-
Zhen Lei authored
When avc_add_xperms_decision() fails, the information recorded by the new avc node is incomplete. In this case, the new avc node should be released instead of replacing the old avc node. Cc: stable@vger.kernel.org Fixes: fa1aa143 ("selinux: extended permissions for ioctls") Suggested-by:
Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by:
Zhen Lei <thunder.leizhen@huawei.com> Acked-by:
Paul Moore <paul@paul-moore.com>
6dd1e4c0
