introspection patch introduced a second copy of profile mode names in audit that is not in sync with the one in policy. Merge them into a single entity.
Signed-off-by: John Johansen <john.johan...@canonical.com> --- security/apparmor/audit.c | 6 ------ security/apparmor/include/audit.h | 3 --- security/apparmor/include/policy.h | 4 ++-- security/apparmor/lsm.c | 4 ++-- security/apparmor/policy.c | 3 ++- security/apparmor/procattr.c | 2 +- 6 files changed, 7 insertions(+), 15 deletions(-) diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index 3f221c7..031d2d9 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c @@ -73,12 +73,6 @@ const char *const op_table[] = { "profile_remove" }; -const char *const aa_profile_mode_names[] = { - "enforce", - "complain", - "kill" -}; - const char *const audit_mode_names[] = { "normal", "quiet_denied", diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index 6539ab3..30e8d76 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -27,9 +27,6 @@ struct aa_profile; extern const char *const audit_mode_names[]; #define AUDIT_MAX_INDEX 5 - -extern const char *const aa_profile_mode_names[]; - enum audit_mode { AUDIT_NORMAL, /* follow normal auditing of accesses */ AUDIT_QUIET_DENIED, /* quiet all denied access messages */ diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h index f3d94b3..4f7dbd6 100644 --- a/security/apparmor/include/policy.h +++ b/security/apparmor/include/policy.h @@ -29,8 +29,8 @@ #include "file.h" #include "resource.h" -extern const char *const profile_mode_names[]; -#define APPARMOR_NAMES_MAX_INDEX 3 +extern const char *const aa_profile_mode_names[]; +#define APPARMOR_NAMES_MAX_INDEX 4 #define PROFILE_MODE(_profile, _mode) \ ((aa_g_profile_mode == (_mode)) || \ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index eb840ee..8e51e2e 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -848,7 +848,7 @@ static int param_get_mode(char *buffer, struct kernel_param *kp) if (!apparmor_enabled) return -EINVAL; - return sprintf(buffer, "%s", profile_mode_names[aa_g_profile_mode]); + return sprintf(buffer, "%s", aa_profile_mode_names[aa_g_profile_mode]); } static int param_set_mode(const char *val, struct kernel_param *kp) @@ -864,7 +864,7 @@ static int param_set_mode(const char *val, struct kernel_param *kp) return -EINVAL; for (i = 0; i < APPARMOR_NAMES_MAX_INDEX; i++) { - if (strcmp(val, profile_mode_names[i]) == 0) { + if (strcmp(val, aa_profile_mode_names[i]) == 0) { aa_g_profile_mode = i; return 0; } diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index ac5bb3d..4a5f55a 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -92,12 +92,13 @@ /* root profile namespace */ struct aa_namespace *root_ns; -const char *const profile_mode_names[] = { +const char *const aa_profile_mode_names[] = { "enforce", "complain", "kill", "unconfined", }; +#define APPARMOR_NAMES_MAX_INDEX 4 /** * hname_tail - find the last component of an hname diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index 9c4995b..3914829 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -37,7 +37,7 @@ int aa_getprocattr(struct aa_profile *profile, char **string) { char *str; int len = 0, mode_len = 0, ns_len = 0, name_len; - const char *mode_str = profile_mode_names[profile->mode]; + const char *mode_str = aa_profile_mode_names[profile->mode]; const char *ns_name = NULL; struct aa_namespace *ns = profile->ns; struct aa_namespace *current_ns = __aa_current_profile()->ns; -- 1.8.1.2 -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor