From 274f62e1e5c74e7cbc5c965ec02b7c590da4b2fe Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Tue, 20 Mar 2018 11:59:10 -0400 Subject: [PATCH] selinux: fix handling of uninitialized selinux state in get_bools/classes If security_get_bools/classes are called before the selinux state is initialized (i.e. before first policy load), then they should just return immediately with no booleans/classes. Signed-off-by: Stephen Smalley Signed-off-by: Paul Moore --- security/selinux/ss/services.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 4785ca552d51..ccfa65f6bc17 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2811,6 +2811,13 @@ int security_get_bools(struct selinux_state *state, struct policydb *policydb; int i, rc; + if (!state->initialized) { + *len = 0; + *names = NULL; + *values = NULL; + return 0; + } + read_lock(&state->ss->policy_rwlock); policydb = &state->ss->policydb; @@ -3141,6 +3148,12 @@ int security_get_classes(struct selinux_state *state, struct policydb *policydb = &state->ss->policydb; int rc; + if (!state->initialized) { + *nclasses = 0; + *classes = NULL; + return 0; + } + read_lock(&state->ss->policy_rwlock); rc = -ENOMEM; -- GitLab