After this patch cond_read_av_list() no longer returns -1 for any
errors. It just propagates error code back from lower levels. Those can
either be -EINVAL or -ENOMEM.
I also modified cond_insertf() since cond_read_av_list() passes that as a
function pointer to avtab_read_item(). It isn't used anywhere else.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
struct cond_av_list *other = data->other, *list, *cur;
struct avtab_node *node_ptr;
u8 found;
struct cond_av_list *other = data->other, *list, *cur;
struct avtab_node *node_ptr;
u8 found;
/*
* For type rules we have to make certain there aren't any
/*
* For type rules we have to make certain there aren't any
node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
if (!node_ptr) {
printk(KERN_ERR "SELinux: could not insert rule.\n");
node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
if (!node_ptr) {
printk(KERN_ERR "SELinux: could not insert rule.\n");
goto err;
}
list = kzalloc(sizeof(struct cond_av_list), GFP_KERNEL);
goto err;
}
list = kzalloc(sizeof(struct cond_av_list), GFP_KERNEL);
+ if (!list) {
+ rc = -ENOMEM;
list->node = node_ptr;
if (!data->head)
list->node = node_ptr;
if (!data->head)
err:
cond_av_list_destroy(data->head);
data->head = NULL;
err:
cond_av_list_destroy(data->head);
data->head = NULL;
}
static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list **ret_list, struct cond_av_list *other)
}
static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list **ret_list, struct cond_av_list *other)
len = 0;
rc = next_entry(buf, fp, sizeof(u32));
len = 0;
rc = next_entry(buf, fp, sizeof(u32));
- if (rc < 0)
- return -1;
len = le32_to_cpu(buf[0]);
if (len == 0)
len = le32_to_cpu(buf[0]);
if (len == 0)
&data);
if (rc)
return rc;
&data);
if (rc)
return rc;