AppArmor: add initial "features" directory to securityfs

This adds the "features" subdirectory to the AppArmor securityfs
to display boolean features flags and the known capability mask.

Signed-off-by: Kees Cook <kees@ubuntu.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>

1 files changed, 14 insertions, 0 deletions

diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
index 4fdf02f26a3a..16e654530f30 100644
--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -16,6 +16,8 @@
 #define __AA_APPARMORFS_H
 
 enum aa_fs_type {
+        AA_FS_TYPE_BOOLEAN,
+        AA_FS_TYPE_U64,
         AA_FS_TYPE_FOPS,
         AA_FS_TYPE_DIR,
 };
@@ -28,11 +30,23 @@ struct aa_fs_entry {
         umode_t mode;
         enum aa_fs_type v_type;
         union {
+                bool boolean;
+                unsigned long u64;
                 struct aa_fs_entry *files;
         } v;
         const struct file_operations *file_ops;
 };
 
+extern const struct file_operations aa_fs_seq_file_ops;
+
+#define AA_FS_FILE_BOOLEAN(_name, _value) \
+        { .name = (_name), .mode = 0444, \
+          .v_type = AA_FS_TYPE_BOOLEAN, .v.boolean = (_value), \
+          .file_ops = &aa_fs_seq_file_ops }
+#define AA_FS_FILE_U64(_name, _value) \
+        { .name = (_name), .mode = 0444, \
+          .v_type = AA_FS_TYPE_U64, .v.u64 = (_value), \
+          .file_ops = &aa_fs_seq_file_ops }
 #define AA_FS_FILE_FOPS(_name, _mode, _fops) \
         { .name = (_name), .v_type = AA_FS_TYPE_FOPS, \
           .mode = (_mode), .file_ops = (_fops) }