Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull apparmor bugfix from James Morris:
 "This has a fix for a policy replacement bug that is fairly serious for
  apache mod_apparmor users, as it results in the wrong policy being
  applied on an network facing service"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  apparmor: fix change_hat not finding hat after policy replacement

1 files changed, 4 insertions, 2 deletions

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index fc3036b34e51..a4d90aa1045a 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -621,8 +621,8 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)
         /* released below */
         cred = get_current_cred();
         cxt = cred_cxt(cred);
-        profile = aa_cred_profile(cred);
-        previous_profile = cxt->previous;
+        profile = aa_get_newest_profile(aa_cred_profile(cred));
+        previous_profile = aa_get_newest_profile(cxt->previous);
 
         if (unconfined(profile)) {
                 info = "unconfined";
@@ -718,6 +718,8 @@ audit:
 out:
         aa_put_profile(hat);
         kfree(name);
+        aa_put_profile(profile);
+        aa_put_profile(previous_profile);
         put_cred(cred);
 
         return error;