github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/security_apparmor.txt (about) 1 # Copyright 2018 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 resource fd_apparmor_current[fd] 5 6 openat$apparmor_task_current(fd const[AT_FDCWD], file ptr[in, string["/proc/self/attr/current"]], flags const[O_RDWR], mode const[0]) fd_apparmor_current 7 openat$apparmor_thread_current(fd const[AT_FDCWD], file ptr[in, string["/proc/thread-self/attr/current"]], flags const[O_RDWR], mode const[0]) fd_apparmor_current 8 write$apparmor_current(fd fd_apparmor_current, data ptr[in, apparmor_current_attr], len len[data]) 9 10 apparmor_current_attr [ 11 hat apparmor_current_hat 12 profile apparmor_current_profile 13 ] [varlen] 14 15 apparmor_current_hat { 16 cmd stringnoz[apparmor_hat_cmds] 17 token fmt[hex, int64[0:4]] 18 delim const['^', int8] 19 # TODO: what are these hats? should we pass some strings from apparmor profile? 20 hats array[string] 21 } [packed] 22 23 apparmor_hat_cmds = "changehat ", "permhat " 24 25 apparmor_current_profile { 26 cmd stringnoz[apparmor_profile_cmds] 27 # TODO: what is this profile/fqname? 28 profile string 29 } [packed] 30 31 apparmor_profile_cmds = "changeprofile ", "permprofile ", "stack " 32 33 resource fd_apparmor_exec[fd] 34 35 openat$apparmor_task_exec(fd const[AT_FDCWD], file ptr[in, string["/proc/self/attr/exec"]], flags const[O_RDWR], mode const[0]) fd_apparmor_exec 36 openat$apparmor_thread_exec(fd const[AT_FDCWD], file ptr[in, string["/proc/thread-self/attr/exec"]], flags const[O_RDWR], mode const[0]) fd_apparmor_exec 37 write$apparmor_exec(fd fd_apparmor_exec, data ptr[in, apparmor_exec_attr], len len[data]) 38 39 apparmor_exec_attr { 40 cmd stringnoz[apparmor_exec_profile_cmds] 41 # TODO: what is this profile/fqname? 42 profile string 43 } [packed] 44 45 apparmor_exec_profile_cmds = "exec ", "stack "