summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-06-09 15:58:04 -0400
committerJames Morris <jmorris@namei.org>2008-07-14 15:01:58 +1000
commit89abd0acf0335f3f760a3c0698d43bb1eaa83e44 (patch)
treec71f08fd6b9fa3969352f96d88daa1409474e2d6 /security
parentcea78dc4ca044e9666e8f5d797ec50ab85253e49 (diff)
downloadlwn-89abd0acf0335f3f760a3c0698d43bb1eaa83e44.tar.gz
lwn-89abd0acf0335f3f760a3c0698d43bb1eaa83e44.zip
SELinux: drop load_mutex in security_load_policy
We used to protect against races of policy load in security_load_policy by using the load_mutex. Since then we have added a new mutex, sel_mutex, in sel_write_load() which is always held across all calls to security_load_policy we are covered and can safely just drop this one. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/ss/services.c14
1 files changed, 1 insertions, 13 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index f26a8cad06e7..543fd0f31b33 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -71,7 +71,6 @@ int selinux_policycap_openperm;
extern const struct selinux_class_perm selinux_class_perm;
static DEFINE_RWLOCK(policy_rwlock);
-static DEFINE_MUTEX(load_mutex);
static struct sidtab sidtab;
struct policydb policydb;
@@ -1453,17 +1452,13 @@ int security_load_policy(void *data, size_t len)
int rc = 0;
struct policy_file file = { data, len }, *fp = &file;
- mutex_lock(&load_mutex);
-
if (!ss_initialized) {
avtab_cache_init();
if (policydb_read(&policydb, fp)) {
- mutex_unlock(&load_mutex);
avtab_cache_destroy();
return -EINVAL;
}
if (policydb_load_isids(&policydb, &sidtab)) {
- mutex_unlock(&load_mutex);
policydb_destroy(&policydb);
avtab_cache_destroy();
return -EINVAL;
@@ -1472,7 +1467,6 @@ int security_load_policy(void *data, size_t len)
if (validate_classes(&policydb)) {
printk(KERN_ERR
"SELinux: the definition of a class is incorrect\n");
- mutex_unlock(&load_mutex);
sidtab_destroy(&sidtab);
policydb_destroy(&policydb);
avtab_cache_destroy();
@@ -1482,7 +1476,6 @@ int security_load_policy(void *data, size_t len)
policydb_loaded_version = policydb.policyvers;
ss_initialized = 1;
seqno = ++latest_granting;
- mutex_unlock(&load_mutex);
selinux_complete_init();
avc_ss_reset(seqno);
selnl_notify_policyload(seqno);
@@ -1495,13 +1488,10 @@ int security_load_policy(void *data, size_t len)
sidtab_hash_eval(&sidtab, "sids");
#endif
- if (policydb_read(&newpolicydb, fp)) {
- mutex_unlock(&load_mutex);
+ if (policydb_read(&newpolicydb, fp))
return -EINVAL;
- }
if (sidtab_init(&newsidtab)) {
- mutex_unlock(&load_mutex);
policydb_destroy(&newpolicydb);
return -ENOMEM;
}
@@ -1549,7 +1539,6 @@ int security_load_policy(void *data, size_t len)
seqno = ++latest_granting;
policydb_loaded_version = policydb.policyvers;
write_unlock_irq(&policy_rwlock);
- mutex_unlock(&load_mutex);
/* Free the old policydb and SID table. */
policydb_destroy(&oldpolicydb);
@@ -1563,7 +1552,6 @@ int security_load_policy(void *data, size_t len)
return 0;
err:
- mutex_unlock(&load_mutex);
sidtab_destroy(&newsidtab);
policydb_destroy(&newpolicydb);
return rc;