apparmor: add domain label stacking info to apparmorfs (40cde7fc) · Commits · e / devices / android_kernel_oneplus_sm7250

security/apparmor/apparmorfs.c

+36 −0

Original line number	Diff line number	Diff line
		@@ -1138,6 +1138,40 @@ static const struct file_operations seq_ns_ ##NAME ##_fops = { \
		.release = single_release, \
		} \

		static int seq_ns_stacked_show(struct seq_file seq, void v)
		{
		struct aa_label *label;

		label = begin_current_label_crit_section();
		seq_printf(seq, "%s\n", label->size > 1 ? "yes" : "no");
		end_current_label_crit_section(label);

		return 0;
		}

		static int seq_ns_nsstacked_show(struct seq_file seq, void v)
		{
		struct aa_label *label;
		struct aa_profile *profile;
		struct label_it it;
		int count = 1;

		label = begin_current_label_crit_section();

		if (label->size > 1) {
		label_for_each(it, label, profile)
		if (profile->ns != labels_ns(label)) {
		count++;
		break;
		}
		}

		seq_printf(seq, "%s\n", count > 1 ? "yes" : "no");
		end_current_label_crit_section(label);

		return 0;
		}

		static int seq_ns_level_show(struct seq_file seq, void v)
		{
		struct aa_label *label;
		@@ -1160,6 +1194,8 @@ static int seq_ns_name_show(struct seq_file seq, void v)
		return 0;
		}

		SEQ_NS_FOPS(stacked);
		SEQ_NS_FOPS(nsstacked);
		SEQ_NS_FOPS(level);
		SEQ_NS_FOPS(name);

+2 −0

Original line number	Diff line number	Diff line
		@@ -92,6 +92,8 @@ enum audit_type {
		#define OP_CHANGE_HAT "change_hat"
		#define OP_CHANGE_PROFILE "change_profile"
		#define OP_CHANGE_ONEXEC "change_onexec"
		#define OP_STACK "stack"
		#define OP_STACK_ONEXEC "stack_onexec"

		#define OP_SETPROCATTR "setprocattr"
		#define OP_SETRLIMIT "setrlimit"

+1 −0

Original line number	Diff line number	Diff line
		@@ -27,6 +27,7 @@ struct aa_domain {
		#define AA_CHANGE_TEST 1
		#define AA_CHANGE_CHILD 2
		#define AA_CHANGE_ONEXEC 4
		#define AA_CHANGE_STACK 8

		int apparmor_bprm_set_creds(struct linux_binprm *bprm);
		int apparmor_bprm_secureexec(struct linux_binprm *bprm);