diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2018-03-20 11:59:10 -0400 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2018-03-20 16:29:17 -0400 |
commit | 274f62e1e5c74e7cbc5c965ec02b7c590da4b2fe (patch) | |
tree | f2aaaeab76c5463c2608981f9628bc6b8aabd63a | |
parent | d3cc2cd7c8d7adfb43075036878e319d5893280d (diff) |
selinux: fix handling of uninitialized selinux state in get_bools/classes
If security_get_bools/classes are called before the selinux state is
initialized (i.e. before first policy load), then they should just
return immediately with no booleans/classes.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r-- | security/selinux/ss/services.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 4785ca552d51..ccfa65f6bc17 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2811,6 +2811,13 @@ int security_get_bools(struct selinux_state *state, struct policydb *policydb; int i, rc; + if (!state->initialized) { + *len = 0; + *names = NULL; + *values = NULL; + return 0; + } + read_lock(&state->ss->policy_rwlock); policydb = &state->ss->policydb; @@ -3141,6 +3148,12 @@ int security_get_classes(struct selinux_state *state, struct policydb *policydb = &state->ss->policydb; int rc; + if (!state->initialized) { + *nclasses = 0; + *classes = NULL; + return 0; + } + read_lock(&state->ss->policy_rwlock); rc = -ENOMEM; |