On Wed, Aug 19, 2020 at 9:45 AM Stephen Smalley
<stephen.smalley.work@xxxxxxxxx> wrote:
>
> Certain SELinux security server functions (e.g. security_port_sid,
> called during bind) were not explicitly testing to see if SELinux
> has been initialized (i.e. initial policy loaded) and handling
> the no-policy-loaded case. In the past this happened to work
> because the policydb was statically allocated and could always
> be accessed, but with the recent encapsulation of policy state
> and conversion to dynamic allocation, we can no longer access
> the policy state prior to initialization. Add a test of
> !selinux_initialized(state) to all of the exported functions that
> were missing them and handle appropriately.
>
> Fixes: 461698026ffa ("selinux: encapsulate policy state, refactor policy load")
> Reported-by: Naresh Kamboju <naresh.kamboju@xxxxxxxxxx>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
> ---
> security/selinux/ss/services.c | 60 ++++++++++++++++++++++++++++++++++
> 1 file changed, 60 insertions(+)
Merged into selinux/next, thanks Stephen.
--
paul moore
www.paul-moore.com
