From 92de220a7f336367127351da58cff691da5bb17b Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Tue, 30 Jun 2020 17:00:11 -0700
Subject: apparmor: update policy capable checks to use a label

Previously the policy capable checks assumed they were using the
current task. Make them take the task label so the query can be
made against an arbitrary task.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/apparmorfs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'security/apparmor/apparmorfs.c')

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index d65324415980..3275e074e5f8 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1357,7 +1357,7 @@ static int rawdata_open(struct inode *inode, struct file *file)
 	struct aa_loaddata *loaddata;
 	struct rawdata_f_data *private;
 
-	if (!policy_view_capable(NULL))
+	if (!aa_current_policy_view_capable(NULL))
 		return -EACCES;
 
 	loaddata = __aa_get_loaddata(inode->i_private);
@@ -2266,7 +2266,7 @@ static const struct seq_operations aa_sfs_profiles_op = {
 
 static int profiles_open(struct inode *inode, struct file *file)
 {
-	if (!policy_view_capable(NULL))
+	if (!aa_current_policy_view_capable(NULL))
 		return -EACCES;
 
 	return seq_open(file, &aa_sfs_profiles_op);
-- 
cgit