diff options
author | Ondrej Mosnacek <omosnace@redhat.com> | 2019-01-25 11:06:49 +0100 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2019-01-25 23:25:02 +0100 |
commit | 994fb0651d02e49567e7550eb574981b387fc06f (patch) | |
tree | 2093a65b36429491a7b55f6ddcd5e5b508db907d /security | |
parent | selinux: inline some AVC functions used only once (diff) | |
download | linux-994fb0651d02e49567e7550eb574981b387fc06f.tar.xz linux-994fb0651d02e49567e7550eb574981b387fc06f.zip |
selinux: replace some BUG_ON()s with a WARN_ON()
We don't need to crash the machine in these cases. Let's just detect the
buggy state early and error out with a warning.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/avc.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 502162eeb3a0..5ebad47391c9 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -678,7 +678,6 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a) return; } - BUG_ON(!sad->tclass || sad->tclass >= ARRAY_SIZE(secclass_map)); perms = secclass_map[sad->tclass-1].perms; audit_log_string(ab, " {"); @@ -731,7 +730,6 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a) kfree(scontext); } - BUG_ON(!sad->tclass || sad->tclass >= ARRAY_SIZE(secclass_map)); audit_log_format(ab, " tclass=%s", secclass_map[sad->tclass-1].name); if (sad->denied) @@ -748,6 +746,9 @@ noinline int slow_avc_audit(struct selinux_state *state, struct common_audit_data stack_data; struct selinux_audit_data sad; + if (WARN_ON(!tclass || tclass >= ARRAY_SIZE(secclass_map))) + return -EINVAL; + if (!a) { a = &stack_data; a->type = LSM_AUDIT_DATA_NONE; |