selinux: clarify return code in filename_trans_read_helper_compat()

For the "conflicting/duplicate rules" branch in
filename_trans_read_helper_compat() the Smatch static checker reports:

    security/selinux/ss/policydb.c:1953 filename_trans_read_helper_compat()
    warn: missing error code 'rc'

While the value of rc will already always be zero here, it is not
obvious that it's the case and that it's the intended return value
(Smatch expects rc to be assigned within 5 lines from the goto).
Therefore, add an explicit assignment just before the goto to make the
intent more clear and the code less error-prone.

Fixes: c3a276111ea2 ("selinux: optimize storage of filename transitions")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/selinux/722b90c4-1f4b-42ff-a6c2-108ea262bd10@moroto.mountain/
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 9a23362c42f47370ef759a509e368e44f6556cb3..383f3ae82a736f6df1ce2f46f7ea4be3338fd2c1 100644 (file)
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -1950,6 +1950,7 @@ static int filename_trans_read_helper_compat(struct policydb *p, void *fp)
                if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) {
                        /* conflicting/duplicate rules are ignored */
                        datum = NULL;
+                       rc = 0;
                        goto out;
                }
                if (likely(datum->otype == otype))