apparmor: fix parameters so that the permission test is bypassed at boot
commit545de8fe0f1b3b97d6a29a78ccdc3403a8296710
authorJohn Johansen <john.johansen@canonical.com>
Thu, 6 Apr 2017 13:55:23 +0000 (6 06:55 -0700)
committerJames Morris <james.l.morris@oracle.com>
Thu, 6 Apr 2017 22:58:36 +0000 (7 08:58 +1000)
treea45d6a8fc236a5dccf3244234c1a229d8fbacb0a
parentb9b144bcafbdd53f68e227968009327b76db08a4
apparmor: fix parameters so that the permission test is bypassed at boot

Boot parameters are written before apparmor is ready to answer whether
the user is policy_view_capable(). Setting the parameters at boot results
in an oops and failure to boot. Setting the parameters at boot is
obviously allowed so skip the permission check when apparmor is not
initialized.

While we are at it move the more complicated check to last.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
security/apparmor/include/lib.h
security/apparmor/lsm.c