Revert "UBUNTU: SAUCE: fix regression with domain change in complain mode"

This reverts commit efe57ae3dcce601f81dd15279551a248c40f53ca.

BugLink: https://bugs.launchpad.net/bugs/1666897
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 576d51194eaeb7d3ffcb8b7d2a91ff3400cded40..cfb0c288d6575d79aa3285537e21247b183c7aa6 100644 (file)
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -496,7 +496,6 @@ static struct aa_label *profile_transition(struct aa_profile *profile,
        const char *info = NULL, *name = NULL, *target = NULL;
        unsigned int state = profile->file.start;
        struct aa_perms perms = {};
-       bool nonewprivs = false;
        int error = 0;
 
        AA_BUG(!profile);
@@ -572,7 +571,8 @@ static struct aa_label *profile_transition(struct aa_profile *profile,
            !aa_label_is_subset(new, &profile->label)) {
                error = -EPERM;
                info = "no new privs";
-               nonewprivs = true;
+               aa_put_label(new);
+               new = NULL;
                goto audit;
        }
 
@@ -589,8 +589,9 @@ static struct aa_label *profile_transition(struct aa_profile *profile,
 audit:
        aa_audit_file(profile, &perms, OP_EXEC, MAY_EXEC, name, target, new,
                      cond->uid, info, error);
-       if (!new || nonewprivs) {
-               aa_put_label(new);
+       if (error) {
+               if (new)
+                       aa_put_label(new);
                return ERR_PTR(error);
        }