apparmor: Add a wildcard secid

Reserve a secid value that we can use as a wildcard, allowing us to define policy that's expected to match against all secids. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
author: Matthew Garrett <mjg59@google.com> 2018-05-24 13:27:45 -0700
committer: John Johansen <john.johansen@canonical.com> 2018-10-03 06:18:17 -0700
commit: 617a629c08bfffb05249131079d9a38322902e5b (patch)
tree: d2db7e4567b47d10a6e9e981dc834645108d5216 /security/apparmor/include
parent: apparmor: don't try to replace stale label in ptrace access check (diff)
download: linux-dev-617a629c08bfffb05249131079d9a38322902e5b.tar.xz
linux-dev-617a629c08bfffb05249131079d9a38322902e5b.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/security/apparmor/include/secid.h b/security/apparmor/include/secid.h
index dee6fa3b6081..fa2062711b63 100644
--- a/security/apparmor/include/secid.h
+++ b/security/apparmor/include/secid.h
@@ -22,6 +22,9 @@ struct aa_label;
 /* secid value that will not be allocated */
 #define AA_SECID_INVALID 0
 
+/* secid value that matches any other secid */
+#define AA_SECID_WILDCARD 1
+
 struct aa_label *aa_secid_to_label(u32 secid);
 int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
 int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
author	Matthew Garrett <mjg59@google.com>	2018-05-24 13:27:45 -0700
committer	John Johansen <john.johansen@canonical.com>	2018-10-03 06:18:17 -0700
commit	617a629c08bfffb05249131079d9a38322902e5b (patch)
tree	d2db7e4567b47d10a6e9e981dc834645108d5216 /security/apparmor/include
parent	apparmor: don't try to replace stale label in ptrace access check (diff)
download	linux-dev-617a629c08bfffb05249131079d9a38322902e5b.tar.xz linux-dev-617a629c08bfffb05249131079d9a38322902e5b.zip