From 9119f771a261d22260bbf922f8f54ebf22cab653 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@google.com>
Date: Tue, 17 Apr 2018 15:56:01 -0700
Subject: [PATCH] Add security.apparmor to the set of extended attributes used
 by EVM

The kernel is taking security.apparmor into account when validating EVM,
so evmctl should be doing the same.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Mimi Zohar <zoahr@linux.vnet.ibm.com>

Changelog:
- Prevent compilation from failing due to XATTR_NAME_APPARMOR not being
included in the kernel-headers package.
---
 src/evmctl.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/evmctl.c b/src/evmctl.c
index 5abcd14..9ef2031 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -62,6 +62,11 @@
 #include <openssl/err.h>
 #include <openssl/rsa.h>
 
+#ifndef XATTR_APPAARMOR_SUFFIX
+#define XATTR_APPARMOR_SUFFIX "apparmor"
+#define XATTR_NAME_APPARMOR XATTR_SECURITY_PREFIX XATTR_APPARMOR_SUFFIX
+#endif
+
 #define USE_FPRINTF
 
 #include "imaevm.h"
@@ -69,6 +74,7 @@
 static char *evm_default_xattrs[] = {
 	XATTR_NAME_SELINUX,
 	XATTR_NAME_SMACK,
+	XATTR_NAME_APPARMOR,
 	XATTR_NAME_IMA,
 	XATTR_NAME_CAPS,
 	NULL
@@ -80,6 +86,7 @@ static char *evm_extra_smack_xattrs[] = {
 	XATTR_NAME_SMACKEXEC,
 	XATTR_NAME_SMACKTRANSMUTE,
 	XATTR_NAME_SMACKMMAP,
+	XATTR_NAME_APPARMOR,
 	XATTR_NAME_IMA,
 	XATTR_NAME_CAPS,
 	NULL