From: John Johansen <john.johansen@canonical.com>
Date: Thu, 29 Apr 2021 08:48:28 +0000 (-0700)
Subject: apparmor: fix quiet_denied for file rules
X-Git-Tag: v6.1-rc5~634^2~24
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=68ff8540cc9e4ab557065b3f635c1ff4c96e1f1c;p=platform%2Fkernel%2Flinux-starfive.git

apparmor: fix quiet_denied for file rules

Global quieting of denied AppArmor generated file events is not
handled correctly. Unfortunately the is checking if quieting of all
audit events is set instead of just denied events.

Fixes: 67012e8209df ("AppArmor: basic auditing infrastructure.")
Signed-off-by: John Johansen <john.johansen@canonical.com>
---

diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index f7e97c7..704b0c8 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -137,7 +137,7 @@ int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
 	}
 	if (AUDIT_MODE(profile) == AUDIT_QUIET ||
 	    (type == AUDIT_APPARMOR_DENIED &&
-	     AUDIT_MODE(profile) == AUDIT_QUIET))
+	     AUDIT_MODE(profile) == AUDIT_QUIET_DENIED))
 		return aad(sa)->error;
 
 	if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)