On 1/26/19 5:18 AM, Ondrej Mosnacek wrote:
These checks are only guarding against programming errors that could
silently grant too many permissions. These cases are better handled with
WARN_ON(), since it doesn't really help much to crash the machine in
this case.
Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
---
security/selinux/avc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 3a27418b20d7..84f108f4100a 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -1059,7 +1059,7 @@ int avc_has_extended_perms(struct selinux_state *state,
int rc = 0, rc2;
xp_node = &local_xp_node;
- BUG_ON(!requested);
+ WARN_ON(!requested);
Should this be:
if (WARN_ON(!requested))
return -EACCES;
rcu_read_lock();
@@ -1149,7 +1149,7 @@ inline int avc_has_perm_noaudit(struct selinux_state *state,
int rc = 0;
u32 denied;
- BUG_ON(!requested);
+ WARN_ON(!requested);
And likewise
rcu_read_lock();
