Received: by 2002:a05:6358:5282:b0:b5:90e7:25cb with SMTP id g2csp3415288rwa; Tue, 23 Aug 2022 04:31:24 -0700 (PDT) X-Google-Smtp-Source: AA6agR4jyShrVSV/mzfn0/m/bWFcTHR+ZTAiWeertwiMDKCeVL3rG8XMSSXWU1U+gHzGyqhklPgX X-Received: by 2002:a63:4b07:0:b0:422:e1a4:50bf with SMTP id y7-20020a634b07000000b00422e1a450bfmr20529992pga.295.1661254167575; Tue, 23 Aug 2022 04:29:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661254167; cv=none; d=google.com; s=arc-20160816; b=bGJyiDo/2xUZS8rBmzhY91ujZjiXPbNVT6cuxqrTKjxHSE+k/QHEivjqSHe548OjeF kZgounwQ8WPzA6IUu7T6LiFlkFmnHE5m3KoObNoxSBffPGqyDyB+49wDNUh0UWRzX10C 2vSN3TV+ugg0hoJjkSj8ruZiH4ys6WX9oSv3QWtc5/mdq61DiAxo6h5yhsQ8cqntc2Dj kbCFiwiKtVh27zS49NX66U9AUw0iB7hV+lK/GQDAPcd7QcAJFdjvxdjkf5HNimI1t28x xI9AdEGrHtbHaQDFSvjtfcihRbV96oUiOxIdF8BrSRD/7lu3qr349n37119c+jqSW3IX 1xWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=KeLZKOMmbVLGQ/oeCxF8j3bKmpuX+GnrLV+yltxZrv4=; b=yX73ICjG24JPiB/Wmd1QZnIrhXt4oC+GMnPtmXZmmdUUz68VH/H5TD9jAYv4nS4+yb zBh9u7wznFxTWe0AIxTcLV/zYMto7F/5ULZtmxIA4q410v/cVXDJaJ+/+DndNlDAwy/q vFFkRkdboy51fj9T6jBzJXBbIpBUoKW1Mk6JszyiIafHxaa0Wqw6Dnmbp28LovDU69EJ 96MJTneT8s7E1+G2t0yjxijeYnEekRpHBkB3Y/OHRjWUCTOax3agU+8cEeyQmhoJmVOe dgemjktDE5XbooW/C3X0I+o6DYtQkQ2Eg18T2FbtsxnSq4dMj3oOZO2xxudG817OOpqq xrxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=vh9Iedn+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t18-20020a17090ae51200b001f72e6d910fsi16843450pjy.15.2022.08.23.04.29.16; Tue, 23 Aug 2022 04:29:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=vh9Iedn+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1356415AbiHWKyJ (ORCPT + 99 others); Tue, 23 Aug 2022 06:54:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56728 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1355984AbiHWKqG (ORCPT ); Tue, 23 Aug 2022 06:46:06 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4E27274DF6; Tue, 23 Aug 2022 02:11:35 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A1E1460F85; Tue, 23 Aug 2022 09:11:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8C233C433B5; Tue, 23 Aug 2022 09:11:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1661245894; bh=o5kMqKGNeYaD1QjftcGevNh2DTWdrdudlXdleTnx8zM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vh9Iedn+mFjnUK19RPXvM/I//mIuujd0TbWfz+P+yITn39BGtugUjCRPIaChlI7xl K3O48o3vxSTS5tIbMLLI2ZiZNdAnW8yMnroQVK04Udip1Cfbqkw0qPREtjkRAhbmbV sTpQCjLysEKQvuobtkuKZOO60od+iPlVeuoeH95A= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, John Johansen Subject: [PATCH 4.19 223/287] apparmor: fix quiet_denied for file rules Date: Tue, 23 Aug 2022 10:26:32 +0200 Message-Id: <20220823080108.509062348@linuxfoundation.org> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220823080100.268827165@linuxfoundation.org> References: <20220823080100.268827165@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: John Johansen commit 68ff8540cc9e4ab557065b3f635c1ff4c96e1f1c upstream. Global quieting of denied AppArmor generated file events is not handled correctly. Unfortunately the is checking if quieting of all audit events is set instead of just denied events. Fixes: 67012e8209df ("AppArmor: basic auditing infrastructure.") Signed-off-by: John Johansen Signed-off-by: Greg Kroah-Hartman --- security/apparmor/audit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c @@ -143,7 +143,7 @@ int aa_audit(int type, struct aa_profile } if (AUDIT_MODE(profile) == AUDIT_QUIET || (type == AUDIT_APPARMOR_DENIED && - AUDIT_MODE(profile) == AUDIT_QUIET)) + AUDIT_MODE(profile) == AUDIT_QUIET_DENIED)) return aad(sa)->error; if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)