diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index f2498e732b9e..3ad7e6b5f04f 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -720,7 +720,7 @@ static struct aa_label *profile_transition(const struct cred *subj_cred, audit: aa_audit_file(subj_cred, profile, &perms, OP_EXEC, MAY_EXEC, name, target, new, - cond->uid, info, error, false); + cond->uid, info, error, true); if (!new || nonewprivs) { aa_put_label(new); return ERR_PTR(error); diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 5bc9b947c91e..bf332452bf39 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -121,15 +121,14 @@ static int check_cache(struct aa_profile *profile, hit->data.error); aa_put_audit_node(hit); /* don't audit: if its in the cache already audited */ - return 1; + return 0; } aa_put_audit_node(hit); - hit = NULL; } else { AA_DEBUG(DEBUG_UPCALL, "cache miss"); } - return 0; + return 1; } // error - immediate return @@ -220,10 +219,10 @@ int aa_audit_file(const struct cred *subj_cred, /* learning cache - not audit dedup yet */ err = check_cache(profile, &ad); - if (err != 0) { + if (err <= 0) { AA_DEBUG(DEBUG_UPCALL, "cache early bail %d\n", err); /* cached */ - return ad.err; + return err; } implicit_deny = (ad.request & ~perms->allow) & ~perms->deny; if (USER_MODE(profile)) diff --git a/security/apparmor/notify.c b/security/apparmor/notify.c index b650a10c9f4b..69d95e4997fc 100644 --- a/security/apparmor/notify.c +++ b/security/apparmor/notify.c @@ -634,7 +634,8 @@ static long build_v3_unotif(struct aa_knotif *knotif, void __user *buf, return -EFAULT; if (copy_to_user(buf + sizeof(unotif), profile->base.hname, psize)) return -EFAULT; - if (copy_to_user(buf + sizeof(unotif) + psize, knotif->ad->name, nsize)) + if (knotif->ad->name && + copy_to_user(buf + sizeof(unotif) + psize, knotif->ad->name, nsize)) return -EFAULT; return size;