apparmor: fix quiet_denied for file rules

commit 68ff8540cc9e4ab557065b3f635c1ff4c96e1f1c upstream.

Global quieting of denied AppArmor generated file events is not
handled correctly. Unfortunately the is checking if quieting of all
audit events is set instead of just denied events.

Fixes: 67012e8209df ("AppArmor: basic auditing infrastructure.")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index 8f9ecac7f8dea26f2621ba63bcb05dd781af3584..e94a364c631f4bee0f32d187656c94a291d24dc4 100644 (file)
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -143,7 +143,7 @@ int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
        }
        if (AUDIT_MODE(profile) == AUDIT_QUIET ||
            (type == AUDIT_APPARMOR_DENIED &&
-            AUDIT_MODE(profile) == AUDIT_QUIET))
+            AUDIT_MODE(profile) == AUDIT_QUIET_DENIED))
                return aad(sa)->error;
 
        if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)