Merge tag 'v3.10.107' into update

[GitHub/mt8127/android_kernel_alcatel_ttab.git] / security / apparmor / domain.c

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 859abdaac1eafb62fddb202eb6fcdf3777e9daa2..15d172e39cf4435a661a09ed9a2fe29fdff0834f 100644 (file)
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -441,7 +441,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
                                new_profile = aa_get_profile(ns->unconfined);
                                info = "ux fallback";
                        } else {
-                               error = -ENOENT;
+                               error = -EACCES;
                                info = "profile not found";
                        }
                }
@@ -629,7 +629,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)
         * There is no exception for unconfined as change_hat is not
         * available.
         */
-       if (current->no_new_privs)
+       if (task_no_new_privs(current))
                return -EPERM;
 
        /* released below */
@@ -780,7 +780,7 @@ int aa_change_profile(const char *ns_name, const char *hname, bool onexec,
         * no_new_privs is set because this aways results in a reduction
         * of permissions.
         */
-       if (current->no_new_privs && !unconfined(profile)) {
+       if (task_no_new_privs(current) && !unconfined(profile)) {
                put_cred(cred);
                return -EPERM;
        }