On Mon, Jan 28, 2019 at 10:43 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > These checks are only guarding against programming errors that could > silently grant too many permissions. These cases are better handled with > WARN_ON(), since it doesn't really help much to crash the machine in > this case. > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > --- > security/selinux/avc.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) Merged, thanks. > diff --git a/security/selinux/avc.c b/security/selinux/avc.c > index 3a27418b20d7..33863298a9b5 100644 > --- a/security/selinux/avc.c > +++ b/security/selinux/avc.c > @@ -1059,7 +1059,8 @@ int avc_has_extended_perms(struct selinux_state *state, > int rc = 0, rc2; > > xp_node = &local_xp_node; > - BUG_ON(!requested); > + if (WARN_ON(!requested)) > + return -EACCES; > > rcu_read_lock(); > > @@ -1149,7 +1150,8 @@ inline int avc_has_perm_noaudit(struct selinux_state *state, > int rc = 0; > u32 denied; > > - BUG_ON(!requested); > + if (WARN_ON(!requested)) > + return -EACCES; > > rcu_read_lock(); > > -- > 2.20.1 > -- paul moore www.paul-moore.com
