diff options
author | Ondrej Mosnacek <omosnace@redhat.com> | 2019-01-28 16:43:33 +0100 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2019-01-29 00:10:28 +0100 |
commit | e6f2f381e4015386a656a369835f949c26000e6b (patch) | |
tree | dc68f80a85a1763ddb8fbe6cf03d569accffcbef /security | |
parent | selinux: log invalid contexts in AVCs (diff) | |
download | linux-e6f2f381e4015386a656a369835f949c26000e6b.tar.xz linux-e6f2f381e4015386a656a369835f949c26000e6b.zip |
selinux: replace BUG_ONs with WARN_ONs in avc.c
These checks are only guarding against programming errors that could
silently grant too many permissions. These cases are better handled with
WARN_ON(), since it doesn't really help much to crash the machine in
this case.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/avc.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 3a27418b20d7..33863298a9b5 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -1059,7 +1059,8 @@ int avc_has_extended_perms(struct selinux_state *state, int rc = 0, rc2; xp_node = &local_xp_node; - BUG_ON(!requested); + if (WARN_ON(!requested)) + return -EACCES; rcu_read_lock(); @@ -1149,7 +1150,8 @@ inline int avc_has_perm_noaudit(struct selinux_state *state, int rc = 0; u32 denied; - BUG_ON(!requested); + if (WARN_ON(!requested)) + return -EACCES; rcu_read_lock(); |