diff options
author | John Johansen <john.johansen@canonical.com> | 2017-09-11 11:29:53 -0700 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2018-05-02 00:49:11 -0700 |
commit | a7ae3645f5cf3f0cb2420522b7b3ff2352bb1ee8 (patch) | |
tree | a513dc05ffe9ce6774a47af4c67fe32547625aae /security | |
parent | c092921219d227b13cb80dbecd3545ee66ab89b3 (diff) | |
download | op-kernel-dev-a7ae3645f5cf3f0cb2420522b7b3ff2352bb1ee8.zip op-kernel-dev-a7ae3645f5cf3f0cb2420522b7b3ff2352bb1ee8.tar.gz |
apparmor: add the ability to get a task's secid
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/lsm.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 91284b5..7866161 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -711,6 +711,13 @@ static void apparmor_bprm_committed_creds(struct linux_binprm *bprm) return; } +static void apparmor_task_getsecid(struct task_struct *p, u32 *secid) +{ + struct aa_label *label = aa_get_task_label(p); + *secid = label->secid; + aa_put_label(label); +} + static int apparmor_task_setrlimit(struct task_struct *task, unsigned int resource, struct rlimit *new_rlim) { @@ -1187,6 +1194,7 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(task_free, apparmor_task_free), LSM_HOOK_INIT(task_alloc, apparmor_task_alloc), + LSM_HOOK_INIT(task_getsecid, apparmor_task_getsecid), LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit), LSM_HOOK_INIT(task_kill, apparmor_task_kill), |