apparmor: add the ability to get a task's secid

Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 91284b5..7866161 100644 (file)
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -711,6 +711,13 @@ static void apparmor_bprm_committed_creds(struct linux_binprm *bprm)
        return;
 }
 
+static void apparmor_task_getsecid(struct task_struct *p, u32 *secid)
+{
+       struct aa_label *label = aa_get_task_label(p);
+       *secid = label->secid;
+       aa_put_label(label);
+}
+
 static int apparmor_task_setrlimit(struct task_struct *task,
                unsigned int resource, struct rlimit *new_rlim)
 {
@@ -1187,6 +1194,7 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
 
        LSM_HOOK_INIT(task_free, apparmor_task_free),
        LSM_HOOK_INIT(task_alloc, apparmor_task_alloc),
+       LSM_HOOK_INIT(task_getsecid, apparmor_task_getsecid),
        LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit),
        LSM_HOOK_INIT(task_kill, apparmor_task_kill),