tmakin/tegra-linux-noble
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

UBUNTU: SAUCE: apparmor4.0.0 [58/90]: prompt - fix caching

Browse Source 
BugLink: http://bugs.launchpad.net/bugs/2028253

Add fixes to prompt caching discovered with the new debug output.

Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from https://gitlab.com/jjohansen/apparmor-kernel)
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
(cherry picked from commit 69e13f9586e6289a3192e5d02de2dfb5e3948c92
https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
This commit is contained in:
John Johansen
2023-08-24 23:45:57 -07:00
committed by Paolo Pisati
parent 12cda360ea
commit b0d2027cb6
3 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
security/apparmor/domain.c
+1 -1
View File
@@ -720,7 +720,7 @@ static struct aa_label *profile_transition(const struct cred *subj_cred,
audit:
aa_audit_file(subj_cred, profile, &perms, OP_EXEC, MAY_EXEC, name, target, new,
cond->uid, info, error, false);
cond->uid, info, error, true);
if (!new || nonewprivs) {
aa_put_label(new);
return ERR_PTR(error);
security/apparmor/file.c
+4 -5
View File
@@ -121,15 +121,14 @@ static int check_cache(struct aa_profile *profile,
hit->data.error);
aa_put_audit_node(hit);
/* don't audit: if its in the cache already audited */
return 1;
return 0;
}
aa_put_audit_node(hit);
hit = NULL;
} else {
AA_DEBUG(DEBUG_UPCALL, "cache miss");
}
return 0;
return 1;
}
// error - immediate return
@@ -220,10 +219,10 @@ int aa_audit_file(const struct cred *subj_cred,
/* learning cache - not audit dedup yet */
err = check_cache(profile, &ad);
if (err != 0) {
if (err <= 0) {
AA_DEBUG(DEBUG_UPCALL, "cache early bail %d\n", err);
/* cached */
return ad.err;
return err;
}
implicit_deny = (ad.request & ~perms->allow) & ~perms->deny;
if (USER_MODE(profile))
security/apparmor/notify.c
+2 -1
View File
@@ -634,7 +634,8 @@ static long build_v3_unotif(struct aa_knotif *knotif, void __user *buf,
return -EFAULT;
if (copy_to_user(buf + sizeof(unotif), profile->base.hname, psize))
return -EFAULT;
if (copy_to_user(buf + sizeof(unotif) + psize, knotif->ad->name, nsize))
if (knotif->ad->name &&
copy_to_user(buf + sizeof(unotif) + psize, knotif->ad->name, nsize))
return -EFAULT;
return size;