Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6c5fc8f1 authored by John Johansen's avatar John Johansen
Browse files

apparmor: add stacked domain labels interface 



Update the user interface to support the stacked change_profile transition.

Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent 40cde7fc

security/apparmor/apparmorfs.c

+3 −0
Original line number Original line Diff line number Diff line
@@ -2132,6 +2132,7 @@ static struct aa_sfs_entry aa_sfs_entry_domain[] = { 
	AA_SFS_FILE_BOOLEAN("change_hatv",	1),

	AA_SFS_FILE_BOOLEAN("change_hatv",	1),

	AA_SFS_FILE_BOOLEAN("change_onexec",	1),

	AA_SFS_FILE_BOOLEAN("change_onexec",	1),

	AA_SFS_FILE_BOOLEAN("change_profile",	1),

	AA_SFS_FILE_BOOLEAN("change_profile",	1),

	AA_SFS_FILE_BOOLEAN("stack",		1),

	AA_SFS_FILE_BOOLEAN("fix_binfmt_elf_mmap",	1),

	AA_SFS_FILE_BOOLEAN("fix_binfmt_elf_mmap",	1),

	AA_SFS_FILE_STRING("version", "1.2"),

	AA_SFS_FILE_STRING("version", "1.2"),

	{ }

	{ }
@@ -2175,6 +2176,8 @@ static struct aa_sfs_entry aa_sfs_entry_features[] = { 




static struct aa_sfs_entry aa_sfs_entry_apparmor[] = {

static struct aa_sfs_entry aa_sfs_entry_apparmor[] = {

	AA_SFS_FILE_FOPS(".access", 0640, &aa_sfs_access),

	AA_SFS_FILE_FOPS(".access", 0640, &aa_sfs_access),

	AA_SFS_FILE_FOPS(".stacked", 0444, &seq_ns_stacked_fops),

	AA_SFS_FILE_FOPS(".ns_stacked", 0444, &seq_ns_nsstacked_fops),

	AA_SFS_FILE_FOPS(".ns_level", 0666, &seq_ns_level_fops),

	AA_SFS_FILE_FOPS(".ns_level", 0666, &seq_ns_level_fops),

	AA_SFS_FILE_FOPS(".ns_name", 0640, &seq_ns_name_fops),

	AA_SFS_FILE_FOPS(".ns_name", 0640, &seq_ns_name_fops),

	AA_SFS_FILE_FOPS("profiles", 0440, &aa_sfs_profiles_fops),

	AA_SFS_FILE_FOPS("profiles", 0440, &aa_sfs_profiles_fops),

security/apparmor/lsm.c

+5 −0
Original line number Original line Diff line number Diff line
@@ -580,11 +580,16 @@ static int apparmor_setprocattr(const char *name, void *value, 
			error = aa_change_profile(args, AA_CHANGE_NOFLAGS);

			error = aa_change_profile(args, AA_CHANGE_NOFLAGS);

		} else if (strcmp(command, "permprofile") == 0) {

		} else if (strcmp(command, "permprofile") == 0) {

			error = aa_change_profile(args, AA_CHANGE_TEST);

			error = aa_change_profile(args, AA_CHANGE_TEST);

		} else if (strcmp(command, "stack") == 0) {

			error = aa_change_profile(args, AA_CHANGE_STACK);

		} else

		} else

			goto fail;

			goto fail;

	} else if (strcmp(name, "exec") == 0) {

	} else if (strcmp(name, "exec") == 0) {

		if (strcmp(command, "exec") == 0)

		if (strcmp(command, "exec") == 0)

			error = aa_change_profile(args, AA_CHANGE_ONEXEC);

			error = aa_change_profile(args, AA_CHANGE_ONEXEC);

		else if (strcmp(command, "stack") == 0)

			error = aa_change_profile(args, (AA_CHANGE_ONEXEC |

							 AA_CHANGE_STACK));

		else

		else

			goto fail;

			goto fail;

	} else

	} else