[PATCH v3 3/4] selinux: remove some useless BUG_ONs
Stephen Smalley
sds at tycho.nsa.gov
Fri Jan 25 13:52:05 UTC 2019
On 1/25/19 5:06 AM, Ondrej Mosnacek wrote:
> These BUG_ONs do not really protect from any catastrophic situation so
> there is no need to have them there.
They are to catch bugs in callers that pass requested==0. That is
always indicative of a bug in the caller (e.g. failed to correctly
compute the permissions). Otherwise, we will silently allow such calls
and not notice them.
At the least, they should be WARN_ONs.
>
> Signed-off-by: Ondrej Mosnacek <omosnace at redhat.com>
> ---
> security/selinux/avc.c | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index 5ebad47391c9..478fa4213c25 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -1044,7 +1044,6 @@ int avc_has_extended_perms(struct selinux_state *state,
> int rc = 0, rc2;
>
> xp_node = &local_xp_node;
> - BUG_ON(!requested);
>
> rcu_read_lock();
>
> @@ -1134,8 +1133,6 @@ inline int avc_has_perm_noaudit(struct selinux_state *state,
> int rc = 0;
> u32 denied;
>
> - BUG_ON(!requested);
> -
> rcu_read_lock();
>
> node = avc_lookup(state->avc, ssid, tsid, tclass);
>
More information about the Linux-audit
mailing list