diff options
author | Matthew Garrett <mjg59@google.com> | 2018-04-16 11:23:58 -0700 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2018-06-07 01:50:47 -0700 |
commit | e79c26d04043b15de64f082d4da52e9fff7ca607 (patch) | |
tree | cdca29dff22fd2e145e5fabf582d0e34cfd947d1 /security/apparmor/include | |
parent | b896c54e8d7bbf6d5d48f9296b26c9d3f10ec795 (diff) |
apparmor: Add support for audit rule filtering
This patch adds support to Apparmor for integrating with audit rule
filtering. Right now it only handles SUBJ_ROLE, interpreting it as a
single component of a label. This is sufficient to get Apparmor working
with IMA's appraisal rules without any modifications on the IMA side.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/include')
-rw-r--r-- | security/apparmor/include/audit.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index 9c9be9c98c15..b8c8b1066b0a 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -189,4 +189,10 @@ static inline int complain_error(int error) return error; } +void aa_audit_rule_free(void *vrule); +int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule); +int aa_audit_rule_known(struct audit_krule *rule); +int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, + struct audit_context *actx); + #endif /* __AA_AUDIT_H */ |