Merge tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck...

[linux-drm-fsl-dcu.git] / security / apparmor / lsm.c

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 2e2a0dd4a73f1234425ded75027baea3b1e0b03e..4257b7e2796bf16e41db9ddca0e1f7c8e0d08a02 100644 (file)
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -145,7 +145,7 @@ static int apparmor_capable(const struct cred *cred, struct user_namespace *ns,
        if (!error) {
                profile = aa_cred_profile(cred);
                if (!unconfined(profile))
-                       error = aa_capable(current, profile, cap, audit);
+                       error = aa_capable(profile, cap, audit);
        }
        return error;
 }
@@ -508,19 +508,21 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
        /* released below */
        const struct cred *cred = get_task_cred(task);
        struct aa_task_cxt *cxt = cred_cxt(cred);
+       struct aa_profile *profile = NULL;
 
        if (strcmp(name, "current") == 0)
-               error = aa_getprocattr(aa_newest_version(cxt->profile),
-                                      value);
+               profile = aa_get_newest_profile(cxt->profile);
        else if (strcmp(name, "prev") == 0  && cxt->previous)
-               error = aa_getprocattr(aa_newest_version(cxt->previous),
-                                      value);
+               profile = aa_get_newest_profile(cxt->previous);
        else if (strcmp(name, "exec") == 0 && cxt->onexec)
-               error = aa_getprocattr(aa_newest_version(cxt->onexec),
-                                      value);
+               profile = aa_get_newest_profile(cxt->onexec);
        else
                error = -EINVAL;
 
+       if (profile)
+               error = aa_getprocattr(profile, value);
+
+       aa_put_profile(profile);
        put_cred(cred);
 
        return error;
@@ -666,6 +668,7 @@ static int param_set_aabool(const char *val, const struct kernel_param *kp);
 static int param_get_aabool(char *buffer, const struct kernel_param *kp);
 #define param_check_aabool param_check_bool
 static struct kernel_param_ops param_ops_aabool = {
+       .flags = KERNEL_PARAM_FL_NOARG,
        .set = param_set_aabool,
        .get = param_get_aabool
 };
@@ -682,6 +685,7 @@ static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp
 static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp);
 #define param_check_aalockpolicy param_check_bool
 static struct kernel_param_ops param_ops_aalockpolicy = {
+       .flags = KERNEL_PARAM_FL_NOARG,
        .set = param_set_aalockpolicy,
        .get = param_get_aalockpolicy
 };
@@ -742,7 +746,7 @@ module_param_named(paranoid_load, aa_g_paranoid_load, aabool,
 
 /* Boot time disable flag */
 static bool apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE;
-module_param_named(enabled, apparmor_enabled, aabool, S_IRUSR);
+module_param_named(enabled, apparmor_enabled, bool, S_IRUGO);
 
 static int __init apparmor_enabled_setup(char *str)
 {
@@ -841,7 +845,7 @@ static int param_get_mode(char *buffer, struct kernel_param *kp)
        if (!apparmor_enabled)
                return -EINVAL;
 
-       return sprintf(buffer, "%s", profile_mode_names[aa_g_profile_mode]);
+       return sprintf(buffer, "%s", aa_profile_mode_names[aa_g_profile_mode]);
 }
 
 static int param_set_mode(const char *val, struct kernel_param *kp)
@@ -856,8 +860,8 @@ static int param_set_mode(const char *val, struct kernel_param *kp)
        if (!val)
                return -EINVAL;
 
-       for (i = 0; i < APPARMOR_NAMES_MAX_INDEX; i++) {
-               if (strcmp(val, profile_mode_names[i]) == 0) {
+       for (i = 0; i < APPARMOR_MODE_NAMES_MAX_INDEX; i++) {
+               if (strcmp(val, aa_profile_mode_names[i]) == 0) {
                        aa_g_profile_mode = i;
                        return 0;
                }