Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5241c107 authored by Dan Carpenter's avatar Dan Carpenter Committed by James Morris
Browse files

selinux: propagate error codes in cond_read_list() 



These are passed back when the security module gets loaded.

The original code always returned -1 (-EPERM) on error but after this
patch it can return -EINVAL, or -ENOMEM or propagate the error code from
cond_read_node().  cond_read_node() still returns -1 all the time, but I
fix that in a later patch.

Signed-off-by: default avatarDan Carpenter <error27@gmail.com>
Acked-by: default avatarStephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 9e0bd4cb

security/selinux/ss/conditional.c

+6 −4
Original line number Diff line number Diff line
@@ -445,8 +445,8 @@ int cond_read_list(struct policydb *p, void *fp) 
	int rc;



	rc = next_entry(buf, fp, sizeof buf);

	if (rc < 0)

		return -1;

	if (rc)

		return rc;



	len = le32_to_cpu(buf[0]);
@@ -455,11 +455,13 @@ int cond_read_list(struct policydb *p, void *fp) 
		goto err;



	for (i = 0; i < len; i++) {

		rc = -ENOMEM;

		node = kzalloc(sizeof(struct cond_node), GFP_KERNEL);

		if (!node)

			goto err;



		if (cond_read_node(p, node, fp) != 0)

		rc = cond_read_node(p, node, fp);

		if (rc)

			goto err;



		if (i == 0)
@@ -472,7 +474,7 @@ int cond_read_list(struct policydb *p, void *fp) 
err:

	cond_list_destroy(p->cond_list);

	p->cond_list = NULL;

	return -1;

	return rc;

}



/* Determine whether additional permissions are granted by the conditional