Unverified Commit 8858a237 authored Nov 01, 2024 by openeuler-ci-bot Committed by Gitee Nov 01, 2024

!12777 selinux: add the processing of the failure of avc_add_xperms_decision()

Merge Pull Request from: @ci-robot 
 
PR sync from: Gu Bowen <gubowen5@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/6Y62HXGWS2SOS4PJBQEDPWNYZ7BDCRKR/ 
 
https://gitee.com/openeuler/kernel/issues/IB0X4B 
 
Link:https://gitee.com/openeuler/kernel/pulls/12777

 

Reviewed-by: Zhang Changzhong <zhangchangzhong@huawei.com>
Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com>

parents 121dd6cf 8b4f8428

security/selinux/avc.c

+5 −1

Original line number	Diff line number	Diff line
		@@ -938,7 +938,11 @@ static int avc_update_node(struct selinux_avc *avc,
		node->ae.avd.auditdeny &= ~perms;
		break;
		case AVC_CALLBACK_ADD_XPERMS:
		avc_add_xperms_decision(node, xpd);
		rc = avc_add_xperms_decision(node, xpd);
		if (rc) {
		avc_node_kill(avc, node);
		goto out_unlock;
		}
		break;
		}
		avc_node_replace(avc, node, orig);