In relabel_tty() always jump to bad: on error, regardless of the

author Todd C. Miller <Todd.Miller@courtesan.com>

Wed, 4 May 2016 19:48:44 +0000 (13:48 -0600)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Wed, 4 May 2016 19:48:44 +0000 (13:48 -0600)
author Todd C. Miller <Todd.Miller@courtesan.com>
Wed, 4 May 2016 19:48:44 +0000 (13:48 -0600)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Wed, 4 May 2016 19:48:44 +0000 (13:48 -0600)
diff --git a/src/selinux.c b/src/selinux.c

index 9009131f1649f7910dc613f7e51536c5e838d42b..e2d375b3d9a8e72320b022ba17e41ae1f760dc81 100644 (file)
--- a/src/selinux.c
+++ b/src/selinux.c
@@ -163,8 +163,7 @@ relabel_tty(const char *ttyn, int ptyfd)
         se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
         if (se_state.ttyfd == -1) {
             sudo_warn(U_("unable to open %s, not relabeling tty"), ttyn);
-           if (se_state.enforcing)
-               goto bad;
+           goto bad;
         }
         (void)fcntl(se_state.ttyfd, F_SETFL,
             fcntl(se_state.ttyfd, F_GETFL, 0) & ~O_NONBLOCK);
@@ -172,30 +171,26 @@ relabel_tty(const char *ttyn, int ptyfd)
  
      if (fgetfilecon(se_state.ttyfd, &tty_con) < 0) {
         sudo_warn(U_("unable to get current tty context, not relabeling tty"));
-       if (se_state.enforcing)
-           goto bad;
+       goto bad;
      }
  
      if (tty_con) {
         security_class_t tclass = string_to_security_class("chr_file");
         if (tclass == 0) {
             sudo_warn(U_("unknown security class chr_file, not relabeling tty"));
-           if (se_state.enforcing)
-               goto bad;
+           goto bad;
         }
         if (security_compute_relabel(se_state.new_context, tty_con,
             tclass, &new_tty_con) < 0) {
             sudo_warn(U_("unable to get new tty context, not relabeling tty"));
-           if (se_state.enforcing)
-               goto bad;
+           goto bad;
         }
      }
  
      if (new_tty_con != NULL) {
         if (fsetfilecon(se_state.ttyfd, new_tty_con) < 0) {
             sudo_warn(U_("unable to set new tty context"));
-           if (se_state.enforcing)
-               goto bad;
+           goto bad;
         }
      }
  
@@ -204,8 +199,7 @@ relabel_tty(const char *ttyn, int ptyfd)
         se_state.ttyfd = open(ttyn, O_RDWR|O_NOCTTY, 0);
         if (se_state.ttyfd == -1) {
             sudo_warn(U_("unable to open %s"), ttyn);
-           if (se_state.enforcing)
-               goto bad;
+           goto bad;
         }
         if (dup2(se_state.ttyfd, ptyfd) == -1) {
             sudo_warn("dup2");
@@ -242,7 +236,7 @@ bad:
         se_state.ttyfd = -1;
      }
      freecon(tty_con);
-    debug_return_int(-1);
+    debug_return_int(se_state.enforcing ? -1 : 0);
  }
  
  /*
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Wed, 4 May 2016 19:48:44 +0000 (13:48 -0600)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Wed, 4 May 2016 19:48:44 +0000 (13:48 -0600)