diff options
| author | Andrey Konovalov <andreyknvl@google.com> | 2020-06-11 00:04:10 +0200 |
|---|---|---|
| committer | Andrey Konovalov <andreyknvl@gmail.com> | 2020-06-12 18:42:12 +0200 |
| commit | a47f57a9517c1928ae3324eeb13388ab3bfd2e18 (patch) | |
| tree | fbc6a461c9bf28be5822193e127b6413991263e0 /sys/linux/security_apparmor.txt | |
| parent | 5644d14ff13c7728bd4d83b3b38cd64a4ee632ea (diff) | |
sys/linux: rename apparmor.txt to security_apparmor.txt
Diffstat (limited to 'sys/linux/security_apparmor.txt')
| -rw-r--r-- | sys/linux/security_apparmor.txt | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/sys/linux/security_apparmor.txt b/sys/linux/security_apparmor.txt new file mode 100644 index 000000000..c7bb1c7a5 --- /dev/null +++ b/sys/linux/security_apparmor.txt @@ -0,0 +1,45 @@ +# Copyright 2018 syzkaller project authors. All rights reserved. +# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +resource fd_apparmor_current[fd] + +openat$apparmor_task_current(fd const[AT_FDCWD], file ptr[in, string["/proc/self/attr/current"]], flags const[O_RDWR], mode const[0]) fd_apparmor_current +openat$apparmor_thread_current(fd const[AT_FDCWD], file ptr[in, string["/proc/thread-self/attr/current"]], flags const[O_RDWR], mode const[0]) fd_apparmor_current +write$apparmor_current(fd fd_apparmor_current, data ptr[in, apparmor_current_attr], len len[data]) + +apparmor_current_attr [ + hat apparmor_current_hat + profile apparmor_current_profile +] [varlen] + +apparmor_current_hat { + cmd stringnoz[apparmor_hat_cmds] + token fmt[hex, int64[0:4]] + delim const['^', int8] +# TODO: what are these hats? should we pass some strings from apparmor profile? + hats array[string] +} [packed] + +apparmor_hat_cmds = "changehat ", "permhat " + +apparmor_current_profile { + cmd stringnoz[apparmor_profile_cmds] +# TODO: what is this profile/fqname? + profile string +} [packed] + +apparmor_profile_cmds = "changeprofile ", "permprofile ", "stack " + +resource fd_apparmor_exec[fd] + +openat$apparmor_task_exec(fd const[AT_FDCWD], file ptr[in, string["/proc/self/attr/exec"]], flags const[O_RDWR], mode const[0]) fd_apparmor_exec +openat$apparmor_thread_exec(fd const[AT_FDCWD], file ptr[in, string["/proc/thread-self/attr/exec"]], flags const[O_RDWR], mode const[0]) fd_apparmor_exec +write$apparmor_exec(fd fd_apparmor_exec, data ptr[in, apparmor_exec_attr], len len[data]) + +apparmor_exec_attr { + cmd stringnoz[apparmor_exec_profile_cmds] +# TODO: what is this profile/fqname? + profile string +} [packed] + +apparmor_exec_profile_cmds = "exec ", "stack " |