nullperms represents a permissions set that allows nothing, so it should
never be changed by any of the code using it. Making it const will allow
this to be enforced or warned on at compile time.
Signed-off-by: Ryan Lee <ryan....@canonical.com>
---
This patch requires "apparmor: constify some of the pointer arguments of
audit_mount"
to be applied in order to compile without warnings.
security/apparmor/include/perms.h | 2 +-
security/apparmor/lib.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/apparmor/include/perms.h
b/security/apparmor/include/perms.h
index bbaa7d39a39a..a6784a8efad6 100644
--- a/security/apparmor/include/perms.h
+++ b/security/apparmor/include/perms.h
@@ -96,7 +96,7 @@ struct aa_perms {
#define AA_INDEX_NONE 0
#define ALL_PERMS_MASK 0xffffffff
-extern struct aa_perms nullperms;
+extern const struct aa_perms nullperms;
extern struct aa_perms allperms;
/**
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index 7db62213e352..a773a0070704 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -20,7 +20,7 @@
#include "include/perms.h"
#include "include/policy.h"
-struct aa_perms nullperms;
+const struct aa_perms nullperms;
struct aa_perms allperms = { .allow = ALL_PERMS_MASK,
.quiet = ALL_PERMS_MASK,
.hide = ALL_PERMS_MASK };
--
2.43.0
base-kernel: v6.14-rc5
target: v6.14
