Loading security/apparmor/Kconfig +29 −2 Original line number Diff line number Diff line Loading @@ -36,7 +36,6 @@ config SECURITY_APPARMOR_HASH select CRYPTO select CRYPTO_SHA1 default y help This option selects whether introspection of loaded policy is available to userspace via the apparmor filesystem. Loading @@ -45,7 +44,6 @@ config SECURITY_APPARMOR_HASH_DEFAULT bool "Enable policy hash introspection by default" depends on SECURITY_APPARMOR_HASH default y help This option selects whether sha1 hashing of loaded policy is enabled by default. The generation of sha1 hashes for Loading @@ -54,3 +52,32 @@ config SECURITY_APPARMOR_HASH_DEFAULT however it can slow down policy load on some devices. In these cases policy hashing can be disabled by default and enabled only if needed. config SECURITY_APPARMOR_DEBUG bool "Build AppArmor with debug code" depends on SECURITY_APPARMOR default n help Build apparmor with debugging logic in apparmor. Not all debugging logic will necessarily be enabled. A submenu will provide fine grained control of the debug options that are available. config SECURITY_APPARMOR_DEBUG_ASSERTS bool "Build AppArmor with debugging asserts" depends on SECURITY_APPARMOR_DEBUG default y help Enable code assertions made with AA_BUG. These are primarily function entry preconditions but also exist at other key points. If the assert is triggered it will trigger a WARN message. config SECURITY_APPARMOR_DEBUG_MESSAGES bool "Debug messages enabled by default" depends on SECURITY_APPARMOR_DEBUG default n help Set the default value of the apparmor.debug kernel parameter. When enabled, various debug messages will be logged to the kernel message buffer. security/apparmor/include/lib.h +13 −1 Original line number Diff line number Diff line Loading @@ -35,12 +35,24 @@ * which is not related to profile accesses. */ #define DEBUG_ON (aa_g_debug) #define dbg_printk(__fmt, __args...) pr_debug(__fmt, ##__args) #define AA_DEBUG(fmt, args...) \ do { \ if (aa_g_debug) \ if (DEBUG_ON) \ pr_debug_ratelimited("AppArmor: " fmt, ##args); \ } while (0) #define AA_WARN(X) WARN((X), "APPARMOR WARN %s: %s\n", __func__, #X) #define AA_BUG(X, args...) AA_BUG_FMT((X), "" args) #ifdef CONFIG_SECURITY_APPARMOR_DEBUG_ASSERTS #define AA_BUG_FMT(X, fmt, args...) \ WARN((X), "AppArmor WARN %s: (" #X "): " fmt, __func__, ##args) #else #define AA_BUG_FMT(X, fmt, args...) #endif #define AA_ERROR(fmt, args...) \ pr_err_ratelimited("AppArmor: " fmt, ##args) Loading security/apparmor/lsm.c +1 −1 Original line number Diff line number Diff line Loading @@ -681,7 +681,7 @@ module_param_named(hash_policy, aa_g_hash_policy, aabool, S_IRUSR | S_IWUSR); #endif /* Debug mode */ bool aa_g_debug; bool aa_g_debug = IS_ENABLED(CONFIG_SECURITY_DEBUG_MESSAGES); module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR); /* Audit mode */ Loading Loading
security/apparmor/Kconfig +29 −2 Original line number Diff line number Diff line Loading @@ -36,7 +36,6 @@ config SECURITY_APPARMOR_HASH select CRYPTO select CRYPTO_SHA1 default y help This option selects whether introspection of loaded policy is available to userspace via the apparmor filesystem. Loading @@ -45,7 +44,6 @@ config SECURITY_APPARMOR_HASH_DEFAULT bool "Enable policy hash introspection by default" depends on SECURITY_APPARMOR_HASH default y help This option selects whether sha1 hashing of loaded policy is enabled by default. The generation of sha1 hashes for Loading @@ -54,3 +52,32 @@ config SECURITY_APPARMOR_HASH_DEFAULT however it can slow down policy load on some devices. In these cases policy hashing can be disabled by default and enabled only if needed. config SECURITY_APPARMOR_DEBUG bool "Build AppArmor with debug code" depends on SECURITY_APPARMOR default n help Build apparmor with debugging logic in apparmor. Not all debugging logic will necessarily be enabled. A submenu will provide fine grained control of the debug options that are available. config SECURITY_APPARMOR_DEBUG_ASSERTS bool "Build AppArmor with debugging asserts" depends on SECURITY_APPARMOR_DEBUG default y help Enable code assertions made with AA_BUG. These are primarily function entry preconditions but also exist at other key points. If the assert is triggered it will trigger a WARN message. config SECURITY_APPARMOR_DEBUG_MESSAGES bool "Debug messages enabled by default" depends on SECURITY_APPARMOR_DEBUG default n help Set the default value of the apparmor.debug kernel parameter. When enabled, various debug messages will be logged to the kernel message buffer.
security/apparmor/include/lib.h +13 −1 Original line number Diff line number Diff line Loading @@ -35,12 +35,24 @@ * which is not related to profile accesses. */ #define DEBUG_ON (aa_g_debug) #define dbg_printk(__fmt, __args...) pr_debug(__fmt, ##__args) #define AA_DEBUG(fmt, args...) \ do { \ if (aa_g_debug) \ if (DEBUG_ON) \ pr_debug_ratelimited("AppArmor: " fmt, ##args); \ } while (0) #define AA_WARN(X) WARN((X), "APPARMOR WARN %s: %s\n", __func__, #X) #define AA_BUG(X, args...) AA_BUG_FMT((X), "" args) #ifdef CONFIG_SECURITY_APPARMOR_DEBUG_ASSERTS #define AA_BUG_FMT(X, fmt, args...) \ WARN((X), "AppArmor WARN %s: (" #X "): " fmt, __func__, ##args) #else #define AA_BUG_FMT(X, fmt, args...) #endif #define AA_ERROR(fmt, args...) \ pr_err_ratelimited("AppArmor: " fmt, ##args) Loading
security/apparmor/lsm.c +1 −1 Original line number Diff line number Diff line Loading @@ -681,7 +681,7 @@ module_param_named(hash_policy, aa_g_hash_policy, aabool, S_IRUSR | S_IWUSR); #endif /* Debug mode */ bool aa_g_debug; bool aa_g_debug = IS_ENABLED(CONFIG_SECURITY_DEBUG_MESSAGES); module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR); /* Audit mode */ Loading
John Johansen <john.johansen@canonical.com>John Johansen <john.johansen@canonical.com>