Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b7f3008a authored by Stephen Smalley's avatar Stephen Smalley Committed by James Morris
Browse files

SELinux: fix locking issue introduced with c6d3aaa4 



Ensure that we release the policy read lock on all exit paths from
security_compute_av.

Signed-off-by: default avatarStephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 825332e4

security/selinux/ss/services.c

+7 −3
Original line number Diff line number Diff line
@@ -935,19 +935,22 @@ int security_compute_av(u32 ssid, 
	u32 requested;

	int rc;



	read_lock(&policy_rwlock);



	if (!ss_initialized)

		goto allow;



	read_lock(&policy_rwlock);

	requested = unmap_perm(orig_tclass, orig_requested);

	tclass = unmap_class(orig_tclass);

	if (unlikely(orig_tclass && !tclass)) {

		if (policydb.allow_unknown)

			goto allow;

		return -EINVAL;

		rc = -EINVAL;

		goto out;

	}

	rc = security_compute_av_core(ssid, tsid, tclass, requested, avd);

	map_decision(orig_tclass, avd, policydb.allow_unknown);

out:

	read_unlock(&policy_rwlock);

	return rc;

allow:
@@ -956,7 +959,8 @@ int security_compute_av(u32 ssid, 
	avd->auditdeny = 0xffffffff;

	avd->seqno = latest_granting;

	avd->flags = 0;

	return 0;

	rc = 0;

	goto out;

}



int security_compute_av_user(u32 ssid,