From: Stephen Smalley Date: Tue, 20 Mar 2018 15:59:10 +0000 (-0400) Subject: selinux: fix handling of uninitialized selinux state in get_bools/classes X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=274f62e1e5c74e7cbc5c965ec02b7c590da4b2fe;p=openwrt%2Fstaging%2Fblogic.git selinux: fix handling of uninitialized selinux state in get_bools/classes If security_get_bools/classes are called before the selinux state is initialized (i.e. before first policy load), then they should just return immediately with no booleans/classes. Signed-off-by: Stephen Smalley Signed-off-by: Paul Moore --- diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 4785ca552d51..ccfa65f6bc17 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2811,6 +2811,13 @@ int security_get_bools(struct selinux_state *state, struct policydb *policydb; int i, rc; + if (!state->initialized) { + *len = 0; + *names = NULL; + *values = NULL; + return 0; + } + read_lock(&state->ss->policy_rwlock); policydb = &state->ss->policydb; @@ -3141,6 +3148,12 @@ int security_get_classes(struct selinux_state *state, struct policydb *policydb = &state->ss->policydb; int rc; + if (!state->initialized) { + *nclasses = 0; + *classes = NULL; + return 0; + } + read_lock(&state->ss->policy_rwlock); rc = -ENOMEM;