libselinux: normalize enforce values from the kernel
Normalize enforce values received from the kernel via /sys/fs/selinux/enforce or netlink selinux notifications to ensure that we always return a 0 or 1 to userspace code. selinux_status_getenforce(), which reads the enforce value via the SELinux kernel status page (/sys/fs/selinux/status) already normalizes its result, so we do not need to update it. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley
parent
9140de74cf
commit
a609434b95
2 changed files with 2 additions and 1 deletions
|
|
@ -176,6 +176,7 @@ static int avc_netlink_process(void *buf)
|
|||
|
||||
case SELNL_MSG_SETENFORCE:{
|
||||
struct selnl_msg_setenforce *msg = NLMSG_DATA(nlh);
|
||||
msg->val = !!msg->val;
|
||||
avc_log(SELINUX_INFO,
|
||||
"%s: received setenforce notice (enforcing=%d)\n",
|
||||
avc_prefix, msg->val);
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ int security_getenforce(void)
|
|||
if (sscanf(buf, "%d", &enforce) != 1)
|
||||
return -1;
|
||||
|
||||
return enforce;
|
||||
return !!enforce;
|
||||
}
|
||||
|
||||
hidden_def(security_getenforce)
|
||||
|
|
|
|||
Loading…
Reference in a new issue