| # Copyright 2018 syzkaller project authors. All rights reserved. |
| # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. |
| |
| resource fd_apparmor_current[fd] |
| |
| openat$apparmor_task_current(fd const[AT_FDCWD], file ptr[in, string["/proc/self/attr/current"]], flags const[O_RDWR], mode const[0]) fd_apparmor_current |
| openat$apparmor_thread_current(fd const[AT_FDCWD], file ptr[in, string["/proc/thread-self/attr/current"]], flags const[O_RDWR], mode const[0]) fd_apparmor_current |
| write$apparmor_current(fd fd_apparmor_current, data ptr[in, apparmor_current_attr], len len[data]) |
| |
| apparmor_current_attr [ |
| hat apparmor_current_hat |
| profile apparmor_current_profile |
| ] [varlen] |
| |
| apparmor_current_hat { |
| cmd stringnoz[apparmor_hat_cmds] |
| token fmt[hex, int64[0:4]] |
| delim const['^', int8] |
| # TODO: what are these hats? should we pass some strings from apparmor profile? |
| hats array[string] |
| } [packed] |
| |
| apparmor_hat_cmds = "changehat ", "permhat " |
| |
| apparmor_current_profile { |
| cmd stringnoz[apparmor_profile_cmds] |
| # TODO: what is this profile/fqname? |
| profile string |
| } [packed] |
| |
| apparmor_profile_cmds = "changeprofile ", "permprofile ", "stack " |
| |
| resource fd_apparmor_exec[fd] |
| |
| openat$apparmor_task_exec(fd const[AT_FDCWD], file ptr[in, string["/proc/self/attr/exec"]], flags const[O_RDWR], mode const[0]) fd_apparmor_exec |
| openat$apparmor_thread_exec(fd const[AT_FDCWD], file ptr[in, string["/proc/thread-self/attr/exec"]], flags const[O_RDWR], mode const[0]) fd_apparmor_exec |
| write$apparmor_exec(fd fd_apparmor_exec, data ptr[in, apparmor_exec_attr], len len[data]) |
| |
| apparmor_exec_attr { |
| cmd stringnoz[apparmor_exec_profile_cmds] |
| # TODO: what is this profile/fqname? |
| profile string |
| } [packed] |
| |
| apparmor_exec_profile_cmds = "exec ", "stack " |