[apparmor] [patch 14/26] add label class to the policydb

john.johansen at canonical.com john.johansen at canonical.com
Thu Mar 27 15:45:27 UTC 2014

The label class is used to lookup object permissions based off of label
alone when the labeling is not path dependent.

Some rules will not generate label entries, some will generate only
label entries and some will generate both label and path entries.
This is left to the particular rule encoding.

Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Steve Beattie <steve at nxnw.org>

 parser/policydb.h |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- 2.9-test.orig/parser/policydb.h
+++ 2.9-test/parser/policydb.h
@@ -32,8 +32,9 @@
 #define AA_CLASS_PTRACE		9
-#define AA_CLASS_ENV		16
+#define AA_CLASS_LABEL		16
+/* defined in libapparmor's apparmor.h #define AA_CLASS_DBUS 32 */
 #define AA_CLASS_X		33
 #endif /* __AA_POLICYDB_H */

More information about the AppArmor mailing list