diff options
author | Dan Carpenter <error27@gmail.com> | 2010-06-12 14:52:19 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-08-02 01:35:02 -0400 |
commit | 9d623b17a740d5a85c12108cdc71c64fb15484fc (patch) | |
tree | 15434839a75f9c46c53a201520c6c859fad3c74b /security/selinux | |
parent | 5241c1074f6e2f2276d45d857eb5d19fbdc2e4b2 (diff) |
selinux: fix error codes in cond_read_av_list()
After this patch cond_read_av_list() no longer returns -1 for any
errors. It just propagates error code back from lower levels. Those can
either be -EINVAL or -ENOMEM.
I also modified cond_insertf() since cond_read_av_list() passes that as a
function pointer to avtab_read_item(). It isn't used anywhere else.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/ss/conditional.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index 775418aa0a8e..aac40c7ff28c 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c | |||
@@ -263,7 +263,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum | |||
263 | struct cond_av_list *other = data->other, *list, *cur; | 263 | struct cond_av_list *other = data->other, *list, *cur; |
264 | struct avtab_node *node_ptr; | 264 | struct avtab_node *node_ptr; |
265 | u8 found; | 265 | u8 found; |
266 | 266 | int rc = -EINVAL; | |
267 | 267 | ||
268 | /* | 268 | /* |
269 | * For type rules we have to make certain there aren't any | 269 | * For type rules we have to make certain there aren't any |
@@ -313,12 +313,15 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum | |||
313 | node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d); | 313 | node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d); |
314 | if (!node_ptr) { | 314 | if (!node_ptr) { |
315 | printk(KERN_ERR "SELinux: could not insert rule.\n"); | 315 | printk(KERN_ERR "SELinux: could not insert rule.\n"); |
316 | rc = -ENOMEM; | ||
316 | goto err; | 317 | goto err; |
317 | } | 318 | } |
318 | 319 | ||
319 | list = kzalloc(sizeof(struct cond_av_list), GFP_KERNEL); | 320 | list = kzalloc(sizeof(struct cond_av_list), GFP_KERNEL); |
320 | if (!list) | 321 | if (!list) { |
322 | rc = -ENOMEM; | ||
321 | goto err; | 323 | goto err; |
324 | } | ||
322 | 325 | ||
323 | list->node = node_ptr; | 326 | list->node = node_ptr; |
324 | if (!data->head) | 327 | if (!data->head) |
@@ -331,7 +334,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum | |||
331 | err: | 334 | err: |
332 | cond_av_list_destroy(data->head); | 335 | cond_av_list_destroy(data->head); |
333 | data->head = NULL; | 336 | data->head = NULL; |
334 | return -1; | 337 | return rc; |
335 | } | 338 | } |
336 | 339 | ||
337 | static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list **ret_list, struct cond_av_list *other) | 340 | static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list **ret_list, struct cond_av_list *other) |
@@ -345,8 +348,8 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list * | |||
345 | 348 | ||
346 | len = 0; | 349 | len = 0; |
347 | rc = next_entry(buf, fp, sizeof(u32)); | 350 | rc = next_entry(buf, fp, sizeof(u32)); |
348 | if (rc < 0) | 351 | if (rc) |
349 | return -1; | 352 | return rc; |
350 | 353 | ||
351 | len = le32_to_cpu(buf[0]); | 354 | len = le32_to_cpu(buf[0]); |
352 | if (len == 0) | 355 | if (len == 0) |
@@ -361,7 +364,6 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list * | |||
361 | &data); | 364 | &data); |
362 | if (rc) | 365 | if (rc) |
363 | return rc; | 366 | return rc; |
364 | |||
365 | } | 367 | } |
366 | 368 | ||
367 | *ret_list = data.head; | 369 | *ret_list = data.head; |