apparmor: update policy capable checks to use a label

Previously the policy capable checks assumed they were using the current task. Make them take the task label so the query can be made against an arbitrary task. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2020-06-30 17:00:11 -0700
committer: John Johansen <john.johansen@canonical.com> 2021-02-07 04:13:54 -0800
commit: 92de220a7f336367127351da58cff691da5bb17b (patch)
tree: d246001003718f842a473e2f57367eb69051be61 /security/apparmor/apparmorfs.c
parent: 5268d795d6888b202ad9f2b16a254cd00d0de77b (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index d65324415980..3275e074e5f8 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1357,7 +1357,7 @@ static int rawdata_open(struct inode *inode, struct file *file)
 	struct aa_loaddata *loaddata;
 	struct rawdata_f_data *private;
 
-	if (!policy_view_capable(NULL))
+	if (!aa_current_policy_view_capable(NULL))
 		return -EACCES;
 
 	loaddata = __aa_get_loaddata(inode->i_private);
@@ -2266,7 +2266,7 @@ static const struct seq_operations aa_sfs_profiles_op = {
 
 static int profiles_open(struct inode *inode, struct file *file)
 {
-	if (!policy_view_capable(NULL))
+	if (!aa_current_policy_view_capable(NULL))
 		return -EACCES;
 
 	return seq_open(file, &aa_sfs_profiles_op);
author	John Johansen <john.johansen@canonical.com>	2020-06-30 17:00:11 -0700
committer	John Johansen <john.johansen@canonical.com>	2021-02-07 04:13:54 -0800
commit	92de220a7f336367127351da58cff691da5bb17b (patch)
tree	d246001003718f842a473e2f57367eb69051be61 /security/apparmor/apparmorfs.c
parent	5268d795d6888b202ad9f2b16a254cd00d0de77b (diff)