apparmor: update policy capable checks to use a label

Previously the policy capable checks assumed they were using the current task. Make them take the task label so the query can be made against an arbitrary task. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2020-07-01 03:00:11 +0300
committer: John Johansen <john.johansen@canonical.com> 2021-02-07 15:13:54 +0300
commit: 92de220a7f336367127351da58cff691da5bb17b (patch)
tree: d246001003718f842a473e2f57367eb69051be61 /security/apparmor/include/policy.h
parent: 5268d795d6888b202ad9f2b16a254cd00d0de77b (diff)
download: linux-92de220a7f336367127351da58cff691da5bb17b.tar.xz
1 files changed, 4 insertions, 2 deletions
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index b5b4b8190e65..cb5ef21991b7 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -301,9 +301,11 @@ static inline int AUDIT_MODE(struct aa_profile *profile)
 	return profile->audit;
 }
 
-bool policy_view_capable(struct aa_ns *ns);
-bool policy_admin_capable(struct aa_ns *ns);
+bool aa_policy_view_capable(struct aa_label *label, struct aa_ns *ns);
+bool aa_policy_admin_capable(struct aa_label *label, struct aa_ns *ns);
 int aa_may_manage_policy(struct aa_label *label, struct aa_ns *ns,
 			 u32 mask);
+bool aa_current_policy_view_capable(struct aa_ns *ns);
+bool aa_current_policy_admin_capable(struct aa_ns *ns);
 
 #endif /* __AA_POLICY_H */
author	John Johansen <john.johansen@canonical.com>	2020-07-01 03:00:11 +0300
committer	John Johansen <john.johansen@canonical.com>	2021-02-07 15:13:54 +0300
commit	92de220a7f336367127351da58cff691da5bb17b (patch)
tree	d246001003718f842a473e2f57367eb69051be61 /security/apparmor/include/policy.h
parent	5268d795d6888b202ad9f2b16a254cd00d0de77b (diff)
download	linux-92de220a7f336367127351da58cff691da5bb17b.tar.xz