From b0d2027cb6f74a035c65db8bf9d57c54443f7320 Mon Sep 17 00:00:00 2001 From: John Johansen Date: Thu, 24 Aug 2023 23:45:57 -0700 Subject: [PATCH] UBUNTU: SAUCE: apparmor4.0.0 [58/90]: prompt - fix caching BugLink: http://bugs.launchpad.net/bugs/2028253 Add fixes to prompt caching discovered with the new debug output. Signed-off-by: John Johansen (cherry picked from https://gitlab.com/jjohansen/apparmor-kernel) Signed-off-by: Andrea Righi (cherry picked from commit 69e13f9586e6289a3192e5d02de2dfb5e3948c92 https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next) Signed-off-by: Paolo Pisati --- security/apparmor/domain.c | 2 +- security/apparmor/file.c | 9 ++++----- security/apparmor/notify.c | 3 ++- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index f2498e732b9e..3ad7e6b5f04f 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -720,7 +720,7 @@ static struct aa_label *profile_transition(const struct cred *subj_cred, audit: aa_audit_file(subj_cred, profile, &perms, OP_EXEC, MAY_EXEC, name, target, new, - cond->uid, info, error, false); + cond->uid, info, error, true); if (!new || nonewprivs) { aa_put_label(new); return ERR_PTR(error); diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 5bc9b947c91e..bf332452bf39 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -121,15 +121,14 @@ static int check_cache(struct aa_profile *profile, hit->data.error); aa_put_audit_node(hit); /* don't audit: if its in the cache already audited */ - return 1; + return 0; } aa_put_audit_node(hit); - hit = NULL; } else { AA_DEBUG(DEBUG_UPCALL, "cache miss"); } - return 0; + return 1; } // error - immediate return @@ -220,10 +219,10 @@ int aa_audit_file(const struct cred *subj_cred, /* learning cache - not audit dedup yet */ err = check_cache(profile, &ad); - if (err != 0) { + if (err <= 0) { AA_DEBUG(DEBUG_UPCALL, "cache early bail %d\n", err); /* cached */ - return ad.err; + return err; } implicit_deny = (ad.request & ~perms->allow) & ~perms->deny; if (USER_MODE(profile)) diff --git a/security/apparmor/notify.c b/security/apparmor/notify.c index b650a10c9f4b..69d95e4997fc 100644 --- a/security/apparmor/notify.c +++ b/security/apparmor/notify.c @@ -634,7 +634,8 @@ static long build_v3_unotif(struct aa_knotif *knotif, void __user *buf, return -EFAULT; if (copy_to_user(buf + sizeof(unotif), profile->base.hname, psize)) return -EFAULT; - if (copy_to_user(buf + sizeof(unotif) + psize, knotif->ad->name, nsize)) + if (knotif->ad->name && + copy_to_user(buf + sizeof(unotif) + psize, knotif->ad->name, nsize)) return -EFAULT; return size;