apparmor: add proc subdir to attrs

This patch provides a /proc/<pid>/attr/apparmor/ subdirectory. Enabling userspace to use the apparmor attributes without having to worry about collisions with selinux or smack on interface files in /proc/<pid>/attr. Signed-off-by: John Johansen <john.johansen@canonical.com>

apparmor: add proc subdir to attrs
This patch provides a /proc/<pid>/attr/apparmor/ subdirectory. Enabling userspace to use the apparmor attributes without having to worry about collisions with selinux or smack on interface files in /proc/<pid>/attr. Signed-off-by: John Johansen <john.johansen@canonical.com>
6413f852 · John Johansen · dae60293 · 6413f852
Commit 6413f852 authored Feb 04, 2019 by John Johansen
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 0 deletions

fs/proc/base.c fs/proc/base.c +13 -0

No files found.
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2645,6 +2645,15 @@ static const struct pid_entry smack_attr_dir_stuff[] = {
 LSM_DIR_OPS(smack);
 #endif

+#ifdef CONFIG_SECURITY_APPARMOR
+static const struct pid_entry apparmor_attr_dir_stuff[] = {
+	ATTR("apparmor", "current",	0666),
+	ATTR("apparmor", "prev",	0444),
+	ATTR("apparmor", "exec",	0666),
+};
+LSM_DIR_OPS(apparmor);
+#endif
+
 static const struct pid_entry attr_dir_stuff[] = {
 	ATTR(NULL, "current",		0666),
 	ATTR(NULL, "prev",		0444),
@@ -2656,6 +2665,10 @@ static const struct pid_entry attr_dir_stuff[] = {
 	DIR("smack",			0555,
 	    proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops),
 #endif
+#ifdef CONFIG_SECURITY_APPARMOR
+	DIR("apparmor",			0555,
+	    proc_apparmor_attr_dir_inode_ops, proc_apparmor_attr_dir_ops),
+#endif
 };

 static int proc_attr_dir_readdir(struct file *file, struct dir_context *ctx)