SELinux: fix locking issue introduced with c6d3aaa4e35c71a3

author Stephen Smalley <sds@tycho.nsa.gov>

Mon, 19 Oct 2009 14:08:50 +0000 (10:08 -0400)

committer James Morris <jmorris@namei.org>

Tue, 20 Oct 2009 00:22:07 +0000 (09:22 +0900)
author Stephen Smalley <sds@tycho.nsa.gov>
Mon, 19 Oct 2009 14:08:50 +0000 (10:08 -0400)
committer James Morris <jmorris@namei.org>
Tue, 20 Oct 2009 00:22:07 +0000 (09:22 +0900)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c

index f270e378c0e4097e2ae5b0553b27ba6bef7d73b5..77f6e54bb43fcf7a505c643905935c0606e8d738 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -935,19 +935,22 @@ int security_compute_av(u32 ssid,
         u32 requested;
         int rc;
  
+       read_lock(&policy_rwlock);
+
         if (!ss_initialized)
                 goto allow;
  
-       read_lock(&policy_rwlock);
         requested = unmap_perm(orig_tclass, orig_requested);
         tclass = unmap_class(orig_tclass);
         if (unlikely(orig_tclass && !tclass)) {
                 if (policydb.allow_unknown)
                         goto allow;
-               return -EINVAL;
+               rc = -EINVAL;
+               goto out;
         }
         rc = security_compute_av_core(ssid, tsid, tclass, requested, avd);
         map_decision(orig_tclass, avd, policydb.allow_unknown);
+out:
         read_unlock(&policy_rwlock);
         return rc;
  allow:
@@ -956,7 +959,8 @@ allow:
         avd->auditdeny = 0xffffffff;
         avd->seqno = latest_granting;
         avd->flags = 0;
-       return 0;
+       rc = 0;
+       goto out;
  }
  
  int security_compute_av_user(u32 ssid,
author	Stephen Smalley <sds@tycho.nsa.gov>
	Mon, 19 Oct 2009 14:08:50 +0000 (10:08 -0400)
committer	James Morris <jmorris@namei.org>
	Tue, 20 Oct 2009 00:22:07 +0000 (09:22 +0900)