aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Carpenter <error27@gmail.com>2010-06-12 14:53:46 -0400
committerJames Morris <jmorris@namei.org>2010-08-02 01:35:02 -0400
commitfc5c126e4733e6fb3080d3d822ca63226e74fc84 (patch)
tree3320c22b66107c984ac0cf07c365420df42a4977
parent9d623b17a740d5a85c12108cdc71c64fb15484fc (diff)
selinux: fix error codes in cond_read_node()
Originally cond_read_node() returned -1 (-EPERM) on errors which was incorrect. Now it either propagates the error codes from lower level functions next_entry() or cond_read_av_list() or it returns -ENOMEM or -EINVAL. next_entry() returns -EINVAL. cond_read_av_list() returns -EINVAL or -ENOMEM. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--security/selinux/ss/conditional.c20
1 files changed, 12 insertions, 8 deletions
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index aac40c7ff28c..a2b3b298e604 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -392,24 +392,25 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
392 struct cond_expr *expr = NULL, *last = NULL; 392 struct cond_expr *expr = NULL, *last = NULL;
393 393
394 rc = next_entry(buf, fp, sizeof(u32)); 394 rc = next_entry(buf, fp, sizeof(u32));
395 if (rc < 0) 395 if (rc)
396 return -1; 396 return rc;
397 397
398 node->cur_state = le32_to_cpu(buf[0]); 398 node->cur_state = le32_to_cpu(buf[0]);
399 399
400 len = 0; 400 len = 0;
401 rc = next_entry(buf, fp, sizeof(u32)); 401 rc = next_entry(buf, fp, sizeof(u32));
402 if (rc < 0) 402 if (rc)
403 return -1; 403 return rc;
404 404
405 /* expr */ 405 /* expr */
406 len = le32_to_cpu(buf[0]); 406 len = le32_to_cpu(buf[0]);
407 407
408 for (i = 0; i < len; i++) { 408 for (i = 0; i < len; i++) {
409 rc = next_entry(buf, fp, sizeof(u32) * 2); 409 rc = next_entry(buf, fp, sizeof(u32) * 2);
410 if (rc < 0) 410 if (rc)
411 goto err; 411 goto err;
412 412
413 rc = -ENOMEM;
413 expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL); 414 expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL);
414 if (!expr) 415 if (!expr)
415 goto err; 416 goto err;
@@ -418,6 +419,7 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
418 expr->bool = le32_to_cpu(buf[1]); 419 expr->bool = le32_to_cpu(buf[1]);
419 420
420 if (!expr_isvalid(p, expr)) { 421 if (!expr_isvalid(p, expr)) {
422 rc = -EINVAL;
421 kfree(expr); 423 kfree(expr);
422 goto err; 424 goto err;
423 } 425 }
@@ -429,14 +431,16 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
429 last = expr; 431 last = expr;
430 } 432 }
431 433
432 if (cond_read_av_list(p, fp, &node->true_list, NULL) != 0) 434 rc = cond_read_av_list(p, fp, &node->true_list, NULL);
435 if (rc)
433 goto err; 436 goto err;
434 if (cond_read_av_list(p, fp, &node->false_list, node->true_list) != 0) 437 rc = cond_read_av_list(p, fp, &node->false_list, node->true_list);
438 if (rc)
435 goto err; 439 goto err;
436 return 0; 440 return 0;
437err: 441err:
438 cond_node_destroy(node); 442 cond_node_destroy(node);
439 return -1; 443 return rc;
440} 444}
441 445
442int cond_read_list(struct policydb *p, void *fp) 446int cond_read_list(struct policydb *p, void *fp)