On Wed, Jul 28, 2021 at 2:30 AM Xiu Jianfeng <xiujianfeng@xxxxxxxxxx> wrote:
>
> It should not return 0 when SID 0 is assigned to isids.
> This patch fixes it.
>
> Fixes: e3e0b582c321a ("selinux: remove unused initial SIDs and improve handling")
> Signed-off-by: Xiu Jianfeng <xiujianfeng@xxxxxxxxxx>
> ---
> security/selinux/ss/policydb.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
> index defc5ef35c66..ad1183e18ce0 100644
> --- a/security/selinux/ss/policydb.c
> +++ b/security/selinux/ss/policydb.c
> @@ -884,6 +884,7 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s)
>
> if (sid == SECSID_NULL) {
> pr_err("SELinux: SID 0 was assigned a context.\n");
> + rc = -EINVAL;
> sidtab_destroy(s);
> goto out;
> }
Hi Xiu Jianfeng,
Thanks for the patch, but since you are fixing the error handling in
policydb_load_isids(), would you mind respinning this patch to get rid
of the "out" label and just have all of the associated callers return
directly instead? I generally dislike jump targets that do nothing
else other than return a value; those 'goto X;' statements can easily
be converted into 'return Y;' statements.
Thanks.
--
paul moore
www.paul-moore.com
