydb.allow_unknown)
goto allow;
- return -EINVAL;
+ rc = -EINVAL;
+ goto out;
}
rc = security_compute_av_core(ssid, tsid, tclass, requested, avd);
map_decision(orig_tclass, avd, policydb.allow_unknown);
+out:
read_unlock(&policy_rwlock);
return rc;
allow:
@@ -956,7 +959,8 @@ allow:
avd->auditdeny = 0xffffffff;
avd->seqno = latest_granting;
avd->flags = 0;
- return 0;
+ rc = 0;
+ goto out;
}
int security_compute_av_user(u32 ssid,