Previously, we assumed that success meant we definitely got a valid
pointer. There is at least one edge case where this is not true (i.e.,
we can get both a 0 return value, and *also* a NULL pointer):
https://github.com/SELinuxProject/selinux/blob/
4246bb550dee5246c8567804325b7da206cd76cf/libselinux/src/procattr.c#L175
When this case occurrs, if we don't check the pointer we SIGSEGV in
early initialization.
/* Already initialized by somebody else? */
r = getcon_raw(&con);
- if (r == 0) {
+ /* getcon_raw can return 0, and still give us a NULL pointer. */
+ if (r == 0 && con) {
initialized = !streq(con, "kernel");
freecon(con);
}