docs: ABI: ABI documentation for procfs attribute files used by multiple LSMs

Provide basic ABI descriptions for the process attribute entries
that are shared between multiple Linux security modules.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Link: https://lore.kernel.org/r/30c36660-3694-0c0d-d472-8f3b3ca4098e@schaufler-ca.com
Signed-off-by: Jonathan Corbet <corbet@lwn.net>

diff --git a/Documentation/ABI/testing/procfs-attr-current b/Documentation/ABI/testing/procfs-attr-current
new file mode 100644 (file)
index 0000000..198b9fe
--- /dev/null
+++ b/Documentation/ABI/testing/procfs-attr-current
@@ -0,0 +1,20 @@
+What:          /proc/*/attr/current
+Contact:       linux-security-module@vger.kernel.org,
+               selinux@vger.kernel.org,
+               apparmor@lists.ubuntu.com
+Description:   The current security information used by a Linux
+               security module (LSM) that is active on the system.
+               The details of permissions required to read from
+               this interface and hence obtain the security state
+               of the task identified is LSM dependent.
+               A process cannot write to this interface unless it
+               refers to itself.
+               The other details of permissions required to write to
+               this interface and hence change the security state of
+               the task identified are LSM dependent.
+               The format of the data used by this interface is LSM
+               dependent.
+               SELinux, Smack and AppArmor provide this interface.
+Users:         SELinux user-space
+               Smack user-space
+               AppArmor user-space

diff --git a/Documentation/ABI/testing/procfs-attr-exec b/Documentation/ABI/testing/procfs-attr-exec
new file mode 100644 (file)
index 0000000..3459386
--- /dev/null
+++ b/Documentation/ABI/testing/procfs-attr-exec
@@ -0,0 +1,20 @@
+What:          /proc/*/attr/exec
+Contact:       linux-security-module@vger.kernel.org,
+               selinux@vger.kernel.org,
+               apparmor@lists.ubuntu.com
+Description:   The security information to be used on the process
+               by a Linux security module (LSM) active on the system
+               after a subsequent exec() call.
+               The details of permissions required to read from
+               this interface and hence obtain the security state
+               of the task identified is LSM dependent.
+               A process cannot write to this interface unless it
+               refers to itself.
+               The other details of permissions required to write to
+               this interface and hence change the security state of
+               the task identified are LSM dependent.
+               The format of the data used by this interface is LSM
+               dependent.
+               SELinux and AppArmor provide this interface.
+Users:         SELinux user-space
+               AppArmor user-space

diff --git a/Documentation/ABI/testing/procfs-attr-prev b/Documentation/ABI/testing/procfs-attr-prev
new file mode 100644 (file)
index 0000000..f990b35
--- /dev/null
+++ b/Documentation/ABI/testing/procfs-attr-prev
@@ -0,0 +1,19 @@
+What:          /proc/*/attr/prev
+Contact:       linux-security-module@vger.kernel.org,
+               selinux@vger.kernel.org,
+               apparmor@lists.ubuntu.com
+Description:   The security information used on the process by
+               a Linux security module (LSM) active on the system
+               prior to the most recent exec() call.
+               The details of permissions required to read from
+               this interface is LSM dependent.
+               A process cannot write to this interface unless it
+               refers to itself.
+               The other details of permissions required to write to
+               this interface are LSM dependent.
+               The format of the data used by this interface is LSM
+               dependent.
+               SELinux and AppArmor provide this interface.
+Users:         SELinux user-space
+               AppArmor user-space
+