EVM: Include security.apparmor in EVM measurements

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Apparmor will be gaining support for security.apparmor labels, and it
would be helpful to include these in EVM validation now so appropriate
signatures can be generated even before full support is merged.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Acked-by: John Johansen <John.johansen@canonical.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

authored by

Matthew Garrett and committed by

Mimi Zohar 8 years ago 096b8546 bb02b186

2 changed files

expand all

include

uapi

linux

xattr.h

security

integrity

evm

evm_main.c

include/uapi/linux/xattr.h

··· 65 65 #define XATTR_NAME_SMACKTRANSMUTE XATTR_SECURITY_PREFIX XATTR_SMACK_TRANSMUTE 66 66 #define XATTR_NAME_SMACKMMAP XATTR_SECURITY_PREFIX XATTR_SMACK_MMAP 67 67 68 + #define XATTR_APPARMOR_SUFFIX "apparmor" 69 + #define XATTR_NAME_APPARMOR XATTR_SECURITY_PREFIX XATTR_APPARMOR_SUFFIX 70 + 68 71 #define XATTR_CAPS_SUFFIX "capability" 69 72 #define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX 70 73

security/integrity/evm/evm_main.c

··· 49 49 XATTR_NAME_SMACKMMAP, 50 50 #endif 51 51 #endif 52 + #ifdef CONFIG_SECURITY_APPARMOR 53 + XATTR_NAME_APPARMOR, 54 + #endif 52 55 #ifdef CONFIG_IMA_APPRAISE 53 56 XATTR_NAME_IMA, 54 57 #endif