introspection patch introduced a second copy of profile mode names in audit
that is not in sync with the one in policy. Merge them into a single
entity.
Signed-off-by: John Johansen <john.johan...@canonical.com>
---
security/apparmor/audit.c | 6 ------
security/apparmor/include/audit.h | 3 ---
security/apparmor/include/policy.h | 4 ++--
security/apparmor/lsm.c | 4 ++--
security/apparmor/policy.c | 3 ++-
security/apparmor/procattr.c | 2 +-
6 files changed, 7 insertions(+), 15 deletions(-)
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index 3f221c7..031d2d9 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -73,12 +73,6 @@ const char *const op_table[] = {
"profile_remove"
};
-const char *const aa_profile_mode_names[] = {
- "enforce",
- "complain",
- "kill"
-};
-
const char *const audit_mode_names[] = {
"normal",
"quiet_denied",
diff --git a/security/apparmor/include/audit.h
b/security/apparmor/include/audit.h
index 6539ab3..30e8d76 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -27,9 +27,6 @@ struct aa_profile;
extern const char *const audit_mode_names[];
#define AUDIT_MAX_INDEX 5
-
-extern const char *const aa_profile_mode_names[];
-
enum audit_mode {
AUDIT_NORMAL, /* follow normal auditing of accesses */
AUDIT_QUIET_DENIED, /* quiet all denied access messages */
diff --git a/security/apparmor/include/policy.h
b/security/apparmor/include/policy.h
index f3d94b3..4f7dbd6 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -29,8 +29,8 @@
#include "file.h"
#include "resource.h"
-extern const char *const profile_mode_names[];
-#define APPARMOR_NAMES_MAX_INDEX 3
+extern const char *const aa_profile_mode_names[];
+#define APPARMOR_NAMES_MAX_INDEX 4
#define PROFILE_MODE(_profile, _mode) \
((aa_g_profile_mode == (_mode)) || \
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index eb840ee..8e51e2e 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -848,7 +848,7 @@ static int param_get_mode(char *buffer, struct kernel_param
*kp)
if (!apparmor_enabled)
return -EINVAL;
- return sprintf(buffer, "%s", profile_mode_names[aa_g_profile_mode]);
+ return sprintf(buffer, "%s", aa_profile_mode_names[aa_g_profile_mode]);
}
static int param_set_mode(const char *val, struct kernel_param *kp)
@@ -864,7 +864,7 @@ static int param_set_mode(const char *val, struct
kernel_param *kp)
return -EINVAL;
for (i = 0; i < APPARMOR_NAMES_MAX_INDEX; i++) {
- if (strcmp(val, profile_mode_names[i]) == 0) {
+ if (strcmp(val, aa_profile_mode_names[i]) == 0) {
aa_g_profile_mode = i;
return 0;
}
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index ac5bb3d..4a5f55a 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -92,12 +92,13 @@
/* root profile namespace */
struct aa_namespace *root_ns;
-const char *const profile_mode_names[] = {
+const char *const aa_profile_mode_names[] = {
"enforce",
"complain",
"kill",
"unconfined",
};
+#define APPARMOR_NAMES_MAX_INDEX 4
/**
* hname_tail - find the last component of an hname
diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c
index 9c4995b..3914829 100644
--- a/security/apparmor/procattr.c
+++ b/security/apparmor/procattr.c
@@ -37,7 +37,7 @@ int aa_getprocattr(struct aa_profile *profile, char **string)
{
char *str;
int len = 0, mode_len = 0, ns_len = 0, name_len;
- const char *mode_str = profile_mode_names[profile->mode];
+ const char *mode_str = aa_profile_mode_names[profile->mode];
const char *ns_name = NULL;
struct aa_namespace *ns = profile->ns;
struct aa_namespace *current_ns = __aa_current_profile()->ns;
--
1.8.1.2
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
