提交 274f62e1 编写于 作者: S Stephen Smalley 提交者: Paul Moore

selinux: fix handling of uninitialized selinux state in get_bools/classes

If security_get_bools/classes are called before the selinux state is
initialized (i.e. before first policy load), then they should just
return immediately with no booleans/classes.
Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: NPaul Moore <paul@paul-moore.com>
上级 d3cc2cd7
...@@ -2811,6 +2811,13 @@ int security_get_bools(struct selinux_state *state, ...@@ -2811,6 +2811,13 @@ int security_get_bools(struct selinux_state *state,
struct policydb *policydb; struct policydb *policydb;
int i, rc; int i, rc;
if (!state->initialized) {
*len = 0;
*names = NULL;
*values = NULL;
return 0;
}
read_lock(&state->ss->policy_rwlock); read_lock(&state->ss->policy_rwlock);
policydb = &state->ss->policydb; policydb = &state->ss->policydb;
...@@ -3141,6 +3148,12 @@ int security_get_classes(struct selinux_state *state, ...@@ -3141,6 +3148,12 @@ int security_get_classes(struct selinux_state *state,
struct policydb *policydb = &state->ss->policydb; struct policydb *policydb = &state->ss->policydb;
int rc; int rc;
if (!state->initialized) {
*nclasses = 0;
*classes = NULL;
return 0;
}
read_lock(&state->ss->policy_rwlock); read_lock(&state->ss->policy_rwlock);
rc = -ENOMEM; rc = -ENOMEM;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册