apparmor: Add support for audit rule filtering

This patch adds support to Apparmor for integrating with audit rule filtering. Right now it only handles SUBJ_ROLE, interpreting it as a single component of a label. This is sufficient to get Apparmor working with IMA's appraisal rules without any modifications on the IMA side. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
author: Matthew Garrett <mjg59@google.com> 2018-04-16 11:23:58 -0700
committer: John Johansen <john.johansen@canonical.com> 2018-06-07 01:50:47 -0700
commit: e79c26d04043b15de64f082d4da52e9fff7ca607 (patch)
tree: cdca29dff22fd2e145e5fabf582d0e34cfd947d1 /security/apparmor/include
parent: apparmor: update git and wiki locations in AppArmor docs (diff)
download: linux-dev-e79c26d04043b15de64f082d4da52e9fff7ca607.tar.xz
linux-dev-e79c26d04043b15de64f082d4da52e9fff7ca607.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
index 9c9be9c98c15..b8c8b1066b0a 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -189,4 +189,10 @@ static inline int complain_error(int error)
 	return error;
 }
 
+void aa_audit_rule_free(void *vrule);
+int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule);
+int aa_audit_rule_known(struct audit_krule *rule);
+int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
+			struct audit_context *actx);
+
 #endif /* __AA_AUDIT_H */
author	Matthew Garrett <mjg59@google.com>	2018-04-16 11:23:58 -0700
committer	John Johansen <john.johansen@canonical.com>	2018-06-07 01:50:47 -0700
commit	e79c26d04043b15de64f082d4da52e9fff7ca607 (patch)
tree	cdca29dff22fd2e145e5fabf582d0e34cfd947d1 /security/apparmor/include
parent	apparmor: update git and wiki locations in AppArmor docs (diff)
download	linux-dev-e79c26d04043b15de64f082d4da52e9fff7ca607.tar.xz linux-dev-e79c26d04043b15de64f082d4da52e9fff7ca607.zip