apparmor: add proc subdir to attrs

This patch provides a /proc/<pid>/attr/apparmor/
subdirectory. Enabling userspace to use the apparmor attributes
without having to worry about collisions with selinux or smack on
interface files in /proc/<pid>/attr.

Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/fs/proc/base.c b/fs/proc/base.c
index ebea950..7bc1924 100644 (file)
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2645,6 +2645,15 @@ static const struct pid_entry smack_attr_dir_stuff[] = {
 LSM_DIR_OPS(smack);
 #endif
 
+#ifdef CONFIG_SECURITY_APPARMOR
+static const struct pid_entry apparmor_attr_dir_stuff[] = {
+       ATTR("apparmor", "current",     0666),
+       ATTR("apparmor", "prev",        0444),
+       ATTR("apparmor", "exec",        0666),
+};
+LSM_DIR_OPS(apparmor);
+#endif
+
 static const struct pid_entry attr_dir_stuff[] = {
        ATTR(NULL, "current",           0666),
        ATTR(NULL, "prev",              0444),
@@ -2656,6 +2665,10 @@ static const struct pid_entry attr_dir_stuff[] = {
        DIR("smack",                    0555,
            proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops),
 #endif
+#ifdef CONFIG_SECURITY_APPARMOR
+       DIR("apparmor",                 0555,
+           proc_apparmor_attr_dir_inode_ops, proc_apparmor_attr_dir_ops),
+#endif
 };
 
 static int proc_attr_dir_readdir(struct file *file, struct dir_context *ctx)