Revert "apparmor: don't try to replace stale label in ptrace access check"

[mirror_ubuntu-bionic-kernel.git] / security / security.c

diff --git a/security/security.c b/security/security.c
index 87a9abfbd705e0c0458c75e31d2425d1aa5867b9..1a01a8f33ab0c97122b866405ae1b5f9eb9ec446 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -705,16 +705,12 @@ int security_capset(struct cred *new, const struct cred *old,
                                effective, inheritable, permitted);
 }
 
-int security_capable(const struct cred *cred, struct user_namespace *ns,
-                    int cap)
+int security_capable(const struct cred *cred,
+                    struct user_namespace *ns,
+                    int cap,
+                    unsigned int opts)
 {
-       return call_int_hook(capable, 0, cred, ns, cap, SECURITY_CAP_AUDIT);
-}
-
-int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
-                            int cap)
-{
-       return call_int_hook(capable, 0, cred, ns, cap, SECURITY_CAP_NOAUDIT);
+       return call_int_hook(capable, 0, cred, ns, cap, opts);
 }
 
 int security_quotactl(int cmds, int type, int id, struct super_block *sb)
@@ -1504,6 +1500,13 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
 
 void security_cred_free(struct cred *cred)
 {
+       /*
+        * There is a failure case in prepare_creds() that
+        * may result in a call here with ->security being NULL.
+        */
+       if (unlikely(cred->security == NULL))
+               return;
+
        call_void_hook(cred_free, cred);
 
        kfree(cred->security);