Improve error handling for seapp_contexts.
Detect and reject configurations that specify name= without
seinfo= or with seinfo=default.
On any error during loading the configuration, drop the entire
configuration. This will prevent system_server or any apps
from being started by zygote at all. Previously we could be
left with a partially loaded, unsorted configuration which could
lead to partial startup but mislabeled processes.
On the error path, do not try to report the (name, value) pair for
the invalid entry as they are not always set (or meaningful) on all
code paths and we already have check_seapp to check and report the
same errors at build time.
Provide common helpers for freeing the configuration entries and
ensure that we always do it on any error during loading.
Change-Id: I2b238e90c9cc07a410e08a96a10d7699b608b3df
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
1 file changed