From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Fri, 10 Jul 2015 21:19:57 +0000 (-0400)
Subject: selinux: Augment BUG_ON assertion for secclass_map.
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=bd1741f4cf05d7709348f591d16eeb5f786de673;p=linux-beck.git

selinux: Augment BUG_ON assertion for secclass_map.

Ensure that we catch any cases where tclass == 0.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
---

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 2d5e1b04cd50..324acc62f7e0 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -116,6 +116,7 @@ static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
 		return;
 	}
 
+	BUG_ON(!tclass || tclass >= ARRAY_SIZE(secclass_map));
 	perms = secclass_map[tclass-1].perms;
 
 	audit_log_format(ab, " {");
@@ -164,7 +165,7 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
 		kfree(scontext);
 	}
 
-	BUG_ON(tclass >= ARRAY_SIZE(secclass_map));
+	BUG_ON(!tclass || tclass >= ARRAY_SIZE(secclass_map));
 	audit_log_format(ab, " tclass=%s", secclass_map[tclass-1].name);
 }