AppArmor: add initial "features" directory to securityfs

This adds the "features" subdirectory to the AppArmor securityfs
to display boolean features flags and the known capability mask.

Signed-off-by: Kees Cook <kees@ubuntu.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>

1 files changed, 14 insertions, 0 deletions

diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
index 4fdf02f26a3a..16e654530f30 100644
--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -16,6 +16,8 @@
 #define __AA_APPARMORFS_H
 
 enum aa_fs_type {
+	AA_FS_TYPE_BOOLEAN,
+	AA_FS_TYPE_U64,
 	AA_FS_TYPE_FOPS,
 	AA_FS_TYPE_DIR,
 };
@@ -28,11 +30,23 @@ struct aa_fs_entry {
 	umode_t mode;
 	enum aa_fs_type v_type;
 	union {
+		bool boolean;
+		unsigned long u64;
 		struct aa_fs_entry *files;
 	} v;
 	const struct file_operations *file_ops;
 };
 
+extern const struct file_operations aa_fs_seq_file_ops;
+
+#define AA_FS_FILE_BOOLEAN(_name, _value) \
+	{ .name = (_name), .mode = 0444, \
+	  .v_type = AA_FS_TYPE_BOOLEAN, .v.boolean = (_value), \
+	  .file_ops = &aa_fs_seq_file_ops }
+#define AA_FS_FILE_U64(_name, _value) \
+	{ .name = (_name), .mode = 0444, \
+	  .v_type = AA_FS_TYPE_U64, .v.u64 = (_value), \
+	  .file_ops = &aa_fs_seq_file_ops }
 #define AA_FS_FILE_FOPS(_name, _mode, _fops) \
 	{ .name = (_name), .v_type = AA_FS_TYPE_FOPS, \
 	  .mode = (_mode), .file_ops = (_fops) }