On Tue, Mar 20, 2018 at 11:59 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> If security_get_bools/classes are called before the selinux state is
> initialized (i.e. before first policy load), then they should just
> return immediately with no booleans/classes.
>
> Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
> ---
> security/selinux/ss/services.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
Merged. Thanks for extracting this Stephen.
> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> index 4785ca552d51..ccfa65f6bc17 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -2811,6 +2811,13 @@ int security_get_bools(struct selinux_state *state,
> struct policydb *policydb;
> int i, rc;
>
> + if (!state->initialized) {
> + *len = 0;
> + *names = NULL;
> + *values = NULL;
> + return 0;
> + }
> +
> read_lock(&state->ss->policy_rwlock);
>
> policydb = &state->ss->policydb;
> @@ -3141,6 +3148,12 @@ int security_get_classes(struct selinux_state *state,
> struct policydb *policydb = &state->ss->policydb;
> int rc;
>
> + if (!state->initialized) {
> + *nclasses = 0;
> + *classes = NULL;
> + return 0;
> + }
> +
> read_lock(&state->ss->policy_rwlock);
>
> rc = -ENOMEM;
> --
> 2.14.3
>
--
paul moore
www.paul-moore.com
