apparmor: add the ability to report a sha1 hash of loaded policy

Provide userspace the ability to introspect a sha1 hash value for each profile currently loaded. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2013-08-14 11:27:36 -0700
committer: John Johansen <john.johansen@canonical.com> 2013-08-14 11:42:08 -0700
commit: f8eb8a1324e81927b2c64823b2fc38386efd3fef (patch)
tree: 78ef80523807aeb5b084b29f8b698601c71292b2 /security/apparmor/Kconfig
parent: apparmor: export set of capabilities supported by the apparmor module (diff)
download: linux-dev-f8eb8a1324e81927b2c64823b2fc38386efd3fef.tar.xz
linux-dev-f8eb8a1324e81927b2c64823b2fc38386efd3fef.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
index 9b9013b2e321..d49c53960b60 100644
--- a/security/apparmor/Kconfig
+++ b/security/apparmor/Kconfig
@@ -29,3 +29,15 @@ config SECURITY_APPARMOR_BOOTPARAM_VALUE
 	  boot.
 
 	  If you are unsure how to answer this question, answer 1.
+
+config SECURITY_APPARMOR_HASH
+	bool "SHA1 hash of loaded profiles"
+	depends on SECURITY_APPARMOR
+	depends on CRYPTO
+	select CRYPTO_SHA1
+	default y
+
+	help
+	  This option selects whether sha1 hashing is done against loaded
+          profiles and exported for inspection to user space via the apparmor
+          filesystem.
author	John Johansen <john.johansen@canonical.com>	2013-08-14 11:27:36 -0700
committer	John Johansen <john.johansen@canonical.com>	2013-08-14 11:42:08 -0700
commit	f8eb8a1324e81927b2c64823b2fc38386efd3fef (patch)
tree	78ef80523807aeb5b084b29f8b698601c71292b2 /security/apparmor/Kconfig
parent	apparmor: export set of capabilities supported by the apparmor module (diff)
download	linux-dev-f8eb8a1324e81927b2c64823b2fc38386efd3fef.tar.xz linux-dev-f8eb8a1324e81927b2c64823b2fc38386efd3fef.zip