diff options
author | John Johansen <john.johansen@canonical.com> | 2017-06-10 02:11:17 +0200 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-06-11 02:11:47 +0200 |
commit | 40cde7fcc344bc77c1ec9d291dcc35ab12f078aa (patch) | |
tree | 8ec61b4f1ea71f6876a6c8c6193362b71546421b /security/apparmor/apparmorfs.c | |
parent | apparmor: move change_profile mediation to using labels (diff) | |
download | linux-40cde7fcc344bc77c1ec9d291dcc35ab12f078aa.tar.xz linux-40cde7fcc344bc77c1ec9d291dcc35ab12f078aa.zip |
apparmor: add domain label stacking info to apparmorfs
Now that the domain label transition is complete advertise it to
userspace.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/apparmorfs.c')
-rw-r--r-- | security/apparmor/apparmorfs.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index e460f2d8337d..6310bf1485b6 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -1138,6 +1138,40 @@ static const struct file_operations seq_ns_ ##NAME ##_fops = { \ .release = single_release, \ } \ +static int seq_ns_stacked_show(struct seq_file *seq, void *v) +{ + struct aa_label *label; + + label = begin_current_label_crit_section(); + seq_printf(seq, "%s\n", label->size > 1 ? "yes" : "no"); + end_current_label_crit_section(label); + + return 0; +} + +static int seq_ns_nsstacked_show(struct seq_file *seq, void *v) +{ + struct aa_label *label; + struct aa_profile *profile; + struct label_it it; + int count = 1; + + label = begin_current_label_crit_section(); + + if (label->size > 1) { + label_for_each(it, label, profile) + if (profile->ns != labels_ns(label)) { + count++; + break; + } + } + + seq_printf(seq, "%s\n", count > 1 ? "yes" : "no"); + end_current_label_crit_section(label); + + return 0; +} + static int seq_ns_level_show(struct seq_file *seq, void *v) { struct aa_label *label; @@ -1160,6 +1194,8 @@ static int seq_ns_name_show(struct seq_file *seq, void *v) return 0; } +SEQ_NS_FOPS(stacked); +SEQ_NS_FOPS(nsstacked); SEQ_NS_FOPS(level); SEQ_NS_FOPS(name); |