From f596e00f32766df011b322b1b0c700add0aae032 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Sun, 31 Jan 2016 13:55:54 +0000
Subject: core: let's check access before type modification

---
 src/core/dbus-unit.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 7c7b50b99b..dca9f77528 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -986,6 +986,13 @@ int bus_unit_queue_job(
         assert(type >= 0 && type < _JOB_TYPE_MAX);
         assert(mode >= 0 && mode < _JOB_MODE_MAX);
 
+        r = mac_selinux_unit_access_check(
+                        u, message,
+                        job_type_to_access_method(type),
+                        error);
+        if (r < 0)
+                return r;
+
         if (reload_if_possible && unit_can_reload(u)) {
                 if (type == JOB_RESTART)
                         type = JOB_RELOAD_OR_START;
@@ -993,12 +1000,6 @@ int bus_unit_queue_job(
                         type = JOB_TRY_RELOAD;
         }
 
-        r = mac_selinux_unit_access_check(
-                        u, message,
-                        job_type_to_access_method(type),
-                        error);
-        if (r < 0)
-                return r;
 
         if (type == JOB_STOP &&
             (u->load_state == UNIT_NOT_FOUND || u->load_state == UNIT_ERROR) &&
-- 
cgit v1.2.3-54-g00ecf