On Mon, Jan 28, 2019 at 4:11 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > On Mon, Jan 28, 2019 at 8:23 AM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > On 1/26/19 5:18 AM, Ondrej Mosnacek wrote: > > > These checks are only guarding against programming errors that could > > > silently grant too many permissions. These cases are better handled with > > > WARN_ON(), since it doesn't really help much to crash the machine in > > > this case. > > > > > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > > > --- > > > security/selinux/avc.c | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/security/selinux/avc.c b/security/selinux/avc.c > > > index 3a27418b20d7..84f108f4100a 100644 > > > --- a/security/selinux/avc.c > > > +++ b/security/selinux/avc.c > > > @@ -1059,7 +1059,7 @@ int avc_has_extended_perms(struct selinux_state *state, > > > int rc = 0, rc2; > > > > > > xp_node = &local_xp_node; > > > - BUG_ON(!requested); > > > + WARN_ON(!requested); > > > > Should this be: > > if (WARN_ON(!requested)) > > return -EACCES; > > I think so, it would be bad not to return an error in this case (and > the similar one below). Makes sense... will send a v2 right away. > > > > > > > rcu_read_lock(); > > > > > > @@ -1149,7 +1149,7 @@ inline int avc_has_perm_noaudit(struct selinux_state *state, > > > int rc = 0; > > > u32 denied; > > > > > > - BUG_ON(!requested); > > > + WARN_ON(!requested); > > > > And likewise > > > > > > > > rcu_read_lock(); > > > > > > > > -- > paul moore > www.paul-moore.com -- Ondrej Mosnacek <omosnace at redhat dot com> Associate Software Engineer, Security Technologies Red Hat, Inc.
