Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9d623b17 authored by Dan Carpenter's avatar Dan Carpenter Committed by James Morris
Browse files

selinux: fix error codes in cond_read_av_list() 



After this patch cond_read_av_list() no longer returns -1 for any
errors.  It just propagates error code back from lower levels.  Those can
either be -EINVAL or -ENOMEM.

I also modified cond_insertf() since cond_read_av_list() passes that as a
function pointer to avtab_read_item().  It isn't used anywhere else.

Signed-off-by: default avatarDan Carpenter <error27@gmail.com>
Acked-by: default avatarStephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 5241c107

security/selinux/ss/conditional.c

+8 −6
Original line number Diff line number Diff line
@@ -263,7 +263,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum 
	struct cond_av_list *other = data->other, *list, *cur;

	struct avtab_node *node_ptr;

	u8 found;



	int rc = -EINVAL;



	/*

	 * For type rules we have to make certain there aren't any
@@ -313,12 +313,15 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum 
	node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);

	if (!node_ptr) {

		printk(KERN_ERR "SELinux: could not insert rule.\n");

		rc = -ENOMEM;

		goto err;

	}



	list = kzalloc(sizeof(struct cond_av_list), GFP_KERNEL);

	if (!list)

	if (!list) {

		rc = -ENOMEM;

		goto err;

	}



	list->node = node_ptr;

	if (!data->head)
@@ -331,7 +334,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum 
err:

	cond_av_list_destroy(data->head);

	data->head = NULL;

	return -1;

	return rc;

}



static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list **ret_list, struct cond_av_list *other)
@@ -345,8 +348,8 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list * 


	len = 0;

	rc = next_entry(buf, fp, sizeof(u32));

	if (rc < 0)

		return -1;

	if (rc)

		return rc;



	len = le32_to_cpu(buf[0]);

	if (len == 0)
@@ -361,7 +364,6 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list * 
				     &data);

		if (rc)

			return rc;



	}



	*ret_list = data.head;