From patchwork Fri Mar 31 12:05:06 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Johansen <john.johansen@canonical.com>
X-Patchwork-Id: 745614
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	by ozlabs.org (Postfix) with ESMTP id 3vvgFC00fKz9s03;
	Fri, 31 Mar 2017 23:05:51 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.76)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1ctvJM-0002zc-3e; Fri, 31 Mar 2017 12:05:48 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.76) (envelope-from <john.johansen@canonical.com>)
	id 1ctvJ8-0002sK-Jv
	for kernel-team@lists.ubuntu.com; Fri, 31 Mar 2017 12:05:34 +0000
Received: from static-50-53-32-2.bvtn.or.frontiernet.net ([50.53.32.2]
	helo=canonical.com) by youngberry.canonical.com with esmtpsa
	(TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.76) (envelope-from <john.johansen@canonical.com>)
	id 1ctvJ8-0003dc-1F
	for kernel-team@lists.ubuntu.com; Fri, 31 Mar 2017 12:05:34 +0000
From: John Johansen <john.johansen@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 3/5] UBUNTU: SAUCE: apparmor: add label data availability to
	the feature set
Date: Fri, 31 Mar 2017 05:05:06 -0700
Message-Id: <20170331120508.16255-4-john.johansen@canonical.com>
X-Mailer: git-send-email 2.9.3
In-Reply-To: <20170331120508.16255-1-john.johansen@canonical.com>
References: <20170331120508.16255-1-john.johansen@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: kernel-team-bounces@lists.ubuntu.com

gsettings mediation needs to be able to determine if apparmor supports
label data queries. A label data query can be done to test for support
but its failure is indistinguishable from other failures, making it an
unreliable indicator.

Fix by making support of label data queries available as a flag in the
apparmorfs features dir tree.

BugLink: http://bugs.launchpad.net/bugs/1678023
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/apparmorfs.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 7147b33..2ae58fd 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1568,6 +1568,7 @@ static struct aa_fs_entry aa_fs_entry_dbus[] = {
 
 static struct aa_fs_entry aa_fs_entry_query_label[] = {
 	AA_FS_FILE_STRING("perms", "allow deny audit quiet"),
+	AA_FS_FILE_BOOLEAN("data",		1),
 	{ }
 };