In relabel_tty() always jump to bad: on error, regardless of the

value of se_state.enforcing.  On error, return -1 if enforcing,
else 0.  Coverity CID 104099.

src/selinux.c

@@ -163,8 +163,7 @@ relabel_tty(const char *ttyn, int ptyfd)
 	se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
 	if (se_state.ttyfd == -1) {
 	    sudo_warn(U_("unable to open %s, not relabeling tty"), ttyn);
-	    if (se_state.enforcing)
-		goto bad;
+	    goto bad;
 	}
 	(void)fcntl(se_state.ttyfd, F_SETFL,
 	    fcntl(se_state.ttyfd, F_GETFL, 0) & ~O_NONBLOCK);
@@ -172,30 +171,26 @@ relabel_tty(const char *ttyn, int ptyfd)
 
     if (fgetfilecon(se_state.ttyfd, &tty_con) < 0) {
 	sudo_warn(U_("unable to get current tty context, not relabeling tty"));
-	if (se_state.enforcing)
-	    goto bad;
+	goto bad;
     }
 
     if (tty_con) {
 	security_class_t tclass = string_to_security_class("chr_file");
 	if (tclass == 0) {
 	    sudo_warn(U_("unknown security class chr_file, not relabeling tty"));
-	    if (se_state.enforcing)
-		goto bad;
+	    goto bad;
 	}
 	if (security_compute_relabel(se_state.new_context, tty_con,
 	    tclass, &new_tty_con) < 0) {
 	    sudo_warn(U_("unable to get new tty context, not relabeling tty"));
-	    if (se_state.enforcing)
-		goto bad;
+	    goto bad;
 	}
     }
 
     if (new_tty_con != NULL) {
 	if (fsetfilecon(se_state.ttyfd, new_tty_con) < 0) {
 	    sudo_warn(U_("unable to set new tty context"));
-	    if (se_state.enforcing)
-		goto bad;
+	    goto bad;
 	}
     }
 
@@ -204,8 +199,7 @@ relabel_tty(const char *ttyn, int ptyfd)
 	se_state.ttyfd = open(ttyn, O_RDWR|O_NOCTTY, 0);
 	if (se_state.ttyfd == -1) {
 	    sudo_warn(U_("unable to open %s"), ttyn);
-	    if (se_state.enforcing)
-		goto bad;
+	    goto bad;
 	}
 	if (dup2(se_state.ttyfd, ptyfd) == -1) {
 	    sudo_warn("dup2");
@@ -242,7 +236,7 @@ bad:
 	se_state.ttyfd = -1;
     }
     freecon(tty_con);
-    debug_return_int(-1);
+    debug_return_int(se_state.enforcing ? -1 : 0);
 }
 
 /*