On Wed, Aug 19, 2020 at 6:31 PM Stephen Rothwell sfr@canb.auug.org.au wrote:
Hi all,
On Wed, 19 Aug 2020 11:12:44 -0400 Stephen Smalley stephen.smalley.work@gmail.com wrote:
Fix can be found at:https://patchwork.kernel.org/patch/11724203/ https://patchwork.kernel.org/patch/11724203/
Thanks.
I will add that to the selinux tree merge in linux-next until it turns up in the tree.
FYI, I just merged that patch into the selinux/next tree.
commit 37ea433c66070fcef09c6d118492c36299eb72ba Author: Stephen Smalley stephen.smalley.work@gmail.com Date: Wed Aug 19 09:45:41 2020 -0400
selinux: avoid dereferencing the policy prior to initialization
Certain SELinux security server functions (e.g. security_port_sid, called during bind) were not explicitly testing to see if SELinux has been initialized (i.e. initial policy loaded) and handling the no-policy-loaded case. In the past this happened to work because the policydb was statically allocated and could always be accessed, but with the recent encapsulation of policy state and conversion to dynamic allocation, we can no longer access the policy state prior to initialization. Add a test of !selinux_initialized(state) to all of the exported functions that were missing them and handle appropriately.
Fixes: 461698026ffa ("selinux: encapsulate policy state, refactor ...") Reported-by: Naresh Kamboju naresh.kamboju@linaro.org Tested-by: Andy Shevchenko andy.shevchenko@gmail.com Signed-off-by: Stephen Smalley stephen.smalley.work@gmail.com Signed-off-by: Paul Moore paul@paul-moore.com