selinux: replace some BUG_ON()s with a WARN_ON()

We don't need to crash the machine in these cases. Let's just detect the buggy state early and error out with a warning. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>
mariux64 · Jan 25, 2019 · 994fb06 · 994fb06
1 parent a2c5138
commit 994fb06
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
@@ -678,7 +678,6 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
 		return;
 	}
 
-	BUG_ON(!sad->tclass || sad->tclass >= ARRAY_SIZE(secclass_map));
 	perms = secclass_map[sad->tclass-1].perms;
 
 	audit_log_string(ab, " {");
@@ -731,7 +730,6 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
 		kfree(scontext);
 	}
 
-	BUG_ON(!sad->tclass || sad->tclass >= ARRAY_SIZE(secclass_map));
 	audit_log_format(ab, " tclass=%s", secclass_map[sad->tclass-1].name);
 
 	if (sad->denied)
@@ -748,6 +746,9 @@ noinline int slow_avc_audit(struct selinux_state *state,
 	struct common_audit_data stack_data;
 	struct selinux_audit_data sad;
 
+	if (WARN_ON(!tclass || tclass >= ARRAY_SIZE(secclass_map)))
+		return -EINVAL;
+
 	if (!a) {
 		a = &stack_data;
 		a->type = LSM_AUDIT_DATA_NONE;