From: John Johansen <john.johansen@canonical.com>
Date: Mon, 4 Feb 2019 13:23:14 +0000 (-0800)
Subject: apparmor: add proc subdir to attrs
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=6413f852ce086c0f95817012c08d481ce24d8b1a;p=linux.git

apparmor: add proc subdir to attrs

This patch provides a /proc/<pid>/attr/apparmor/
subdirectory. Enabling userspace to use the apparmor attributes
without having to worry about collisions with selinux or smack on
interface files in /proc/<pid>/attr.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---

diff --git a/fs/proc/base.c b/fs/proc/base.c
index ebea9501afb84..7bc192465e397 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2645,6 +2645,15 @@ static const struct pid_entry smack_attr_dir_stuff[] = {
 LSM_DIR_OPS(smack);
 #endif
 
+#ifdef CONFIG_SECURITY_APPARMOR
+static const struct pid_entry apparmor_attr_dir_stuff[] = {
+	ATTR("apparmor", "current",	0666),
+	ATTR("apparmor", "prev",	0444),
+	ATTR("apparmor", "exec",	0666),
+};
+LSM_DIR_OPS(apparmor);
+#endif
+
 static const struct pid_entry attr_dir_stuff[] = {
 	ATTR(NULL, "current",		0666),
 	ATTR(NULL, "prev",		0444),
@@ -2656,6 +2665,10 @@ static const struct pid_entry attr_dir_stuff[] = {
 	DIR("smack",			0555,
 	    proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops),
 #endif
+#ifdef CONFIG_SECURITY_APPARMOR
+	DIR("apparmor",			0555,
+	    proc_apparmor_attr_dir_inode_ops, proc_apparmor_attr_dir_ops),
+#endif
 };
 
 static int proc_attr_dir_readdir(struct file *file, struct dir_context *ctx)