summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-09-11 20:29:53 +0200
committerJohn Johansen <john.johansen@canonical.com>2018-05-02 09:49:11 +0200
commita7ae3645f5cf3f0cb2420522b7b3ff2352bb1ee8 (patch)
treea513dc05ffe9ce6774a47af4c67fe32547625aae
parentapparmor: add support for mapping secids and using secctxes (diff)
downloadlinux-a7ae3645f5cf3f0cb2420522b7b3ff2352bb1ee8.tar.xz
linux-a7ae3645f5cf3f0cb2420522b7b3ff2352bb1ee8.zip
apparmor: add the ability to get a task's secid
Signed-off-by: John Johansen <john.johansen@canonical.com>
-rw-r--r--security/apparmor/lsm.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 91284b5d56a3..7866161f685b 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -711,6 +711,13 @@ static void apparmor_bprm_committed_creds(struct linux_binprm *bprm)
return;
}
+static void apparmor_task_getsecid(struct task_struct *p, u32 *secid)
+{
+ struct aa_label *label = aa_get_task_label(p);
+ *secid = label->secid;
+ aa_put_label(label);
+}
+
static int apparmor_task_setrlimit(struct task_struct *task,
unsigned int resource, struct rlimit *new_rlim)
{
@@ -1187,6 +1194,7 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(task_free, apparmor_task_free),
LSM_HOOK_INIT(task_alloc, apparmor_task_alloc),
+ LSM_HOOK_INIT(task_getsecid, apparmor_task_getsecid),
LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit),
LSM_HOOK_INIT(task_kill, apparmor_task_kill),