diff options
Diffstat (limited to 'security/apparmor/lsm.c')
-rw-r--r-- | security/apparmor/lsm.c | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 2e2a0dd4a73f..fb99e18123b4 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c | |||
@@ -508,19 +508,21 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, | |||
508 | /* released below */ | 508 | /* released below */ |
509 | const struct cred *cred = get_task_cred(task); | 509 | const struct cred *cred = get_task_cred(task); |
510 | struct aa_task_cxt *cxt = cred_cxt(cred); | 510 | struct aa_task_cxt *cxt = cred_cxt(cred); |
511 | struct aa_profile *profile = NULL; | ||
511 | 512 | ||
512 | if (strcmp(name, "current") == 0) | 513 | if (strcmp(name, "current") == 0) |
513 | error = aa_getprocattr(aa_newest_version(cxt->profile), | 514 | profile = aa_get_newest_profile(cxt->profile); |
514 | value); | ||
515 | else if (strcmp(name, "prev") == 0 && cxt->previous) | 515 | else if (strcmp(name, "prev") == 0 && cxt->previous) |
516 | error = aa_getprocattr(aa_newest_version(cxt->previous), | 516 | profile = aa_get_newest_profile(cxt->previous); |
517 | value); | ||
518 | else if (strcmp(name, "exec") == 0 && cxt->onexec) | 517 | else if (strcmp(name, "exec") == 0 && cxt->onexec) |
519 | error = aa_getprocattr(aa_newest_version(cxt->onexec), | 518 | profile = aa_get_newest_profile(cxt->onexec); |
520 | value); | ||
521 | else | 519 | else |
522 | error = -EINVAL; | 520 | error = -EINVAL; |
523 | 521 | ||
522 | if (profile) | ||
523 | error = aa_getprocattr(profile, value); | ||
524 | |||
525 | aa_put_profile(profile); | ||
524 | put_cred(cred); | 526 | put_cred(cred); |
525 | 527 | ||
526 | return error; | 528 | return error; |
@@ -666,6 +668,7 @@ static int param_set_aabool(const char *val, const struct kernel_param *kp); | |||
666 | static int param_get_aabool(char *buffer, const struct kernel_param *kp); | 668 | static int param_get_aabool(char *buffer, const struct kernel_param *kp); |
667 | #define param_check_aabool param_check_bool | 669 | #define param_check_aabool param_check_bool |
668 | static struct kernel_param_ops param_ops_aabool = { | 670 | static struct kernel_param_ops param_ops_aabool = { |
671 | .flags = KERNEL_PARAM_FL_NOARG, | ||
669 | .set = param_set_aabool, | 672 | .set = param_set_aabool, |
670 | .get = param_get_aabool | 673 | .get = param_get_aabool |
671 | }; | 674 | }; |
@@ -682,6 +685,7 @@ static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp | |||
682 | static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp); | 685 | static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp); |
683 | #define param_check_aalockpolicy param_check_bool | 686 | #define param_check_aalockpolicy param_check_bool |
684 | static struct kernel_param_ops param_ops_aalockpolicy = { | 687 | static struct kernel_param_ops param_ops_aalockpolicy = { |
688 | .flags = KERNEL_PARAM_FL_NOARG, | ||
685 | .set = param_set_aalockpolicy, | 689 | .set = param_set_aalockpolicy, |
686 | .get = param_get_aalockpolicy | 690 | .get = param_get_aalockpolicy |
687 | }; | 691 | }; |
@@ -742,7 +746,7 @@ module_param_named(paranoid_load, aa_g_paranoid_load, aabool, | |||
742 | 746 | ||
743 | /* Boot time disable flag */ | 747 | /* Boot time disable flag */ |
744 | static bool apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE; | 748 | static bool apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE; |
745 | module_param_named(enabled, apparmor_enabled, aabool, S_IRUSR); | 749 | module_param_named(enabled, apparmor_enabled, bool, S_IRUGO); |
746 | 750 | ||
747 | static int __init apparmor_enabled_setup(char *str) | 751 | static int __init apparmor_enabled_setup(char *str) |
748 | { | 752 | { |
@@ -841,7 +845,7 @@ static int param_get_mode(char *buffer, struct kernel_param *kp) | |||
841 | if (!apparmor_enabled) | 845 | if (!apparmor_enabled) |
842 | return -EINVAL; | 846 | return -EINVAL; |
843 | 847 | ||
844 | return sprintf(buffer, "%s", profile_mode_names[aa_g_profile_mode]); | 848 | return sprintf(buffer, "%s", aa_profile_mode_names[aa_g_profile_mode]); |
845 | } | 849 | } |
846 | 850 | ||
847 | static int param_set_mode(const char *val, struct kernel_param *kp) | 851 | static int param_set_mode(const char *val, struct kernel_param *kp) |
@@ -856,8 +860,8 @@ static int param_set_mode(const char *val, struct kernel_param *kp) | |||
856 | if (!val) | 860 | if (!val) |
857 | return -EINVAL; | 861 | return -EINVAL; |
858 | 862 | ||
859 | for (i = 0; i < APPARMOR_NAMES_MAX_INDEX; i++) { | 863 | for (i = 0; i < APPARMOR_MODE_NAMES_MAX_INDEX; i++) { |
860 | if (strcmp(val, profile_mode_names[i]) == 0) { | 864 | if (strcmp(val, aa_profile_mode_names[i]) == 0) { |
861 | aa_g_profile_mode = i; | 865 | aa_g_profile_mode = i; |
862 | return 0; | 866 | return 0; |
863 | } | 867 | } |