libsepol: Check for error from check_assertion_extended_permissions()

Return an error if check_assertion_extended_permissions() returns an error instead of treating it as an assertion violation. Signed-off-by: James Carter <jwcart2@gmail.com>
2022-01-11 12:39:13 -05:00 · 2022-01-11 12:39:13 -05:00 · 18e1ae1142
commit 18e1ae1142
parent a700e426b8
1 changed files with 2 additions and 0 deletions
--- a/libsepol/src/assertion.c
+++ b/libsepol/src/assertion.c
@ -481,6 +481,8 @@ static int check_assertion_avtab_match(avtab_key_t *k, avtab_datum_t *d, void *a

 	if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) {
 		rc = check_assertion_extended_permissions(avrule, avtab, k, p);
+		if (rc < 0)
+			goto oom;
 		if (rc == 0)
 			goto nomatch;
 	}