/** * aa_create_aafs - create the apparmor security filesystem * * dentries created here are released by aa_destroy_aafs * * Returns: error on failure */ static int __init aa_create_aafs(void) { int error; if (!apparmor_initialized) return 0; if (aa_fs_dentry) { AA_ERROR("%s: AppArmor securityfs already exists\n", __func__); return -EEXIST; } aa_fs_dentry = securityfs_create_dir("apparmor", NULL); if (IS_ERR(aa_fs_dentry)) { error = PTR_ERR(aa_fs_dentry); aa_fs_dentry = NULL; goto error; } #ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24 error = aafs_create("matching", 0444, &aa_fs_matching_fops); if (error) goto error; error = aafs_create("features", 0444, &aa_fs_features_fops); if (error) goto error; #endif error = aafs_create("profiles", 0440, &aa_fs_profiles_fops); if (error) goto error; error = aafs_create(".load", 0640, &aa_fs_profile_load); if (error) goto error; error = aafs_create(".replace", 0640, &aa_fs_profile_replace); if (error) goto error; error = aafs_create(".remove", 0640, &aa_fs_profile_remove); if (error) goto error; /* TODO: add support for apparmorfs_null and apparmorfs_mnt */ /* Report that AppArmor fs is enabled */ aa_info_message("AppArmor Filesystem Enabled"); return 0; error: aa_destroy_aafs(); AA_ERROR("Error creating AppArmor securityfs\n"); return error; }
static int __init init_profile_hash(void) { struct crypto_shash *tfm; if (!apparmor_initialized) return 0; tfm = crypto_alloc_shash("sha1", 0, 0); if (IS_ERR(tfm)) { int error = PTR_ERR(tfm); AA_ERROR("failed to setup profile sha1 hashing: %d\n", error); return error; } apparmor_tfm = tfm; apparmor_hash_size = crypto_shash_digestsize(apparmor_tfm); aa_info_message("AppArmor sha1 policy hashing enabled"); return 0; }