From e025be0f26d5597b0a2bdfa65145a0171e77b614 Mon Sep 17 00:00:00 2001 From: William Hua Date: Sun, 15 Jan 2017 16:49:28 -0800 Subject: apparmor: support querying extended trusted helper extra data Allow a profile to carry extra data that can be queried via userspace. This provides a means to store extra data in a profile that a trusted helper can extract and use from live policy. Signed-off-by: William Hua Signed-off-by: John Johansen --- security/apparmor/apparmorfs.c | 139 +++++++++++++++++++++++++++++++++++++ security/apparmor/include/policy.h | 16 +++++ security/apparmor/lsm.c | 1 + security/apparmor/policy.c | 23 ++++++ security/apparmor/policy_unpack.c | 66 ++++++++++++++++++ 5 files changed, 245 insertions(+) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 7613a28..6834000 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -213,6 +213,144 @@ static const struct file_operations aa_fs_profile_remove = { .llseek = default_llseek, }; +/** + * query_data - queries a policy and writes its data to buf + * @buf: the resulting data is stored here (NOT NULL) + * @buf_len: size of buf + * @query: query string used to retrieve data + * @query_len: size of query including second NUL byte + * + * The buffers pointed to by buf and query may overlap. The query buffer is + * parsed before buf is written to. + * + * The query should look like "