Merge tag 'apparmor-pr-2020-06-07' of git://git.kernel.org/pub/scm/linux/kernel/git...

[mirror_ubuntu-kernels.git] / security / apparmor / domain.c

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 0926553ca86f1b4a240ee59005fa26fd5e24bead..1c898055a4764f1ed96e8360d2134830de1eb9cb 100644 (file)
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -842,14 +842,14 @@ static struct aa_label *handle_onexec(struct aa_label *label,
 }
 
 /**
- * apparmor_bprm_set_creds - set the new creds on the bprm struct
+ * apparmor_bprm_creds_for_exec - Update the new creds on the bprm struct
  * @bprm: binprm for the exec  (NOT NULL)
  *
  * Returns: %0 or error on failure
  *
  * TODO: once the other paths are done see if we can't refactor into a fn
  */
-int apparmor_bprm_set_creds(struct linux_binprm *bprm)
+int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
 {
        struct aa_task_ctx *ctx;
        struct aa_label *label, *new = NULL;
@@ -863,9 +863,6 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
                file_inode(bprm->file)->i_mode
        };
 
-       if (bprm->called_set_creds)
-               return 0;
-
        ctx = task_ctx(current);
        AA_BUG(!cred_label(bprm->cred));
        AA_BUG(!ctx);
@@ -1317,6 +1314,7 @@ int aa_change_profile(const char *fqname, int flags)
                ctx->nnp = aa_get_label(label);
 
        if (!fqname || !*fqname) {
+               aa_put_label(label);
                AA_DEBUG("no profile name");
                return -EINVAL;
        }
@@ -1335,8 +1333,6 @@ int aa_change_profile(const char *fqname, int flags)
                        op = OP_CHANGE_PROFILE;
        }
 
-       label = aa_get_current_label();
-
        if (*fqname == '&') {
                stack = true;
                /* don't have label_parse() do stacking */