jenna
/
kernel_samsung_sm7125
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

apparmor: add support for force complain flag to support learning mode

Browse Source 
Signed-off-by: John Johansen <john.johansen@canonical.com>
tirimbino
John Johansen 8 years ago
parent abbf873403
commit 5ebfb12822
1 changed files with 3 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      security/apparmor/policy_unpack.c

4
security/apparmor/policy_unpack.c
Unescape View File

@ -29,6 +29,8 @@
#include "include/policy.h"
#include "include/policy_unpack.h"
#define FORCE_COMPLAIN_FLAG 0x800
/*
* The AppArmor interface treats data as a type byte followed by the
* actual data. The interface has the notion of a a named entry
@ -514,7 +516,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
profile->flags |= PFLAG_HAT;
if (!unpack_u32(e, &tmp, NULL))
goto fail;
if (tmp == PACKED_MODE_COMPLAIN)
if (tmp == PACKED_MODE_COMPLAIN || (e->version & FORCE_COMPLAIN_FLAG))
profile->mode = APPARMOR_COMPLAIN;
else if (tmp == PACKED_MODE_KILL)
profile->mode = APPARMOR_KILL;

Write Preview
Loading…
Cancel
Save