SELinux: fix locking issue introduced with c6d3aaa4

Ensure that we release the policy read lock on all exit paths from security_compute_av. Signed-off-by: N Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: N James Morris <jmorris@namei.org>

SELinux: fix locking issue introduced with c6d3aaa4
Ensure that we release the policy read lock on all exit paths from security_compute_av. Signed-off-by: N Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: N James Morris <jmorris@namei.org>
b7f3008a · Stephen Smalley · James Morris · 825332e4 · b7f3008a
隐藏空白更改
内联并排

Showing with 7 addition and 3 deletion

security/selinux/ss/services.c security/selinux/ss/services.c +7 -3

未找到文件。
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -935,19 +935,22 @@ int security_compute_av(u32 ssid,
 	u32 requested;
 	int rc;

+	read_lock(&policy_rwlock);
+
 	if (!ss_initialized)
 		goto allow;

-	read_lock(&policy_rwlock);
 	requested = unmap_perm(orig_tclass, orig_requested);
 	tclass = unmap_class(orig_tclass);
 	if (unlikely(orig_tclass && !tclass)) {
 		if (policydb.allow_unknown)
 			goto allow;
-		return -EINVAL;
+		rc = -EINVAL;
+		goto out;
 	}
 	rc = security_compute_av_core(ssid, tsid, tclass, requested, avd);
 	map_decision(orig_tclass, avd, policydb.allow_unknown);
+out:
 	read_unlock(&policy_rwlock);
 	return rc;
 allow:
@@ -956,7 +959,8 @@ int security_compute_av(u32 ssid,
 	avd->auditdeny = 0xffffffff;
 	avd->seqno = latest_granting;
 	avd->flags = 0;
-	return 0;
+	rc = 0;
+	goto out;
 }

 int security_compute_av_user(u32 ssid,