From ca4bd5ae0ae4b7afffbd807d923ea76934512a82 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Mon, 16 Jan 2017 00:43:11 -0800
Subject: apparmor: add check for apparmor enabled in module parameters missing
 it

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/lsm.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index c249ea0e6328..fc82ac0247dc 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -750,6 +750,8 @@ static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp)
 {
 	if (!policy_view_capable(NULL))
 		return -EPERM;
+	if (!apparmor_enabled)
+		return -EINVAL;
 	return param_get_bool(buffer, kp);
 }
 
@@ -757,6 +759,8 @@ static int param_set_aabool(const char *val, const struct kernel_param *kp)
 {
 	if (!policy_admin_capable(NULL))
 		return -EPERM;
+	if (!apparmor_enabled)
+		return -EINVAL;
 	return param_set_bool(val, kp);
 }
 
@@ -764,6 +768,8 @@ static int param_get_aabool(char *buffer, const struct kernel_param *kp)
 {
 	if (!policy_view_capable(NULL))
 		return -EPERM;
+	if (!apparmor_enabled)
+		return -EINVAL;
 	return param_get_bool(buffer, kp);
 }
 
@@ -771,6 +777,8 @@ static int param_set_aauint(const char *val, const struct kernel_param *kp)
 {
 	if (!policy_admin_capable(NULL))
 		return -EPERM;
+	if (!apparmor_enabled)
+		return -EINVAL;
 	return param_set_uint(val, kp);
 }
 
@@ -778,6 +786,8 @@ static int param_get_aauint(char *buffer, const struct kernel_param *kp)
 {
 	if (!policy_view_capable(NULL))
 		return -EPERM;
+	if (!apparmor_enabled)
+		return -EINVAL;
 	return param_get_uint(buffer, kp);
 }
 
-- 
cgit v1.2.3-70-g09d2