apparmor: fix change_hat not finding hat after policy replacement
authorJohn Johansen <john.johansen@canonical.com>
Thu, 1 Sep 2016 04:10:06 +0000 (21:10 -0700)
committerJames Morris <james.l.morris@oracle.com>
Mon, 21 Nov 2016 07:01:28 +0000 (18:01 +1100)
commit3d40658c977769ce2138f286cf131537bf68bdfe
treea4413e2582ba4d840edb2e21e030e85d679f1b67
parent9c763584b7c8911106bb77af7e648bef09af9d80
apparmor: fix change_hat not finding hat after policy replacement

After a policy replacement, the task cred may be out of date and need
to be updated. However change_hat is using the stale profiles from
the out of date cred resulting in either: a stale profile being applied
or, incorrect failure when searching for a hat profile as it has been
migrated to the new parent profile.

Fixes: 01e2b670aa898a39259bc85c78e3d74820f4d3b6 (failure to find hat)
Fixes: 898127c34ec03291c86f4ff3856d79e9e18952bc (stale policy being applied)
Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1000287
Cc: stable@vger.kernel.org
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
security/apparmor/domain.c