On Monday, June 15, 2015 01:27:10 PM Stephen Smalley wrote:
> Ensure that we catch any cases where tclass == 0.
>
> Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
> ---
> security/selinux/avc.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
Applied to SELinux next-queue, thanks.
At some point we should go through the SELinux code and take a closer look at
these BUG/BUG_ON statements; it would be nice to have safety/notification
checks that aren't dependent on Kconfig options which can be disabled.
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index 3c17dda..dcb8b0f 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -101,6 +101,7 @@ static void avc_dump_av(struct audit_buffer *ab, u16
> tclass, u32 av) return;
> }
>
> + BUG_ON(!tclass || tclass >= ARRAY_SIZE(secclass_map));
> perms = secclass_map[tclass-1].perms;
>
> audit_log_format(ab, " {");
> @@ -149,7 +150,7 @@ static void avc_dump_query(struct audit_buffer *ab, u32
> ssid, u32 tsid, u16 tcla kfree(scontext);
> }
>
> - BUG_ON(tclass >= ARRAY_SIZE(secclass_map));
> + BUG_ON(!tclass || tclass >= ARRAY_SIZE(secclass_map));
> audit_log_format(ab, " tclass=%s", secclass_map[tclass-1].name);
> }
--
paul moore
www.paul-moore.com
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
