Merge "init: refuse to start process if domain transition not defined"

2015-07-16 19:20:30 +00:00 · 2015-07-16 19:20:30 +00:00 · c66e37b2da
parent 759717ee63 4800dbf1da
commit c66e37b2da
1 changed files with 10 additions and 6 deletions
--- a/init/init.cpp
+++ b/init/init.cpp
@ -239,16 +239,20 @@ void service_start(struct service *svc, const char *dynamic_args)
        rc = getfilecon(svc->args[0], &fcon);
        if (rc < 0) {
            ERROR("could not get context while starting '%s'\n", svc->name);
-            freecon(mycon);
+            free(mycon);
            return;
        }

        rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon);
        if (rc == 0 && !strcmp(scon, mycon)) {
-            ERROR("Warning!  Service %s needs a SELinux domain defined; please fix!\n", svc->name);
+            ERROR("Service %s does not have a SELinux domain defined.\n", svc->name);
+            free(mycon);
+            free(fcon);
+            free(scon);
+            return;
        }
-        freecon(mycon);
-        freecon(fcon);
+        free(mycon);
+        free(fcon);
        if (rc < 0) {
            ERROR("could not get context while starting '%s'\n", svc->name);
            return;
@ -285,7 +289,7 @@ void service_start(struct service *svc, const char *dynamic_args)
            }
        }

-        freecon(scon);
+        free(scon);
        scon = NULL;

        if (svc->writepid_files_) {
@ -374,7 +378,7 @@ void service_start(struct service *svc, const char *dynamic_args)
        _exit(127);
    }

-    freecon(scon);
+    free(scon);

    if (pid < 0) {
        ERROR("failed to start '%s'\n", svc->name);