libselinux: assert if avc_init() not called
To simplify finding why programs don't work, assert that avc_init() was
called any time avc functions are called. This means we won't get
'random' segfaults and will instead be able to hopefully quickly
determine what we did wrong as application developers.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c
index e7ad31d..802a07f 100644
--- a/libselinux/src/avc.c
+++ b/libselinux/src/avc.c
@@ -9,6 +9,7 @@
*/
#include <selinux/avc.h>
#include "selinux_internal.h"
+#include <assert.h>
#include "avc_sidtab.h"
#include "avc_internal.h"
@@ -69,6 +70,9 @@
int avc_context_to_sid_raw(const security_context_t ctx, security_id_t * sid)
{
int rc;
+ /* avc_init needs to be called before this function */
+ assert(avc_running);
+
avc_get_lock(avc_lock);
rc = sidtab_context_to_sid(&avc_sidtab, ctx, sid);
avc_release_lock(avc_lock);
@@ -249,6 +253,8 @@
void avc_sid_stats(void)
{
+ /* avc_init needs to be called before this function */
+ assert(avc_running);
avc_get_lock(avc_log_lock);
avc_get_lock(avc_lock);
sidtab_sid_stats(&avc_sidtab, avc_audit_buf, AVC_AUDIT_BUFSIZE);
@@ -548,6 +554,8 @@
struct avc_callback_node *c;
struct avc_node *node, *tmp;
int i;
+ /* avc_init needs to be called before this function */
+ assert(avc_running);
avc_get_lock(avc_lock);
@@ -878,6 +886,8 @@
int rc;
security_context_t ctx = NULL;
*newsid = NULL;
+ /* avc_init needs to be called before this function */
+ assert(avc_running);
avc_get_lock(avc_lock);
rc = security_compute_member_raw(ssid->ctx, tsid->ctx, tclass, &ctx);