[PATCH 04/16 v2] libsepol: Check for error from check_assertion_extended_permissions()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Return an error if check_assertion_extended_permissions() returns
an error instead of treating it as an assertion violation.

Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
---
 libsepol/src/assertion.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libsepol/src/assertion.c b/libsepol/src/assertion.c
index 832d3749..a2cbb74d 100644
--- a/libsepol/src/assertion.c
+++ b/libsepol/src/assertion.c
@@ -481,6 +481,8 @@ static int check_assertion_avtab_match(avtab_key_t *k, avtab_datum_t *d, void *a
 
 	if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) {
 		rc = check_assertion_extended_permissions(avrule, avtab, k, p);
+		if (rc < 0)
+			goto oom;
 		if (rc == 0)
 			goto nomatch;
 	}
-- 
2.31.1
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux