Skip to content

Commit

Permalink
selinux: replace BUG_ONs with WARN_ONs in avc.c
Browse files Browse the repository at this point in the history
These checks are only guarding against programming errors that could
silently grant too many permissions. These cases are better handled with
WARN_ON(), since it doesn't really help much to crash the machine in
this case.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
  • Loading branch information
Ondrej Mosnacek authored and Paul Moore committed Jan 28, 2019
1 parent fede148 commit e6f2f38
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions security/selinux/avc.c
Original file line number Diff line number Diff line change
Expand Up @@ -1059,7 +1059,8 @@ int avc_has_extended_perms(struct selinux_state *state,
int rc = 0, rc2;

xp_node = &local_xp_node;
BUG_ON(!requested);
if (WARN_ON(!requested))
return -EACCES;

rcu_read_lock();

Expand Down Expand Up @@ -1149,7 +1150,8 @@ inline int avc_has_perm_noaudit(struct selinux_state *state,
int rc = 0;
u32 denied;

BUG_ON(!requested);
if (WARN_ON(!requested))
return -EACCES;

rcu_read_lock();

Expand Down

0 comments on commit e6f2f38

Please sign in to comment.