On Mon, Jan 28, 2019 at 8:23 AM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On 1/26/19 5:18 AM, Ondrej Mosnacek wrote: > > These checks are only guarding against programming errors that could > > silently grant too many permissions. These cases are better handled with > > WARN_ON(), since it doesn't really help much to crash the machine in > > this case. > > > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > > --- > > security/selinux/avc.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/security/selinux/avc.c b/security/selinux/avc.c > > index 3a27418b20d7..84f108f4100a 100644 > > --- a/security/selinux/avc.c > > +++ b/security/selinux/avc.c > > @@ -1059,7 +1059,7 @@ int avc_has_extended_perms(struct selinux_state *state, > > int rc = 0, rc2; > > > > xp_node = &local_xp_node; > > - BUG_ON(!requested); > > + WARN_ON(!requested); > > Should this be: > if (WARN_ON(!requested)) > return -EACCES; I think so, it would be bad not to return an error in this case (and the similar one below). > > > > rcu_read_lock(); > > > > @@ -1149,7 +1149,7 @@ inline int avc_has_perm_noaudit(struct selinux_state *state, > > int rc = 0; > > u32 denied; > > > > - BUG_ON(!requested); > > + WARN_ON(!requested); > > And likewise > > > > > rcu_read_lock(); > > > > -- paul moore www.paul-moore.com
