selinux: fix error codes in cond_read_bool()

The original code always returned -1 (-EPERM) on error.  The new code
returns either -ENOMEM, or -EINVAL or it propagates the error codes from
lower level functions next_entry() or hashtab_insert().

next_entry() returns -EINVAL.
hashtab_insert() returns -EINVAL, -EEXIST, or -ENOMEM.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by:  Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index 0389263..c91e150 100644 (file)
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -223,34 +223,37 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp)
 
        booldatum = kzalloc(sizeof(struct cond_bool_datum), GFP_KERNEL);
        if (!booldatum)
-               return -1;
+               return -ENOMEM;
 
        rc = next_entry(buf, fp, sizeof buf);
-       if (rc < 0)
+       if (rc)
                goto err;
 
        booldatum->value = le32_to_cpu(buf[0]);
        booldatum->state = le32_to_cpu(buf[1]);
 
+       rc = -EINVAL;
        if (!bool_isvalid(booldatum))
                goto err;
 
        len = le32_to_cpu(buf[2]);
 
+       rc = -ENOMEM;
        key = kmalloc(len + 1, GFP_KERNEL);
        if (!key)
                goto err;
        rc = next_entry(key, fp, len);
-       if (rc < 0)
+       if (rc)
                goto err;
        key[len] = '\0';
-       if (hashtab_insert(h, key, booldatum))
+       rc = hashtab_insert(h, key, booldatum);
+       if (rc)
                goto err;
 
        return 0;
 err:
        cond_destroy_bool(key, booldatum, NULL);
-       return -1;
+       return rc;
 }
 
 struct cond_insertf_data {