diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2015-02-02 22:16:44 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-02-02 22:16:44 +0000 |
commit | 754d9bd5399cebc08a7af5dbdf3559d3d9f5cc75 (patch) | |
tree | 420434ac8558b65e5767db4a54b3dc8dc74ec4f1 | |
parent | c71c9f1c459ce720adc6cd08e406684b82474ca3 (diff) | |
parent | 6f1b8911f53284c7c768562ab4e3164edfafeb2c (diff) | |
download | libselinux-754d9bd5399cebc08a7af5dbdf3559d3d9f5cc75.tar.gz |
am 6f1b8911: Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
* commit '6f1b8911f53284c7c768562ab4e3164edfafeb2c':
Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
-rw-r--r-- | src/avc.c | 19 |
1 files changed, 17 insertions, 2 deletions
@@ -691,6 +691,16 @@ void avc_audit(security_id_t ssid, security_id_t tsid, hidden_def(avc_audit) + +static void avd_init(struct av_decision *avd) +{ + avd->allowed = 0; + avd->auditallow = 0; + avd->auditdeny = 0xffffffff; + avd->seqno = avc_cache.latest_notif; + avd->flags = 0; +} + int avc_has_perm_noaudit(security_id_t ssid, security_id_t tsid, security_class_t tclass, @@ -703,6 +713,9 @@ int avc_has_perm_noaudit(security_id_t ssid, access_vector_t denied; struct avc_entry_ref ref; + if (avd) + avd_init(avd); + if (!avc_using_threads && !avc_app_main_loop) { (void)avc_netlink_check_nb(); } @@ -735,6 +748,10 @@ int avc_has_perm_noaudit(security_id_t ssid, rc = security_compute_av(ssid->ctx, tsid->ctx, tclass, requested, &entry.avd); + if (rc && errno == EINVAL && !avc_enforcing) { + rc = errno = 0; + goto out; + } if (rc) goto out; rc = avc_insert(ssid, tsid, tclass, &entry, aeref); @@ -773,8 +790,6 @@ int avc_has_perm(security_id_t ssid, security_id_t tsid, struct av_decision avd; int errsave, rc; - memset(&avd, 0, sizeof(avd)); - rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, aeref, &avd); errsave = errno; avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata); |