apparmor: allow ptrace checks to be finer grained than just capability Signed-off-by: John Johansen <john.johansen@canonical.com>

commit: 290f458a4f16f9cf6cb6562b249e69fe1c3c3a07 [log] [tgz]
author: John Johansen <john.johansen@canonical.com> Fri Jun 09 14:38:35 2017 -0700
committer: John Johansen <john.johansen@canonical.com> Sat Jun 10 17:11:42 2017 -0700
tree: 41b1a79cb019d8fbbb1b07c28e5d926656728ccd
parent: b2d09ae449cedc6f276ac485c013d22a97d36992 [diff] [blame]
diff --git a/security/apparmor/include/ipc.h b/security/apparmor/include/ipc.h
index fb3e751..656fdb8 100644
--- a/security/apparmor/include/ipc.h
+++ b/security/apparmor/include/ipc.h

@@ -21,6 +21,12 @@ struct aa_profile;
 
 #define AA_PTRACE_TRACE		MAY_WRITE
 #define AA_PTRACE_READ		MAY_READ
+#define AA_MAY_BE_TRACED	AA_MAY_APPEND
+#define AA_MAY_BE_READ		AA_MAY_CREATE
+#define PTRACE_PERM_SHIFT	2
+
+#define AA_PTRACE_PERM_MASK (AA_PTRACE_READ | AA_PTRACE_TRACE | \
+			     AA_MAY_BE_READ | AA_MAY_BE_TRACED)
 
 int aa_may_ptrace(struct aa_label *tracer, struct aa_label *tracee,
 		  u32 request);
commit	290f458a4f16f9cf6cb6562b249e69fe1c3c3a07	[log] [tgz]
author	John Johansen <john.johansen@canonical.com>	Fri Jun 09 14:38:35 2017 -0700
committer	John Johansen <john.johansen@canonical.com>	Sat Jun 10 17:11:42 2017 -0700
tree	41b1a79cb019d8fbbb1b07c28e5d926656728ccd
parent	b2d09ae449cedc6f276ac485c013d22a97d36992 [diff] [blame]