1 files changed, 29 insertions, 2 deletions

diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
index be5e9414a295..b6b68a7750ce 100644
--- a/security/apparmor/Kconfig
+++ b/security/apparmor/Kconfig
@@ -36,7 +36,6 @@ config SECURITY_APPARMOR_HASH
 	select CRYPTO
 	select CRYPTO_SHA1
 	default y
-
 	help
 	  This option selects whether introspection of loaded policy
 	  is available to userspace via the apparmor filesystem.
@@ -45,7 +44,6 @@ config SECURITY_APPARMOR_HASH_DEFAULT
        bool "Enable policy hash introspection by default"
        depends on SECURITY_APPARMOR_HASH
        default y
-
        help
          This option selects whether sha1 hashing of loaded policy
 	 is enabled by default. The generation of sha1 hashes for
@@ -54,3 +52,32 @@ config SECURITY_APPARMOR_HASH_DEFAULT
 	 however it can slow down policy load on some devices. In
 	 these cases policy hashing can be disabled by default and
 	 enabled only if needed.
+
+config SECURITY_APPARMOR_DEBUG
+	bool "Build AppArmor with debug code"
+	depends on SECURITY_APPARMOR
+	default n
+	help
+	  Build apparmor with debugging logic in apparmor. Not all
+	  debugging logic will necessarily be enabled. A submenu will
+	  provide fine grained control of the debug options that are
+	  available.
+
+config SECURITY_APPARMOR_DEBUG_ASSERTS
+	bool "Build AppArmor with debugging asserts"
+	depends on SECURITY_APPARMOR_DEBUG
+	default y
+	help
+	  Enable code assertions made with AA_BUG. These are primarily
+	  function entry preconditions but also exist at other key
+	  points. If the assert is triggered it will trigger a WARN
+	  message.
+
+config SECURITY_APPARMOR_DEBUG_MESSAGES
+	bool "Debug messages enabled by default"
+	depends on SECURITY_APPARMOR_DEBUG
+	default n
+	help
+	  Set the default value of the apparmor.debug kernel parameter.
+	  When enabled, various debug messages will be logged to
+	  the kernel message buffer.