Commit e6f2f381 authored Jan 28, 2019 by Ondrej Mosnacek Committed by Paul Moore Jan 28, 2019

selinux: replace BUG_ONs with WARN_ONs in avc.c



These checks are only guarding against programming errors that could
silently grant too many permissions. These cases are better handled with
WARN_ON(), since it doesn't really help much to crash the machine in
this case.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>

parent fede1483

security/selinux/avc.c

+4 −2

Original line number	Diff line number	Diff line
		@@ -1059,7 +1059,8 @@ int avc_has_extended_perms(struct selinux_state *state,
		int rc = 0, rc2;

		xp_node = &local_xp_node;
		BUG_ON(!requested);
		if (WARN_ON(!requested))
		return -EACCES;

		rcu_read_lock();

		@@ -1149,7 +1150,8 @@ inline int avc_has_perm_noaudit(struct selinux_state *state,
		int rc = 0;
		u32 denied;

		BUG_ON(!requested);
		if (WARN_ON(!requested))
		return -EACCES;

		rcu_read_lock();