Hi,
I'm looking for some help with modifying AppArmor's kernel code. Kindly let me
know whether this is the right forum for such discussions (as I didn't think it
would be appropriate to ask for help via the 'Issues' tab on GitLab).
Onto my problem. Basically, I'm trying to add a custom field to 'struct
aa_profile' found in <linux_kernel_path>/security/apparmor/include/policy.h and
set this field to a value of my choice. To accomplish this, I have added a
single line of code to the 'unpack_profile( )' function found in
<linux_kernel_path>/security/apparmor/policy_unpack.c. However, a kernel that
has been compiled with this single extra line of code fails to boot. The boot
process halts at 'A start job is running for AppArmor initialization'.
For greater clarity, here is the structure after adding my custom field,
struct aa_profile {
struct aa_policy base;
struct aa_profile __rcu *parent;
struct aa_ns *ns;
const char *rename;
const char *attach;
struct aa_dfa *xmatch;
int xmatch_len;
enum audit_mode audit;
long mode;
u32 path_flags;
const char *disconnected;
int size;
struct aa_policydb policy;
struct aa_file_rules file;
struct aa_caps caps;
int xattr_count;
char **xattrs;
struct aa_rlimit rlimits;
struct aa_loaddata *rawdata;
unsigned char *hash;
char *dirname;
struct dentry *dents[AAFS_PROF_SIZEOF];
struct rhashtable *data;
struct aa_label label;
/*
* Custom field:
*/
int custom_field;
};
and here is the line of code to set this field (added at the end of
'unpack_profile( )'),
profile -> custom_field = 10;
I'm not sure if I'm doing something fundamentally wrong with trying to modify
the structure. I do understand that AppArmor verifies each policy's
cryptographic hash, and suspect that a hash mismatch renders the kernel
un-bootable. However, if the code that generates the hash and the code that
calculates and verifies the hash at kernel boot are oblivious of the custom
field, why would a mismatch occur?
I'd be grateful if you could kindly provide me with some insight into the root
cause of this problem as well as how to resolve it. Do let me know if I can
provide any additional information to help clarify the problem.
Thank you,
Abhishek.
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
