Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

SELinux: return error codes on policy load failure

policy load failure always return EINVAL even if the failure was for some
other reason (usually ENOMEM).  This patch passes error codes back up the
stack where they will make their way to userspace.  This might help in
debugging future problems with policy load.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Eric Paris 15 years ago
parent
6f262d8e1a
commit
a200005038
1 changed files with 22 additions and 15 deletions
Unified View Show Diff Stats
  1. 22 15
      security/selinux/ss/services.c

+ 22 - 15
security/selinux/ss/services.c
View File 

@@ -1760,22 +1760,28 @@ int security_load_policy(void *data, size_t len)
 
 
 
 	if (!ss_initialized) {
 
 	if (!ss_initialized) {
 
 		avtab_cache_init();
 
 		avtab_cache_init();
 
-		if (policydb_read(&policydb, fp)) {
 
+		rc = policydb_read(&policydb, fp);
 
+		if (rc) {
 
 			avtab_cache_destroy();
 
 			avtab_cache_destroy();
 
-			return -EINVAL;
 
+			return rc;
 
 		}
 
 		}
 
-		if (selinux_set_mapping(&policydb, secclass_map,
 
-					&current_mapping,
 
-					&current_mapping_size)) {
 
+
 
+		rc = selinux_set_mapping(&policydb, secclass_map,
 
+					 &current_mapping,
 
+					 &current_mapping_size);
 
+		if (rc) {
 
 			policydb_destroy(&policydb);
 
 			policydb_destroy(&policydb);
 
 			avtab_cache_destroy();
 
 			avtab_cache_destroy();
 
-			return -EINVAL;
 
+			return rc;
 
 		}
 
 		}
 
-		if (policydb_load_isids(&policydb, &sidtab)) {
 
+
 
+		rc = policydb_load_isids(&policydb, &sidtab);
 
+		if (rc) {
 
 			policydb_destroy(&policydb);
 
 			policydb_destroy(&policydb);
 
 			avtab_cache_destroy();
 
 			avtab_cache_destroy();
 
-			return -EINVAL;
 
+			return rc;
 
 		}
 
 		}
 
+
 
 		security_load_policycaps();
 
 		security_load_policycaps();
 
 		ss_initialized = 1;
 
 		ss_initialized = 1;
 
 		seqno = ++latest_granting;
 
 		seqno = ++latest_granting;
 
@@ -1791,8 +1797,9 @@ int security_load_policy(void *data, size_t len)
 
 	sidtab_hash_eval(&sidtab, "sids");
 
 	sidtab_hash_eval(&sidtab, "sids");
 
 #endif
 
 #endif
 
 
 
-	if (policydb_read(&newpolicydb, fp))
 
-		return -EINVAL;
 
+	rc = policydb_read(&newpolicydb, fp);
 
+	if (rc)
 
+		return rc;
 
 
 
 	/* If switching between different policy types, log MLS status */
 
 	/* If switching between different policy types, log MLS status */
 
 	if (policydb.mls_enabled && !newpolicydb.mls_enabled)
 
 	if (policydb.mls_enabled && !newpolicydb.mls_enabled)
 
@@ -1807,8 +1814,8 @@ int security_load_policy(void *data, size_t len)
 
 		return rc;
 
 		return rc;
 
 	}
 
 	}
 
 
 
-	if (selinux_set_mapping(&newpolicydb, secclass_map,
 
-				&map, &map_size))
 
+	rc = selinux_set_mapping(&newpolicydb, secclass_map, &map, &map_size);
 
+	if (rc)
 
 		goto err;
 
 		goto err;
 
 
 
 	rc = security_preserve_bools(&newpolicydb);
 
 	rc = security_preserve_bools(&newpolicydb);
 
@@ -1819,10 +1826,10 @@ int security_load_policy(void *data, size_t len)
 
 
 
 	/* Clone the SID table. */
 
 	/* Clone the SID table. */
 
 	sidtab_shutdown(&sidtab);
 
 	sidtab_shutdown(&sidtab);
 
-	if (sidtab_map(&sidtab, clone_sid, &newsidtab)) {
 
-		rc = -ENOMEM;
 
+
 
+	rc = sidtab_map(&sidtab, clone_sid, &newsidtab);
 
+	if (rc)
 
 		goto err;
 
 		goto err;
 
-	}
 
 
 
 	/*
 
 	/*
 
 	 * Convert the internal representations of contexts
 
 	 * Convert the internal representations of contexts