apparmor: add an optional profile attachment string for profiles

Add the ability to take in and report a human readable profile attachment
string for profiles so that attachment specifications can be easily
inspected.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>

1 files changed, 2 insertions, 0 deletions

diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index 5c72231d1c42..59b36372ae40 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -165,6 +165,7 @@ struct aa_replacedby {
  * @ns: namespace the profile is in
  * @replacedby: is set to the profile that replaced this profile
  * @rename: optional profile name that this profile renamed
+ * @attach: human readable attachment string
  * @xmatch: optional extended matching for unconfined executables names
  * @xmatch_len: xmatch prefix len, used to determine xmatch priority
  * @audit: the auditing mode of the profile
@@ -204,6 +205,7 @@ struct aa_profile {
         struct aa_replacedby *replacedby;
         const char *rename;
 
+        const char *attach;
         struct aa_dfa *xmatch;
         int xmatch_len;
         enum audit_mode audit;