diff options
| author | Matthew Garrett <mjg59@google.com> | 2018-04-16 11:23:58 -0700 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2018-06-07 01:50:47 -0700 |
| commit | e79c26d04043b15de64f082d4da52e9fff7ca607 (patch) | |
| tree | cdca29dff22fd2e145e5fabf582d0e34cfd947d1 /security/apparmor/lsm.c | |
| parent | b896c54e8d7bbf6d5d48f9296b26c9d3f10ec795 (diff) | |
| download | linux-e79c26d04043b15de64f082d4da52e9fff7ca607.tar.bz2 | |
apparmor: Add support for audit rule filtering
This patch adds support to Apparmor for integrating with audit rule
filtering. Right now it only handles SUBJ_ROLE, interpreting it as a
single component of a label. This is sufficient to get Apparmor working
with IMA's appraisal rules without any modifications on the IMA side.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/lsm.c')
| -rw-r--r-- | security/apparmor/lsm.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 8299a5d13fee..10bf36aa477d 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1198,6 +1198,13 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit), LSM_HOOK_INIT(task_kill, apparmor_task_kill), +#ifdef CONFIG_AUDIT + LSM_HOOK_INIT(audit_rule_init, aa_audit_rule_init), + LSM_HOOK_INIT(audit_rule_known, aa_audit_rule_known), + LSM_HOOK_INIT(audit_rule_match, aa_audit_rule_match), + LSM_HOOK_INIT(audit_rule_free, aa_audit_rule_free), +#endif + LSM_HOOK_INIT(secid_to_secctx, apparmor_secid_to_secctx), LSM_HOOK_INIT(secctx_to_secid, apparmor_secctx_to_secid), LSM_HOOK_INIT(release_secctx, apparmor_release_secctx), |