On Fri, 2008-06-06 at 22:47 +1000, James Morris wrote:
> On Fri, 6 Jun 2008, Stephen Smalley wrote:
>
> >
> > On Fri, 2008-06-06 at 18:58 +1000, James Morris wrote:
> > > Open code load_mutex as suggested by Andrew Morton.
> > >
> > > Signed-off-by: James Morris <jmorris@xxxxxxxxx>
> >
> > This is technically correct, but I believe that load_mutex is actually
> > obsolete and can be completely removed. Note that
> > security_load_policy() is only called from selinuxfs while holding
> > sel_mutex there, which is required in order to synchronize with boolean
> > manipulation. load_mutex is a leftover from before the age of policy
> > booleans.
>
> Ok, that should be a separate patch, I think.
Ok, you can add my Acked-by to this patch then.
Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
>
> >
> > > ---
> > > security/selinux/ss/services.c | 21 +++++++++------------
> > > 1 files changed, 9 insertions(+), 12 deletions(-)
> > >
> > > diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> > > index e8ec54d..d06df33 100644
> > > --- a/security/selinux/ss/services.c
> > > +++ b/security/selinux/ss/services.c
> > > @@ -71,10 +71,7 @@ int selinux_policycap_openperm;
> > > extern const struct selinux_class_perm selinux_class_perm;
> > >
> > > static DEFINE_RWLOCK(policy_rwlock);
> > > -
> > > static DEFINE_MUTEX(load_mutex);
> > > -#define LOAD_LOCK mutex_lock(&load_mutex)
> > > -#define LOAD_UNLOCK mutex_unlock(&load_mutex)
> > >
> > > static struct sidtab sidtab;
> > > struct policydb policydb;
> > > @@ -1456,17 +1453,17 @@ int security_load_policy(void *data, size_t len)
> > > int rc = 0;
> > > struct policy_file file = { data, len }, *fp = &file;
> > >
> > > - LOAD_LOCK;
> > > + mutex_lock(&load_mutex);
> > >
> > > if (!ss_initialized) {
> > > avtab_cache_init();
> > > if (policydb_read(&policydb, fp)) {
> > > - LOAD_UNLOCK;
> > > + mutex_unlock(&load_mutex);
> > > avtab_cache_destroy();
> > > return -EINVAL;
> > > }
> > > if (policydb_load_isids(&policydb, &sidtab)) {
> > > - LOAD_UNLOCK;
> > > + mutex_unlock(&load_mutex);
> > > policydb_destroy(&policydb);
> > > avtab_cache_destroy();
> > > return -EINVAL;
> > > @@ -1475,7 +1472,7 @@ int security_load_policy(void *data, size_t len)
> > > if (validate_classes(&policydb)) {
> > > printk(KERN_ERR
> > > "SELinux: the definition of a class is incorrect\n");
> > > - LOAD_UNLOCK;
> > > + mutex_unlock(&load_mutex);
> > > sidtab_destroy(&sidtab);
> > > policydb_destroy(&policydb);
> > > avtab_cache_destroy();
> > > @@ -1485,7 +1482,7 @@ int security_load_policy(void *data, size_t len)
> > > policydb_loaded_version = policydb.policyvers;
> > > ss_initialized = 1;
> > > seqno = ++latest_granting;
> > > - LOAD_UNLOCK;
> > > + mutex_unlock(&load_mutex);
> > > selinux_complete_init();
> > > avc_ss_reset(seqno);
> > > selnl_notify_policyload(seqno);
> > > @@ -1499,12 +1496,12 @@ int security_load_policy(void *data, size_t len)
> > > #endif
> > >
> > > if (policydb_read(&newpolicydb, fp)) {
> > > - LOAD_UNLOCK;
> > > + mutex_unlock(&load_mutex);
> > > return -EINVAL;
> > > }
> > >
> > > if (sidtab_init(&newsidtab)) {
> > > - LOAD_UNLOCK;
> > > + mutex_unlock(&load_mutex);
> > > policydb_destroy(&newpolicydb);
> > > return -ENOMEM;
> > > }
> > > @@ -1552,7 +1549,7 @@ int security_load_policy(void *data, size_t len)
> > > seqno = ++latest_granting;
> > > policydb_loaded_version = policydb.policyvers;
> > > write_unlock_irq(&policy_rwlock);
> > > - LOAD_UNLOCK;
> > > + mutex_unlock(&load_mutex);
> > >
> > > /* Free the old policydb and SID table. */
> > > policydb_destroy(&oldpolicydb);
> > > @@ -1566,7 +1563,7 @@ int security_load_policy(void *data, size_t len)
> > > return 0;
> > >
> > > err:
> > > - LOAD_UNLOCK;
> > > + mutex_unlock(&load_mutex);
> > > sidtab_destroy(&newsidtab);
> > > policydb_destroy(&newpolicydb);
> > > return rc;
> >
>
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
