diff options
-rw-r--r-- | security/apparmor/lsm.c | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 8db33a8b50c4..d5666d3cc21b 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c | |||
@@ -667,17 +667,29 @@ static struct security_operations apparmor_ops = { | |||
667 | * AppArmor sysfs module parameters | 667 | * AppArmor sysfs module parameters |
668 | */ | 668 | */ |
669 | 669 | ||
670 | static int param_set_aabool(const char *val, struct kernel_param *kp); | 670 | static int param_set_aabool(const char *val, const struct kernel_param *kp); |
671 | static int param_get_aabool(char *buffer, struct kernel_param *kp); | 671 | static int param_get_aabool(char *buffer, const struct kernel_param *kp); |
672 | #define param_check_aabool(name, p) __param_check(name, p, int) | 672 | #define param_check_aabool(name, p) __param_check(name, p, int) |
673 | static struct kernel_param_ops param_ops_aabool = { | ||
674 | .set = param_set_aabool, | ||
675 | .get = param_get_aabool | ||
676 | }; | ||
673 | 677 | ||
674 | static int param_set_aauint(const char *val, struct kernel_param *kp); | 678 | static int param_set_aauint(const char *val, const struct kernel_param *kp); |
675 | static int param_get_aauint(char *buffer, struct kernel_param *kp); | 679 | static int param_get_aauint(char *buffer, const struct kernel_param *kp); |
676 | #define param_check_aauint(name, p) __param_check(name, p, int) | 680 | #define param_check_aauint(name, p) __param_check(name, p, int) |
681 | static struct kernel_param_ops param_ops_aauint = { | ||
682 | .set = param_set_aauint, | ||
683 | .get = param_get_aauint | ||
684 | }; | ||
677 | 685 | ||
678 | static int param_set_aalockpolicy(const char *val, struct kernel_param *kp); | 686 | static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp); |
679 | static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp); | 687 | static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp); |
680 | #define param_check_aalockpolicy(name, p) __param_check(name, p, int) | 688 | #define param_check_aalockpolicy(name, p) __param_check(name, p, int) |
689 | static struct kernel_param_ops param_ops_aalockpolicy = { | ||
690 | .set = param_set_aalockpolicy, | ||
691 | .get = param_get_aalockpolicy | ||
692 | }; | ||
681 | 693 | ||
682 | static int param_set_audit(const char *val, struct kernel_param *kp); | 694 | static int param_set_audit(const char *val, struct kernel_param *kp); |
683 | static int param_get_audit(char *buffer, struct kernel_param *kp); | 695 | static int param_get_audit(char *buffer, struct kernel_param *kp); |
@@ -751,7 +763,7 @@ static int __init apparmor_enabled_setup(char *str) | |||
751 | __setup("apparmor=", apparmor_enabled_setup); | 763 | __setup("apparmor=", apparmor_enabled_setup); |
752 | 764 | ||
753 | /* set global flag turning off the ability to load policy */ | 765 | /* set global flag turning off the ability to load policy */ |
754 | static int param_set_aalockpolicy(const char *val, struct kernel_param *kp) | 766 | static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp) |
755 | { | 767 | { |
756 | if (!capable(CAP_MAC_ADMIN)) | 768 | if (!capable(CAP_MAC_ADMIN)) |
757 | return -EPERM; | 769 | return -EPERM; |
@@ -760,35 +772,35 @@ static int param_set_aalockpolicy(const char *val, struct kernel_param *kp) | |||
760 | return param_set_bool(val, kp); | 772 | return param_set_bool(val, kp); |
761 | } | 773 | } |
762 | 774 | ||
763 | static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp) | 775 | static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp) |
764 | { | 776 | { |
765 | if (!capable(CAP_MAC_ADMIN)) | 777 | if (!capable(CAP_MAC_ADMIN)) |
766 | return -EPERM; | 778 | return -EPERM; |
767 | return param_get_bool(buffer, kp); | 779 | return param_get_bool(buffer, kp); |
768 | } | 780 | } |
769 | 781 | ||
770 | static int param_set_aabool(const char *val, struct kernel_param *kp) | 782 | static int param_set_aabool(const char *val, const struct kernel_param *kp) |
771 | { | 783 | { |
772 | if (!capable(CAP_MAC_ADMIN)) | 784 | if (!capable(CAP_MAC_ADMIN)) |
773 | return -EPERM; | 785 | return -EPERM; |
774 | return param_set_bool(val, kp); | 786 | return param_set_bool(val, kp); |
775 | } | 787 | } |
776 | 788 | ||
777 | static int param_get_aabool(char *buffer, struct kernel_param *kp) | 789 | static int param_get_aabool(char *buffer, const struct kernel_param *kp) |
778 | { | 790 | { |
779 | if (!capable(CAP_MAC_ADMIN)) | 791 | if (!capable(CAP_MAC_ADMIN)) |
780 | return -EPERM; | 792 | return -EPERM; |
781 | return param_get_bool(buffer, kp); | 793 | return param_get_bool(buffer, kp); |
782 | } | 794 | } |
783 | 795 | ||
784 | static int param_set_aauint(const char *val, struct kernel_param *kp) | 796 | static int param_set_aauint(const char *val, const struct kernel_param *kp) |
785 | { | 797 | { |
786 | if (!capable(CAP_MAC_ADMIN)) | 798 | if (!capable(CAP_MAC_ADMIN)) |
787 | return -EPERM; | 799 | return -EPERM; |
788 | return param_set_uint(val, kp); | 800 | return param_set_uint(val, kp); |
789 | } | 801 | } |
790 | 802 | ||
791 | static int param_get_aauint(char *buffer, struct kernel_param *kp) | 803 | static int param_get_aauint(char *buffer, const struct kernel_param *kp) |
792 | { | 804 | { |
793 | if (!capable(CAP_MAC_ADMIN)) | 805 | if (!capable(CAP_MAC_ADMIN)) |
794 | return -EPERM; | 806 | return -EPERM; |