1 files changed, 18 insertions, 9 deletions
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index 87f40fa8c431..8f9ecac7f8de 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -77,14 +77,24 @@ static void audit_pre(struct audit_buffer *ab, void *ca)
                        audit_log_format(ab, " error=%d", aad(sa)->error);
        }
-        if (aad(sa)->profile) {
+        if (aad(sa)->label) {
-                struct aa_profile *profile = aad(sa)->profile;
+                struct aa_label *label = aad(sa)->label;
-                if (profile->ns != root_ns) {
-                        audit_log_format(ab, " namespace=");
+                if (label_isprofile(label)) {
-                        audit_log_untrustedstring(ab, profile->ns->base.hname);
+                        struct aa_profile *profile = labels_profile(label);
+                        if (profile->ns != root_ns) {
+                                audit_log_format(ab, " namespace=");
+                                audit_log_untrustedstring(ab,
+                                                       profile->ns->base.hname);
+                        }
+                        audit_log_format(ab, " profile=");
+                        audit_log_untrustedstring(ab, profile->base.hname);
+                } else {
+                        audit_log_format(ab, " label=");
+                        aa_label_xaudit(ab, root_ns, label, FLAG_VIEW_SUBNS,
+                                        GFP_ATOMIC);
                }
-                audit_log_format(ab, " profile=");
-                audit_log_untrustedstring(ab, profile->base.hname);
        }
        if (aad(sa)->name) {
@@ -139,8 +149,7 @@ int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
        if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
                type = AUDIT_APPARMOR_KILL;
-        if (!unconfined(profile))
+        aad(sa)->label = &profile->label;
-                aad(sa)->profile = profile;
        aa_audit_msg(type, sa, cb);

diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index 87f40fa8c431..8f9ecac7f8de 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c
@@ -77,14 +77,24 @@ static void audit_pre(struct audit_buffer ab, void ca)
77	audit_log_format(ab, " error=%d", aad(sa)->error);	77	audit_log_format(ab, " error=%d", aad(sa)->error);
78	}	78	}
79		79
80	if (aad(sa)->profile) {	80	if (aad(sa)->label) {
81	struct aa_profile *profile = aad(sa)->profile;	81	struct aa_label *label = aad(sa)->label;
82	if (profile->ns != root_ns) {	82
83	audit_log_format(ab, " namespace=");	83	if (label_isprofile(label)) {
84	audit_log_untrustedstring(ab, profile->ns->base.hname);	84	struct aa_profile *profile = labels_profile(label);
		85
		86	if (profile->ns != root_ns) {
		87	audit_log_format(ab, " namespace=");
		88	audit_log_untrustedstring(ab,
		89	profile->ns->base.hname);
		90	}
		91	audit_log_format(ab, " profile=");
		92	audit_log_untrustedstring(ab, profile->base.hname);
		93	} else {
		94	audit_log_format(ab, " label=");
		95	aa_label_xaudit(ab, root_ns, label, FLAG_VIEW_SUBNS,
		96	GFP_ATOMIC);
85	}	97	}
86	audit_log_format(ab, " profile=");
87	audit_log_untrustedstring(ab, profile->base.hname);
88	}	98	}
89		99
90	if (aad(sa)->name) {	100	if (aad(sa)->name) {
@@ -139,8 +149,7 @@ int aa_audit(int type, struct aa_profile profile, struct common_audit_data sa,
139	if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)	149	if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
140	type = AUDIT_APPARMOR_KILL;	150	type = AUDIT_APPARMOR_KILL;
141		151
142	if (!unconfined(profile))	152	aad(sa)->label = &profile->label;
143	aad(sa)->profile = profile;
144		153
145	aa_audit_msg(type, sa, cb);	154	aa_audit_msg(type, sa, cb);
146		155