diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2018-03-20 16:59:10 +0100 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2018-03-20 21:29:17 +0100 |
commit | 274f62e1e5c74e7cbc5c965ec02b7c590da4b2fe (patch) | |
tree | f2aaaeab76c5463c2608981f9628bc6b8aabd63a /security/selinux/ss | |
parent | selinux: Update SELinux SCTP documentation (diff) | |
download | linux-274f62e1e5c74e7cbc5c965ec02b7c590da4b2fe.tar.xz linux-274f62e1e5c74e7cbc5c965ec02b7c590da4b2fe.zip |
selinux: fix handling of uninitialized selinux state in get_bools/classes
If security_get_bools/classes are called before the selinux state is
initialized (i.e. before first policy load), then they should just
return immediately with no booleans/classes.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/ss')
-rw-r--r-- | security/selinux/ss/services.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 4785ca552d51..ccfa65f6bc17 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2811,6 +2811,13 @@ int security_get_bools(struct selinux_state *state, struct policydb *policydb; int i, rc; + if (!state->initialized) { + *len = 0; + *names = NULL; + *values = NULL; + return 0; + } + read_lock(&state->ss->policy_rwlock); policydb = &state->ss->policydb; @@ -3141,6 +3148,12 @@ int security_get_classes(struct selinux_state *state, struct policydb *policydb = &state->ss->policydb; int rc; + if (!state->initialized) { + *nclasses = 0; + *classes = NULL; + return 0; + } + read_lock(&state->ss->policy_rwlock); rc = -ENOMEM; |