diff options
| author | John Johansen <john.johansen@canonical.com> | 2017-08-01 02:36:45 +0200 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2018-05-02 09:48:55 +0200 |
| commit | c092921219d227b13cb80dbecd3545ee66ab89b3 (patch) | |
| tree | 9047e3ecae86ec35208de3a2f60ed31f3c7a3e1b /security/apparmor/lsm.c | |
| parent | Merge tag 'v4.17-rc3' into apparmor-next (diff) | |
| download | linux-c092921219d227b13cb80dbecd3545ee66ab89b3.tar.xz linux-c092921219d227b13cb80dbecd3545ee66ab89b3.zip | |
apparmor: add support for mapping secids and using secctxes
Use a radix tree to provide a map between the secid and the label,
and along with it a basic ability to provide secctx conversion.
Shared/cached secctx will be added later.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/lsm.c')
| -rw-r--r-- | security/apparmor/lsm.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index ce2b89e9ad94..91284b5d56a3 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -39,6 +39,7 @@ #include "include/policy_ns.h" #include "include/procattr.h" #include "include/mount.h" +#include "include/secid.h" /* Flag indicating whether initialization completed */ int apparmor_initialized; @@ -1188,6 +1189,10 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(task_alloc, apparmor_task_alloc), LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit), LSM_HOOK_INIT(task_kill, apparmor_task_kill), + + LSM_HOOK_INIT(secid_to_secctx, apparmor_secid_to_secctx), + LSM_HOOK_INIT(secctx_to_secid, apparmor_secctx_to_secid), + LSM_HOOK_INIT(release_secctx, apparmor_release_secctx), }; /* |