Revert "UBUNTU: SAUCE: apparmor: flock mediation is not being, enforced on cache check"

BugLink: https://bugs.launchpad.net/bugs/1658219 This reverts commit 97ac9e61 as it is currently causing regressions in snaps which would break networking for all core16 images. Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Revert "UBUNTU: SAUCE: apparmor: flock mediation is not being, enforced on cache check"
BugLink: https://bugs.launchpad.net/bugs/1658219 This reverts commit 97ac9e61 as it is currently causing regressions in snaps which would break networking for all core16 images. Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
ac9535d8 · Stefan Bader · 37cb4a3b · ac9535d8
Commit ac9535d8 authored Aug 27, 2019 by Stefan Bader
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 9 deletions

security/apparmor/file.c security/apparmor/file.c +4 -9

No files found.
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -536,23 +536,18 @@ static int __file_path_perm(const char *op, struct aa_label *label,
 	error = fn_for_each_not_in_set(flabel, label, profile,
 			profile_path_perm(op, profile, &file->f_path, buffer,
 					  request, &cond, flags, &perms));
-	if (denied && !error) {
+	if (denied) {
 		/* check every profile in file label that was not tested
 		 * in the initial check above.
 		 */
 		/* TODO: cache full perms so this only happens because of
 		 * conditionals */
 		/* TODO: don't audit here */
-		if (label == flabel)
-			error = fn_for_each(label, profile,
-				profile_path_perm(op, profile, &file->f_path,
-						  buffer, request, &cond, flags,
-						  &perms));
-		else
-			error = fn_for_each_not_in_set(label, flabel, profile,
+		last_error(error,
+			fn_for_each_not_in_set(label, flabel, profile,
 				profile_path_perm(op, profile, &file->f_path,
 						  buffer, request, &cond, flags,
-						  &perms));
+						  &perms)));
 	}
 	if (!error)
 		update_file_ctx(file_ctx(file), label, request);