apparmor: add label data availability to the feature set

gsettings mediation needs to be able to determine if apparmor supports label data queries. A label data query can be done to test for support but its failure is indistinguishable from other failures, making it an unreliable indicator. Fix by making support of label data queries available as a flag in the apparmorfs features dir tree. Signed-off-by: John Johansen <john.johansen@canonical.com>
mariux64 · Jun 11, 2017 · a83bd86 · a83bd86
1 parent 4ae47f3
commit a83bd86
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
@@ -1849,13 +1849,23 @@ static struct aa_sfs_entry aa_sfs_entry_policy[] = {
 	{ }
 };
 
+static struct aa_sfs_entry aa_sfs_entry_query_label[] = {
+	AA_SFS_FILE_BOOLEAN("data",		1),
+	{ }
+};
+
+static struct aa_sfs_entry aa_sfs_entry_query[] = {
+	AA_SFS_DIR("label",			aa_sfs_entry_query_label),
+	{ }
+};
 static struct aa_sfs_entry aa_sfs_entry_features[] = {
 	AA_SFS_DIR("policy",			aa_sfs_entry_policy),
 	AA_SFS_DIR("domain",			aa_sfs_entry_domain),
 	AA_SFS_DIR("file",			aa_sfs_entry_file),
 	AA_SFS_FILE_U64("capability",		VFS_CAP_FLAGS_MASK),
 	AA_SFS_DIR("rlimit",			aa_sfs_entry_rlimit),
 	AA_SFS_DIR("caps",			aa_sfs_entry_caps),
+	AA_SFS_DIR("query",			aa_sfs_entry_query),
 	{ }
 };