apparmor: fix 'Do simple duplicate message elimination'

chao liu · jrjohansen · commit 9b897132424f · 2024-11-26T19:21:05.000-08:00
Multiple profiles shared 'ent->caps', so some logs missed. Fixes: 0ed3b28 ("AppArmor: mediation of non file objects") Signed-off-by: chao liu <liuzgyid@outlook.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
@@ -96,6 +96,8 @@ static int audit_caps(struct apparmor_audit_data *ad, struct aa_profile *profile
 		return error;
 	} else {
 		aa_put_profile(ent->profile);
+		if (profile != ent->profile)
+			cap_clear(ent->caps);
 		ent->profile = aa_get_profile(profile);
 		cap_raise(ent->caps, cap);
 	}

Original file line number	Diff line number	Diff line change
`@@ -96,6 +96,8 @@ static int audit_caps(struct apparmor_audit_data ad, struct aa_profile profile`
`96`	`96`	`return error;`
`97`	`97`	`} else {`
`98`	`98`	`aa_put_profile(ent->profile);`
	`99`	`+ if (profile != ent->profile)`
	`100`	`+ cap_clear(ent->caps);`
`99`	`101`	`ent->profile = aa_get_profile(profile);`
`100`	`102`	`cap_raise(ent->caps, cap);`
`101`	`103`	`}`