mirror of
https://github.com/adulau/aha.git
synced 2024-12-28 03:36:19 +00:00
SELinux: fix locking issue introduced with c6d3aaa4e3
Ensure that we release the policy read lock on all exit paths from security_compute_av. Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
825332e4ff
commit
b7f3008ad1
1 changed files with 7 additions and 3 deletions
|
@ -935,19 +935,22 @@ int security_compute_av(u32 ssid,
|
|||
u32 requested;
|
||||
int rc;
|
||||
|
||||
read_lock(&policy_rwlock);
|
||||
|
||||
if (!ss_initialized)
|
||||
goto allow;
|
||||
|
||||
read_lock(&policy_rwlock);
|
||||
requested = unmap_perm(orig_tclass, orig_requested);
|
||||
tclass = unmap_class(orig_tclass);
|
||||
if (unlikely(orig_tclass && !tclass)) {
|
||||
if (policydb.allow_unknown)
|
||||
goto allow;
|
||||
return -EINVAL;
|
||||
rc = -EINVAL;
|
||||
goto out;
|
||||
}
|
||||
rc = security_compute_av_core(ssid, tsid, tclass, requested, avd);
|
||||
map_decision(orig_tclass, avd, policydb.allow_unknown);
|
||||
out:
|
||||
read_unlock(&policy_rwlock);
|
||||
return rc;
|
||||
allow:
|
||||
|
@ -956,7 +959,8 @@ allow:
|
|||
avd->auditdeny = 0xffffffff;
|
||||
avd->seqno = latest_granting;
|
||||
avd->flags = 0;
|
||||
return 0;
|
||||
rc = 0;
|
||||
goto out;
|
||||
}
|
||||
|
||||
int security_compute_av_user(u32 ssid,
|
||||
|
|
Loading…
Reference in a new issue