Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 274f62e1 authored by Stephen Smalley's avatar Stephen Smalley Committed by Paul Moore
Browse files

selinux: fix handling of uninitialized selinux state in get_bools/classes 



If security_get_bools/classes are called before the selinux state is
initialized (i.e. before first policy load), then they should just
return immediately with no booleans/classes.

Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent d3cc2cd7

security/selinux/ss/services.c

+13 −0
Original line number Diff line number Diff line
@@ -2811,6 +2811,13 @@ int security_get_bools(struct selinux_state *state, 
	struct policydb *policydb;

	int i, rc;



	if (!state->initialized) {

		*len = 0;

		*names = NULL;

		*values = NULL;

		return 0;

	}



	read_lock(&state->ss->policy_rwlock);



	policydb = &state->ss->policydb;
@@ -3141,6 +3148,12 @@ int security_get_classes(struct selinux_state *state, 
	struct policydb *policydb = &state->ss->policydb;

	int rc;



	if (!state->initialized) {

		*nclasses = 0;

		*classes = NULL;

		return 0;

	}



	read_lock(&state->ss->policy_rwlock);



	rc = -ENOMEM;