apparmor: add a features/policy dir to interface

Add a policy directory to features to contain features that can affect
policy compilation but do not affect mediation. Eg of such features would
be types of dfa compression supported, etc.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 16c15ec..ad6c748 100644 (file)
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -198,7 +198,12 @@ static struct aa_fs_entry aa_fs_entry_domain[] = {
        { }
 };
 
+static struct aa_fs_entry aa_fs_entry_policy[] = {
+       {}
+};
+
 static struct aa_fs_entry aa_fs_entry_features[] = {
+       AA_FS_DIR("policy",                     aa_fs_entry_policy),
        AA_FS_DIR("domain",                     aa_fs_entry_domain),
        AA_FS_DIR("file",                       aa_fs_entry_file),
        AA_FS_FILE_U64("capability",            VFS_CAP_FLAGS_MASK),