SELinux Archive on lore.kernel.org
 help / Atom feed
* [PATCH v2] selinux: replace BUG_ONs with WARN_ONs in avc.c
@ 2019-01-28 15:43 Ondrej Mosnacek
  2019-01-28 16:06 ` Stephen Smalley
  2019-01-28 23:12 ` Paul Moore
  0 siblings, 2 replies; 3+ messages in thread
From: Ondrej Mosnacek @ 2019-01-28 15:43 UTC (permalink / raw)
  To: selinux, Paul Moore; +Cc: Stephen Smalley, Ondrej Mosnacek

These checks are only guarding against programming errors that could
silently grant too many permissions. These cases are better handled with
WARN_ON(), since it doesn't really help much to crash the machine in
this case.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 security/selinux/avc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 3a27418b20d7..33863298a9b5 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -1059,7 +1059,8 @@ int avc_has_extended_perms(struct selinux_state *state,
 	int rc = 0, rc2;
 
 	xp_node = &local_xp_node;
-	BUG_ON(!requested);
+	if (WARN_ON(!requested))
+		return -EACCES;
 
 	rcu_read_lock();
 
@@ -1149,7 +1150,8 @@ inline int avc_has_perm_noaudit(struct selinux_state *state,
 	int rc = 0;
 	u32 denied;
 
-	BUG_ON(!requested);
+	if (WARN_ON(!requested))
+		return -EACCES;
 
 	rcu_read_lock();
 
-- 
2.20.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] selinux: replace BUG_ONs with WARN_ONs in avc.c
  2019-01-28 15:43 [PATCH v2] selinux: replace BUG_ONs with WARN_ONs in avc.c Ondrej Mosnacek
@ 2019-01-28 16:06 ` Stephen Smalley
  2019-01-28 23:12 ` Paul Moore
  1 sibling, 0 replies; 3+ messages in thread
From: Stephen Smalley @ 2019-01-28 16:06 UTC (permalink / raw)
  To: Ondrej Mosnacek, selinux, Paul Moore

On 1/28/19 10:43 AM, Ondrej Mosnacek wrote:
> These checks are only guarding against programming errors that could
> silently grant too many permissions. These cases are better handled with
> WARN_ON(), since it doesn't really help much to crash the machine in
> this case.
> 
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>

Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>

> ---
>   security/selinux/avc.c | 6 ++++--
>   1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index 3a27418b20d7..33863298a9b5 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -1059,7 +1059,8 @@ int avc_has_extended_perms(struct selinux_state *state,
>   	int rc = 0, rc2;
>   
>   	xp_node = &local_xp_node;
> -	BUG_ON(!requested);
> +	if (WARN_ON(!requested))
> +		return -EACCES;
>   
>   	rcu_read_lock();
>   
> @@ -1149,7 +1150,8 @@ inline int avc_has_perm_noaudit(struct selinux_state *state,
>   	int rc = 0;
>   	u32 denied;
>   
> -	BUG_ON(!requested);
> +	if (WARN_ON(!requested))
> +		return -EACCES;
>   
>   	rcu_read_lock();
>   
> 


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] selinux: replace BUG_ONs with WARN_ONs in avc.c
  2019-01-28 15:43 [PATCH v2] selinux: replace BUG_ONs with WARN_ONs in avc.c Ondrej Mosnacek
  2019-01-28 16:06 ` Stephen Smalley
@ 2019-01-28 23:12 ` Paul Moore
  1 sibling, 0 replies; 3+ messages in thread
From: Paul Moore @ 2019-01-28 23:12 UTC (permalink / raw)
  To: Ondrej Mosnacek; +Cc: selinux, Stephen Smalley

On Mon, Jan 28, 2019 at 10:43 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> These checks are only guarding against programming errors that could
> silently grant too many permissions. These cases are better handled with
> WARN_ON(), since it doesn't really help much to crash the machine in
> this case.
>
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
>  security/selinux/avc.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)

Merged, thanks.

> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index 3a27418b20d7..33863298a9b5 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -1059,7 +1059,8 @@ int avc_has_extended_perms(struct selinux_state *state,
>         int rc = 0, rc2;
>
>         xp_node = &local_xp_node;
> -       BUG_ON(!requested);
> +       if (WARN_ON(!requested))
> +               return -EACCES;
>
>         rcu_read_lock();
>
> @@ -1149,7 +1150,8 @@ inline int avc_has_perm_noaudit(struct selinux_state *state,
>         int rc = 0;
>         u32 denied;
>
> -       BUG_ON(!requested);
> +       if (WARN_ON(!requested))
> +               return -EACCES;
>
>         rcu_read_lock();
>
> --
> 2.20.1
>


-- 
paul moore
www.paul-moore.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-28 15:43 [PATCH v2] selinux: replace BUG_ONs with WARN_ONs in avc.c Ondrej Mosnacek
2019-01-28 16:06 ` Stephen Smalley
2019-01-28 23:12 ` Paul Moore

SELinux Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/selinux/0 selinux/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux selinux/ https://lore.kernel.org/selinux \
		selinux@vger.kernel.org selinux@archiver.kernel.org
	public-inbox-index selinux


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux


AGPL code for this site: git clone https://public-inbox.org/ public-inbox