apparmor: advertise availability of exended perms

Userspace won't load policy using extended perms unless it knows the kernel can handle them. Advertise that extended perms are supported in the feature set. Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Jon Tourville <jontourville@me.com>
2024-11-10 14:11:52 +00:00 · 2023-03-16 16:04:17 -07:00 · 2023-03-16 16:04:17 -07:00 · 180cf25799
commit 180cf25799
parent 8de4a7de19
1 changed files with 3 additions and 0 deletions
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@ -2348,11 +2348,14 @@ static struct aa_sfs_entry aa_sfs_entry_versions[] = {
 	{ }
 };

+#define PERMS32STR "allow deny subtree cond kill complain prompt audit quiet hide xindex tag label"
 static struct aa_sfs_entry aa_sfs_entry_policy[] = {
 	AA_SFS_DIR("versions",			aa_sfs_entry_versions),
 	AA_SFS_FILE_BOOLEAN("set_load",		1),
 	/* number of out of band transitions supported */
 	AA_SFS_FILE_U64("outofband",		MAX_OOB_SUPPORTED),
+	AA_SFS_FILE_U64("permstable32_version",	1),
+	AA_SFS_FILE_STRING("permstable32", PERMS32STR),
 	{ }
 };