selinux: fix handling of uninitialized selinux state in get_bools/classes

If security_get_bools/classes are called before the selinux state is
initialized (i.e. before first policy load), then they should just
return immediately with no booleans/classes.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 4785ca5..ccfa65f 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2811,6 +2811,13 @@ int security_get_bools(struct selinux_state *state,
        struct policydb *policydb;
        int i, rc;
 
+       if (!state->initialized) {
+               *len = 0;
+               *names = NULL;
+               *values = NULL;
+               return 0;
+       }
+
        read_lock(&state->ss->policy_rwlock);
 
        policydb = &state->ss->policydb;
@@ -3141,6 +3148,12 @@ int security_get_classes(struct selinux_state *state,
        struct policydb *policydb = &state->ss->policydb;
        int rc;
 
+       if (!state->initialized) {
+               *nclasses = 0;
+               *classes = NULL;
+               return 0;
+       }
+
        read_lock(&state->ss->policy_rwlock);
 
        rc = -ENOMEM;