[apparmor] [PATCH 1/2] apparmor: create an AA_SFS_TYPE_BOOLEAN_INTPRINT sysctl variant

Fri, 14 Mar 2025 15:28:47 -0700 

This is a variant of AA_SFS_TYPE_BOOLEAN that gets printed to userspace
as the integers 0/1 instead of as the strings "no"/"yes", for backwards
compatibility with userspace applications expecting integer values for
semantic booleans.

Signed-off-by: Ryan Lee <[email protected]>
---
 security/apparmor/apparmorfs.c         | 4 ++++
 security/apparmor/include/apparmorfs.h | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index b16756e7b8a8..92f034f369c2 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1210,6 +1210,10 @@ static int aa_sfs_seq_show(struct seq_file *seq, void *v)
        case AA_SFS_TYPE_BOOLEAN:
                seq_printf(seq, "%s\n", str_yes_no(fs_file->v.boolean));
                break;
+       case AA_SFS_TYPE_BOOLEAN_INTPRINT:
+               // Allow printing the boolean as 0/1 for backwards compatibility
+               seq_printf(seq, "%s\n", fs_file->v.boolean ? "1" : "0");
+               break;
        case AA_SFS_TYPE_STRING:
                seq_printf(seq, "%s\n", fs_file->v.string);
                break;
diff --git a/security/apparmor/include/apparmorfs.h 
b/security/apparmor/include/apparmorfs.h
index a21855ad7fb8..61d37ab9ee4b 100644
--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -15,6 +15,8 @@ extern struct path aa_null;
 
 enum aa_sfs_type {
        AA_SFS_TYPE_BOOLEAN,
+       // Boolean that gets printed as 0/1 for backwards compatibility
+       AA_SFS_TYPE_BOOLEAN_INTPRINT,
        AA_SFS_TYPE_STRING,
        AA_SFS_TYPE_U64,
        AA_SFS_TYPE_FOPS,
@@ -43,6 +45,10 @@ extern const struct file_operations aa_sfs_seq_file_ops;
        { .name = (_name), .mode = 0444, \
          .v_type = AA_SFS_TYPE_BOOLEAN, .v.boolean = (_value), \
          .file_ops = &aa_sfs_seq_file_ops }
+#define AA_SFS_FILE_BOOLEAN_INTPRINT(_name, _value) \
+       { .name = (_name), .mode = 0444, \
+         .v_type = AA_SFS_TYPE_BOOLEAN_INTPRINT, .v.boolean = (_value), \
+         .file_ops = &aa_sfs_seq_file_ops }
 #define AA_SFS_FILE_STRING(_name, _value) \
        { .name = (_name), .mode = 0444, \
          .v_type = AA_SFS_TYPE_STRING, .v.string = (_value), \
-- 
2.43.0
base-kernel: Ubuntu-6.14.0-7.7
target: Ubuntu-kernel

Reply via email to