selinux: fix handling of uninitialized selinux state in get_bools/classes

If security_get_bools/classes are called before the selinux state is initialized (i.e. before first policy load), then they should just return immediately with no booleans/classes. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Stephen Smalley <sds@tycho.nsa.gov> 2018-03-20 11:59:10 -0400
committer: Paul Moore <paul@paul-moore.com> 2018-03-20 16:29:17 -0400
commit: 274f62e1e5c74e7cbc5c965ec02b7c590da4b2fe (patch)
tree: f2aaaeab76c5463c2608981f9628bc6b8aabd63a /security/selinux
parent: d3cc2cd7c8d7adfb43075036878e319d5893280d (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 4785ca552d51..ccfa65f6bc17 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2811,6 +2811,13 @@ int security_get_bools(struct selinux_state *state,
        struct policydb *policydb;
        int i, rc;
+        if (!state->initialized) {
+                *len = 0;
+                *names = NULL;
+                *values = NULL;
+                return 0;
+        }
        read_lock(&state->ss->policy_rwlock);
        policydb = &state->ss->policydb;
@@ -3141,6 +3148,12 @@ int security_get_classes(struct selinux_state *state,
        struct policydb *policydb = &state->ss->policydb;
        int rc;
+        if (!state->initialized) {
+                *nclasses = 0;
+                *classes = NULL;
+                return 0;
+        }
        read_lock(&state->ss->policy_rwlock);
        rc = -ENOMEM;
author	Stephen Smalley <sds@tycho.nsa.gov>	2018-03-20 11:59:10 -0400
committer	Paul Moore <paul@paul-moore.com>	2018-03-20 16:29:17 -0400
commit	274f62e1e5c74e7cbc5c965ec02b7c590da4b2fe (patch)
tree	f2aaaeab76c5463c2608981f9628bc6b8aabd63a /security/selinux
parent	d3cc2cd7c8d7adfb43075036878e319d5893280d (diff)

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 4785ca552d51..ccfa65f6bc17 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c
@@ -2811,6 +2811,13 @@ int security_get_bools(struct selinux_state *state,
2811	struct policydb *policydb;	2811	struct policydb *policydb;
2812	int i, rc;	2812	int i, rc;
2813		2813
		2814	if (!state->initialized) {
		2815	*len = 0;
		2816	*names = NULL;
		2817	*values = NULL;
		2818	return 0;
		2819	}
		2820
2814	read_lock(&state->ss->policy_rwlock);	2821	read_lock(&state->ss->policy_rwlock);
2815		2822
2816	policydb = &state->ss->policydb;	2823	policydb = &state->ss->policydb;
@@ -3141,6 +3148,12 @@ int security_get_classes(struct selinux_state *state,
3141	struct policydb *policydb = &state->ss->policydb;	3148	struct policydb *policydb = &state->ss->policydb;
3142	int rc;	3149	int rc;
3143		3150
		3151	if (!state->initialized) {
		3152	*nclasses = 0;
		3153	*classes = NULL;
		3154	return 0;
		3155	}
		3156
3144	read_lock(&state->ss->policy_rwlock);	3157	read_lock(&state->ss->policy_rwlock);
3145		3158
3146	rc = -ENOMEM;	3159	rc = -ENOMEM;