commit 3b32cf54d5a85ff8745e0a53efbe7bb80dda4bf1
author Nick Kralevich <nnk@google.com> Thu Jul 16 19:20:30 2015 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Jul 16 19:20:31 2015 +0000
tree 63aaa93ce048343e6d5d257034c8f1e429d976bc
parent 9f8abe62cbc8ac70eb3dc2b7684feb7d847158de
parent 2e02c77c0eff309c23cf6b9bea3b0f1e3414809f

Merge "init: refuse to start process if domain transition not defined"

init/init.cpp

diff --git a/init/init.cpp b/init/init.cpp
index f48016f..4d62c87 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -239,16 +239,20 @@
         rc = getfilecon(svc->args[0], &fcon);
         if (rc < 0) {
             ERROR("could not get context while starting '%s'\n", svc->name);
-            freecon(mycon);
+            free(mycon);
             return;
         }
 
         rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon);
         if (rc == 0 && !strcmp(scon, mycon)) {
-            ERROR("Warning!  Service %s needs a SELinux domain defined; please fix!\n", svc->name);
+            ERROR("Service %s does not have a SELinux domain defined.\n", svc->name);
+            free(mycon);
+            free(fcon);
+            free(scon);
+            return;
         }
-        freecon(mycon);
-        freecon(fcon);
+        free(mycon);
+        free(fcon);
         if (rc < 0) {
             ERROR("could not get context while starting '%s'\n", svc->name);
             return;
@@ -285,7 +289,7 @@
             }
         }
 
-        freecon(scon);
+        free(scon);
         scon = NULL;
 
         if (svc->writepid_files_) {
@@ -374,7 +378,7 @@
         _exit(127);
     }
 
-    freecon(scon);
+    free(scon);
 
     if (pid < 0) {
         ERROR("failed to start '%s'\n", svc->name);