apparmor: add profile and ns params to aa_may_manage_policy()

Policy management will be expanded beyond traditional unconfined root. This will require knowning the profile of the task doing the management and the ns view. Signed-off-by: John Johansen <john.johansen@canonical.com>
2017-01-16 00:42:52 -08:00
parent fd2a80438d
commit 078c73c63f
3 changed files with 12 additions and 14 deletions
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -301,6 +301,6 @@ static inline int AUDIT_MODE(struct aa_profile *profile)

 bool policy_view_capable(struct aa_ns *ns);
 bool policy_admin_capable(struct aa_ns *ns);
-bool aa_may_manage_policy(int op);
+int aa_may_manage_policy(struct aa_profile *profile, struct aa_ns *ns, int op);

 #endif /* __AA_POLICY_H */