Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
commit 8b114a3bf25b7b818910cca77528de80cdb953f8 upstream.
If we get an EINVAL from security_compute_av* (indicates an invalid
source or target security context, likely due to a policy reload that
removed one or the other) and we are in permissive mode, then handle it
like any other permission denial, i.e. log but do not deny it.
Change-Id: I6cb5f06e7468d685b647513ed7a653f2f6676a2a
Reported-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
1 file changed