aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/apparmor/lsm.c36
1 files changed, 24 insertions, 12 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 8db33a8b50c4..d5666d3cc21b 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -667,17 +667,29 @@ static struct security_operations apparmor_ops = {
667 * AppArmor sysfs module parameters 667 * AppArmor sysfs module parameters
668 */ 668 */
669 669
670static int param_set_aabool(const char *val, struct kernel_param *kp); 670static int param_set_aabool(const char *val, const struct kernel_param *kp);
671static int param_get_aabool(char *buffer, struct kernel_param *kp); 671static int param_get_aabool(char *buffer, const struct kernel_param *kp);
672#define param_check_aabool(name, p) __param_check(name, p, int) 672#define param_check_aabool(name, p) __param_check(name, p, int)
673static struct kernel_param_ops param_ops_aabool = {
674 .set = param_set_aabool,
675 .get = param_get_aabool
676};
673 677
674static int param_set_aauint(const char *val, struct kernel_param *kp); 678static int param_set_aauint(const char *val, const struct kernel_param *kp);
675static int param_get_aauint(char *buffer, struct kernel_param *kp); 679static int param_get_aauint(char *buffer, const struct kernel_param *kp);
676#define param_check_aauint(name, p) __param_check(name, p, int) 680#define param_check_aauint(name, p) __param_check(name, p, int)
681static struct kernel_param_ops param_ops_aauint = {
682 .set = param_set_aauint,
683 .get = param_get_aauint
684};
677 685
678static int param_set_aalockpolicy(const char *val, struct kernel_param *kp); 686static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp);
679static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp); 687static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp);
680#define param_check_aalockpolicy(name, p) __param_check(name, p, int) 688#define param_check_aalockpolicy(name, p) __param_check(name, p, int)
689static struct kernel_param_ops param_ops_aalockpolicy = {
690 .set = param_set_aalockpolicy,
691 .get = param_get_aalockpolicy
692};
681 693
682static int param_set_audit(const char *val, struct kernel_param *kp); 694static int param_set_audit(const char *val, struct kernel_param *kp);
683static int param_get_audit(char *buffer, struct kernel_param *kp); 695static int param_get_audit(char *buffer, struct kernel_param *kp);
@@ -751,7 +763,7 @@ static int __init apparmor_enabled_setup(char *str)
751__setup("apparmor=", apparmor_enabled_setup); 763__setup("apparmor=", apparmor_enabled_setup);
752 764
753/* set global flag turning off the ability to load policy */ 765/* set global flag turning off the ability to load policy */
754static int param_set_aalockpolicy(const char *val, struct kernel_param *kp) 766static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp)
755{ 767{
756 if (!capable(CAP_MAC_ADMIN)) 768 if (!capable(CAP_MAC_ADMIN))
757 return -EPERM; 769 return -EPERM;
@@ -760,35 +772,35 @@ static int param_set_aalockpolicy(const char *val, struct kernel_param *kp)
760 return param_set_bool(val, kp); 772 return param_set_bool(val, kp);
761} 773}
762 774
763static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp) 775static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp)
764{ 776{
765 if (!capable(CAP_MAC_ADMIN)) 777 if (!capable(CAP_MAC_ADMIN))
766 return -EPERM; 778 return -EPERM;
767 return param_get_bool(buffer, kp); 779 return param_get_bool(buffer, kp);
768} 780}
769 781
770static int param_set_aabool(const char *val, struct kernel_param *kp) 782static int param_set_aabool(const char *val, const struct kernel_param *kp)
771{ 783{
772 if (!capable(CAP_MAC_ADMIN)) 784 if (!capable(CAP_MAC_ADMIN))
773 return -EPERM; 785 return -EPERM;
774 return param_set_bool(val, kp); 786 return param_set_bool(val, kp);
775} 787}
776 788
777static int param_get_aabool(char *buffer, struct kernel_param *kp) 789static int param_get_aabool(char *buffer, const struct kernel_param *kp)
778{ 790{
779 if (!capable(CAP_MAC_ADMIN)) 791 if (!capable(CAP_MAC_ADMIN))
780 return -EPERM; 792 return -EPERM;
781 return param_get_bool(buffer, kp); 793 return param_get_bool(buffer, kp);
782} 794}
783 795
784static int param_set_aauint(const char *val, struct kernel_param *kp) 796static int param_set_aauint(const char *val, const struct kernel_param *kp)
785{ 797{
786 if (!capable(CAP_MAC_ADMIN)) 798 if (!capable(CAP_MAC_ADMIN))
787 return -EPERM; 799 return -EPERM;
788 return param_set_uint(val, kp); 800 return param_set_uint(val, kp);
789} 801}
790 802
791static int param_get_aauint(char *buffer, struct kernel_param *kp) 803static int param_get_aauint(char *buffer, const struct kernel_param *kp)
792{ 804{
793 if (!capable(CAP_MAC_ADMIN)) 805 if (!capable(CAP_MAC_ADMIN))
794 return -EPERM; 806 return -EPERM;