From: Zhen Lei thunder.leizhen@huawei.com
stable inclusion from stable-v6.6.48 commit 5295951b53bd372767600a0296b01ee031ca1b1b category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IB0X4B
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
commit 6dd1e4c045afa6a4ba5d46f044c83bd357c593c2 upstream.
When avc_add_xperms_decision() fails, the information recorded by the new avc node is incomplete. In this case, the new avc node should be released instead of replacing the old avc node.
Cc: stable@vger.kernel.org Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls") Suggested-by: Stephen Smalley stephen.smalley.work@gmail.com Signed-off-by: Zhen Lei thunder.leizhen@huawei.com Acked-by: Stephen Smalley stephen.smalley.work@gmail.com Signed-off-by: Paul Moore paul@paul-moore.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Conflicts: security/selinux/avc.c [Due to commit e67b79850fcc4 (selinux: stop passing selinux_state pointers and their offspring) stop passing selinux_state pointers, which not merge in this version, so add pointer to function parameter.] Signed-off-by: Gu Bowen gubowen5@huawei.com --- security/selinux/avc.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 726f944bd798..bea7d207ed43 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -938,7 +938,11 @@ static int avc_update_node(struct selinux_avc *avc, node->ae.avd.auditdeny &= ~perms; break; case AVC_CALLBACK_ADD_XPERMS: - avc_add_xperms_decision(node, xpd); + rc = avc_add_xperms_decision(node, xpd); + if (rc) { + avc_node_kill(avc, node); + goto out_unlock; + } break; } avc_node_replace(avc, node, orig);