[apparmor] [PATCH 1/2] apparmor: create an AA_SFS_TYPE_BOOLEAN_INTPRINT sysctl variant

Ryan Lee ryan.lee at canonical.com
Fri Mar 14 18:33:37 UTC 2025 

This is a variant of AA_SFS_TYPE_BOOLEAN that gets printed to userspace
as the integers 0/1 instead of as the strings "no"/"yes", for backwards
compatibility with userspace applications expecting integer values for
semantic booleans.

Signed-off-by: Ryan Lee <ryan.lee at canonical.com>
---
 security/apparmor/apparmorfs.c         | 4 ++++
 security/apparmor/include/apparmorfs.h | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index b16756e7b8a8..92f034f369c2 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1210,6 +1210,10 @@ static int aa_sfs_seq_show(struct seq_file *seq, void *v)
 	case AA_SFS_TYPE_BOOLEAN:
 		seq_printf(seq, "%s\n", str_yes_no(fs_file->v.boolean));
 		break;
+	case AA_SFS_TYPE_BOOLEAN_INTPRINT:
+		// Allow printing the boolean as 0/1 for backwards compatibility
+		seq_printf(seq, "%s\n", fs_file->v.boolean ? "1" : "0");
+		break;
 	case AA_SFS_TYPE_STRING:
 		seq_printf(seq, "%s\n", fs_file->v.string);
 		break;
diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
index a21855ad7fb8..61d37ab9ee4b 100644
--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -15,6 +15,8 @@ extern struct path aa_null;
 
 enum aa_sfs_type {
 	AA_SFS_TYPE_BOOLEAN,
+	// Boolean that gets printed as 0/1 for backwards compatibility
+	AA_SFS_TYPE_BOOLEAN_INTPRINT,
 	AA_SFS_TYPE_STRING,
 	AA_SFS_TYPE_U64,
 	AA_SFS_TYPE_FOPS,
@@ -43,6 +45,10 @@ extern const struct file_operations aa_sfs_seq_file_ops;
 	{ .name = (_name), .mode = 0444, \
 	  .v_type = AA_SFS_TYPE_BOOLEAN, .v.boolean = (_value), \
 	  .file_ops = &aa_sfs_seq_file_ops }
+#define AA_SFS_FILE_BOOLEAN_INTPRINT(_name, _value) \
+	{ .name = (_name), .mode = 0444, \
+	  .v_type = AA_SFS_TYPE_BOOLEAN_INTPRINT, .v.boolean = (_value), \
+	  .file_ops = &aa_sfs_seq_file_ops }
 #define AA_SFS_FILE_STRING(_name, _value) \
 	{ .name = (_name), .mode = 0444, \
 	  .v_type = AA_SFS_TYPE_STRING, .v.string = (_value), \
-- 
2.43.0
base-kernel: Ubuntu-6.14.0-7.7
target: Ubuntu-kernel

More information about the AppArmor mailing list