SELinux: open code policy_rwlock

extern const struct selinux_class_perm selinux_class_perm;

static DEFINE_RWLOCK(policy_rwlock);

#define POLICY_RDLOCK read_lock(&policy_rwlock)

#define POLICY_WRLOCK write_lock_irq(&policy_rwlock)

#define POLICY_RDUNLOCK read_unlock(&policy_rwlock)

#define POLICY_WRUNLOCK write_unlock_irq(&policy_rwlock)

static DEFINE_MUTEX(load_mutex);

#define LOAD_LOCK mutex_lock(&load_mutex)

	u32 type;

	int rc;

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	context = sidtab_search(&sidtab, sid);

	BUG_ON(!context);

	 */

	rc = ebitmap_get_bit(&policydb.permissive_map, type);

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return rc;

}

	if (!ss_initialized)

		return 0;

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	/*

	 * Remap extended Netlink classes for old policy versions.

	}

out:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return rc;

}

		return 0;

	}

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	scontext = sidtab_search(&sidtab, ssid);

	if (!scontext) {

	rc = context_struct_compute_av(scontext, tcontext, tclass,

				       requested, avd);

out:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return rc;

}

		rc = -EINVAL;

		goto out;

	}

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	if (force)

		context = sidtab_search_force(&sidtab, sid);

	else

	}

	rc = context_struct_to_string(context, scontext, scontext_len);

out_unlock:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

out:

	return rc;

		}

	}

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	rc = string_to_context_struct(&policydb, &sidtab,

				      scontext2, scontext_len,

				      &context, def_sid);

	if (rc)

		context_destroy(&context);

out:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	kfree(scontext2);

	kfree(str);

	return rc;

	context_init(&newcontext);

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	scontext = sidtab_search(&sidtab, ssid);

	if (!scontext) {

	/* Obtain the sid for the context. */

	rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid);

out_unlock:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	context_destroy(&newcontext);

out:

	return rc;

	sidtab_set(&oldsidtab, &sidtab);

	/* Install the new policydb and SID table. */

	POLICY_WRLOCK;

	write_lock_irq(&policy_rwlock);

	memcpy(&policydb, &newpolicydb, sizeof policydb);

	sidtab_set(&sidtab, &newsidtab);

	security_load_policycaps();

	seqno = ++latest_granting;

	policydb_loaded_version = policydb.policyvers;

	POLICY_WRUNLOCK;

	write_unlock_irq(&policy_rwlock);

	LOAD_UNLOCK;

	/* Free the old policydb and SID table. */

	struct ocontext *c;

	int rc = 0;

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	c = policydb.ocontexts[OCON_PORT];

	while (c) {

	}

out:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return rc;

}

	int rc = 0;

	struct ocontext *c;

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	c = policydb.ocontexts[OCON_NETIF];

	while (c) {

		*if_sid = SECINITSID_NETIF;

out:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return rc;

}

	int rc = 0;

	struct ocontext *c;

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	switch (domain) {

	case AF_INET: {

	}

out:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return rc;

}

	if (!ss_initialized)

		goto out;

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	context_init(&usercon);

	}

out_unlock:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	if (rc || !mynel) {

		kfree(mysids);

		goto out;

	while (path[0] == '/' && path[1] == '/')

		path++;

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	for (genfs = policydb.genfs; genfs; genfs = genfs->next) {

		cmp = strcmp(fstype, genfs->fstype);

	*sid = c->sid[0];

out:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return rc;

}

	int rc = 0;

	struct ocontext *c;

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	c = policydb.ocontexts[OCON_FSUSE];

	while (c) {

	}

out:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return rc;

}

{

	int i, rc = -ENOMEM;

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	*names = NULL;

	*values = NULL;

	}

	rc = 0;

out:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return rc;

err:

	if (*names) {

	int lenp, seqno = 0;

	struct cond_node *cur;

	POLICY_WRLOCK;

	write_lock_irq(&policy_rwlock);

	lenp = policydb.p_bools.nprim;

	if (len != lenp) {

	seqno = ++latest_granting;

out:

	POLICY_WRUNLOCK;

	write_unlock_irq(&policy_rwlock);

	if (!rc) {

		avc_ss_reset(seqno);

		selnl_notify_policyload(seqno);

	int rc = 0;

	int len;

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	len = policydb.p_bools.nprim;

	if (bool >= len) {

	rc = policydb.bool_val_to_struct[bool]->state;

out:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return rc;

}

	context_init(&newcon);

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	context1 = sidtab_search(&sidtab, sid);

	if (!context1) {

		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",

	}

out_unlock:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	context_destroy(&newcon);

out:

	return rc;

		return 0;

	}

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	nlbl_ctx = sidtab_search(&sidtab, nlbl_sid);

	if (!nlbl_ctx) {

	rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES);

out_slowpath:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	if (rc == 0)

		/* at present NetLabel SIDs/labels really only carry MLS

		 * information so if the MLS portion of the NetLabel SID

{

	int rc = -ENOMEM;

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	*nclasses = policydb.p_classes.nprim;

	*classes = kcalloc(*nclasses, sizeof(*classes), GFP_ATOMIC);

	}

out:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return rc;

}

	int rc = -ENOMEM, i;

	struct class_datum *match;

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	match = hashtab_search(policydb.p_classes.table, class);

	if (!match) {

		goto err;

out:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return rc;

err:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	for (i = 0; i < *nperms; i++)

		kfree((*perms)[i]);

	kfree(*perms);

{

	int rc;

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	rc = ebitmap_get_bit(&policydb.policycaps, req_cap);

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return rc;

}

	context_init(&tmprule->au_ctxt);

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	tmprule->au_seqno = latest_granting;

		break;

	}

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	if (rc) {

		selinux_audit_rule_free(tmprule);

		return -ENOENT;

	}

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	if (rule->au_seqno < latest_granting) {

		audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,

	}

out:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return match;

}

		return 0;

	}

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	if (secattr->flags & NETLBL_SECATTR_CACHE) {

		*sid = *(u32 *)secattr->cache->data;

	}

netlbl_secattr_to_sid_return:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return rc;

netlbl_secattr_to_sid_return_cleanup:

	ebitmap_destroy(&ctx_new.range.level[0].cat);

	if (!ss_initialized)

		return 0;

	POLICY_RDLOCK;

	read_lock(&policy_rwlock);

	ctx = sidtab_search(&sidtab, sid);

	if (ctx == NULL)

		goto netlbl_sid_to_secattr_failure;

	rc = mls_export_netlbl_cat(ctx, secattr);

	if (rc != 0)

		goto netlbl_sid_to_secattr_failure;

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return 0;

netlbl_sid_to_secattr_failure:

	POLICY_RDUNLOCK;

	read_unlock(&policy_rwlock);

	return rc;

}

#endif /* CONFIG_NETLABEL */