[apparmor] [PATCH 5/5] apparmor: constify the allperms value to prevent inadvertent changes

Ryan Lee Mon, 03 Mar 2025 17:23:31 -0800

allperms represents a permissions set that allows everything, so it should
never be changed by any of the code using it. Making it const will allow
this to be enforced or warned on at compile time.


Signed-off-by: Ryan Lee <ryan....@canonical.com>
---
 security/apparmor/include/perms.h | 2 +-
 security/apparmor/lib.c           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/apparmor/include/perms.h 
b/security/apparmor/include/perms.h
index a8c43f4f6da0..76a39f7ea204 100644
--- a/security/apparmor/include/perms.h
+++ b/security/apparmor/include/perms.h
@@ -97,7 +97,7 @@ struct aa_perms {
 
 #define ALL_PERMS_MASK 0xffffffff
 extern struct aa_perms nullperms;
-extern struct aa_perms allperms;
+extern const struct aa_perms allperms;
 
 /**
  * aa_perms_accum_raw - accumulate perms with out masking off overlapping perms
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index e69db6499321..8e735f3945b5 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -21,7 +21,7 @@
 #include "include/policy.h"
 
 struct aa_perms nullperms;
-struct aa_perms allperms = { .allow = ALL_PERMS_MASK,
+const struct aa_perms allperms = { .allow = ALL_PERMS_MASK,
                             .quiet = ALL_PERMS_MASK,
                             .hide = ALL_PERMS_MASK };
 
-- 
2.43.0

[apparmor] [PATCH 5/5] apparmor: constify the allperms value to prevent inadvertent changes

Reply via email to