Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3421727pxf;
        Mon, 29 Mar 2021 01:35:20 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJz/vD14/OyIkZBxevm/kaahvxcBVLDmOIhK9tv2Raeuych51rKChV3D97ABLpDQ7vAH5pyz
X-Received: by 2002:a17:906:ad85:: with SMTP id la5mr27200094ejb.37.1617006920436;
        Mon, 29 Mar 2021 01:35:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617006920; cv=none;
        d=google.com; s=arc-20160816;
        b=mVo9cx6fn3sXFUna5poGAtpIjbWaxc41/rfDtLWnxTjhzMJyARwvv0NwPgstv3qBVF
         NQ819mcl1MQxHU5KtS2+fnBp41jf8nFIOL7zF5xFHETxGDZUjTfQiG0+FzXqG2WYQMt9
         hcmRjJAmv/Mx4E6pJAXqCDF6h6wlSAQwDCfwLKFXt3B/qE5QMOFTOofcJp1TXSZyx0nJ
         0LlPF6WHndJFOQtxNP6T/kRj8Ywt+uTVkw+uuyrDFx3MTgPg3rWM7CBSNcOwRU/4r43Q
         bHB8OxU0HaDqTzgihwpq4x42RRy5FkhvPdFsacTVivw9xH/Yx4R+OOS185MLwAzkj0EK
         qIUg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=XZefZ0Zak8qXpbuHoLqOX1kZFIZUHWaDdrpUPV6BUAY=;
        b=oh1rYRFvtGx1yMIa77FuvY17pyPyiEk/JjfSAYPiFN266I5fabLbHbNIKBGTUAi0b9
         2v2A1okOFQrvWOtufOgtpoxI7EsKsj1+BIOXJD0JxI1mgfBinUlWeqQPJx3M6dhZE4oh
         QsMEe/PwLf4aoJxN31THBiCFTvaL/sAnlU98vTymEP9L8hBO2jmmzsRa+4A0yvcS+9Uz
         MRX2VsBCKQAXqsQ4db3GphYripgLxrqp0R9qRwJ/71RX6AC11/faBc0OYZwyBiOfZows
         F81R94ZF/xOtyeY78SyxnGpanaYJNl0ADOIuOrPvuvi5R5iFwdKOumtQieV/Ju0EyHuP
         QYzw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="bw/sh0sm";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id w2si12923698edc.92.2021.03.29.01.34.58;
        Mon, 29 Mar 2021 01:35:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="bw/sh0sm";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233301AbhC2Ias (ORCPT <rfc822;mahfouz.saif.elyazal@gmail.com>
        + 99 others); Mon, 29 Mar 2021 04:30:48 -0400
Received: from mail.kernel.org ([198.145.29.99]:35278 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S232947AbhC2ITa (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 29 Mar 2021 04:19:30 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id D56B1619CF;
        Mon, 29 Mar 2021 08:19:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1617005970;
        bh=zw6S8tYGfZUBG887EXZd/vUxE9n2eI80yfCF6RuGaLg=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=bw/sh0smtm/+JlsQVdE8B6d4D9+3g5BlumCOeD/5sn75ZgOZrFkyv0Ogw8lytI9Jv
         YjAsVZAC2zkUAlX4SmK2dQJwvYY/X+cKF5KcIMQkFwiMgcfdwQ8kE7PxbjhkSsHy7+
         fKinmbvl8VBJVPoBLiwrRP7aa3FiiTFbAGaheMxw=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Ondrej Mosnacek <omosnace@redhat.com>,
        Paul Moore <paul@paul-moore.com>
Subject: [PATCH 5.10 063/221] selinux: dont log MAC_POLICY_LOAD record on failed policy load
Date:   Mon, 29 Mar 2021 09:56:34 +0200
Message-Id: <20210329075631.295856056@linuxfoundation.org>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210329075629.172032742@linuxfoundation.org>
References: <20210329075629.172032742@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Ondrej Mosnacek <omosnace@redhat.com>

commit 519dad3bcd809dc1523bf80ab0310ddb3bf00ade upstream.

If sel_make_policy_nodes() fails, we should jump to 'out', not 'out1',
as the latter would incorrectly log an MAC_POLICY_LOAD audit record,
even though the policy hasn't actually been reloaded. The 'out1' jump
label now becomes unused and can be removed.

Fixes: 02a52c5c8c3b ("selinux: move policy commit after updating selinuxfs")
Cc: stable@vger.kernel.org
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 security/selinux/selinuxfs.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -651,14 +651,13 @@ static ssize_t sel_write_load(struct fil
 	length = sel_make_policy_nodes(fsi, newpolicy);
 	if (length) {
 		selinux_policy_cancel(fsi->state, newpolicy);
-		goto out1;
+		goto out;
 	}
 
 	selinux_policy_commit(fsi->state, newpolicy);
 
 	length = count;
 
-out1:
 	audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
 		"auid=%u ses=%u lsm=selinux res=1",
 		from_kuid(&init_user_ns, audit_get_loginuid(current)),