[apparmor] [patch 13/21] add label class to the policydb
john.johansen at canonical.com
john.johansen at canonical.com
Mon Mar 17 23:29:23 UTC 2014
The label class is used to lookup object permissions based off of label
alone when the labeling is not path dependent.
Some rules will not generate label entries, some will generate only
label entries and some will generate both label and path entries.
This is left to the particular rule encoding.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
parser/policydb.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- 2.9-test.orig/parser/policydb.h
+++ 2.9-test/parser/policydb.h
@@ -32,8 +32,9 @@
#define AA_CLASS_NS_DOMAIN 8
#define AA_CLASS_PTRACE 9
-#define AA_CLASS_ENV 16
+#define AA_CLASS_LABEL 16
+/* defined in libapparmor's apparmor.h #define AA_CLASS_DBUS 32 */
#define AA_CLASS_X 33
#endif /* __AA_POLICYDB_H */
More information about the AppArmor
mailing list