diff options
-rw-r--r-- | security/selinux/ss/services.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 543fd0f31b33..04c0b70c8012 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -407,9 +407,19 @@ static int context_struct_compute_av(struct context *scontext, | |||
407 | return 0; | 407 | return 0; |
408 | 408 | ||
409 | inval_class: | 409 | inval_class: |
410 | printk(KERN_ERR "SELinux: %s: unrecognized class %d\n", __func__, | 410 | if (!tclass || tclass > kdefs->cts_len || |
411 | tclass); | 411 | !kdefs->class_to_string[tclass]) { |
412 | return -EINVAL; | 412 | if (printk_ratelimit()) |
413 | printk(KERN_ERR "SELinux: %s: unrecognized class %d\n", | ||
414 | __func__, tclass); | ||
415 | return -EINVAL; | ||
416 | } | ||
417 | |||
418 | /* | ||
419 | * Known to the kernel, but not to the policy. | ||
420 | * Handle as a denial (allowed is 0). | ||
421 | */ | ||
422 | return 0; | ||
413 | } | 423 | } |
414 | 424 | ||
415 | /* | 425 | /* |