From 64aa0a3ce8246414908ab89edf90a432fa4fae30 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Fri, 26 May 2017 18:49:04 -0700
Subject: [PATCH 23/65] apparmor: add label data availability to the feature
 set
Git-commit: a83bd86e833a5842ad033527ea9af589efa6dc84
Patch-mainline: v4.13-rc1
References: FATE#323500

gsettings mediation needs to be able to determine if apparmor supports
label data queries. A label data query can be done to test for support
but its failure is indistinguishable from other failures, making it an
unreliable indicator.

Fix by making support of label data queries available as a flag in the
apparmorfs features dir tree.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
---
 security/apparmor/apparmorfs.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 7f3049300ce3..a447c00a452c 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1849,6 +1849,15 @@ static struct aa_sfs_entry aa_sfs_entry_policy[] = {
 	{ }
 };
 
+static struct aa_sfs_entry aa_sfs_entry_query_label[] = {
+	AA_SFS_FILE_BOOLEAN("data",		1),
+	{ }
+};
+
+static struct aa_sfs_entry aa_sfs_entry_query[] = {
+	AA_SFS_DIR("label",			aa_sfs_entry_query_label),
+	{ }
+};
 static struct aa_sfs_entry aa_sfs_entry_features[] = {
 	AA_SFS_DIR("policy",			aa_sfs_entry_policy),
 	AA_SFS_DIR("domain",			aa_sfs_entry_domain),
@@ -1856,6 +1865,7 @@ static struct aa_sfs_entry aa_sfs_entry_features[] = {
 	AA_SFS_FILE_U64("capability",		VFS_CAP_FLAGS_MASK),
 	AA_SFS_DIR("rlimit",			aa_sfs_entry_rlimit),
 	AA_SFS_DIR("caps",			aa_sfs_entry_caps),
+	AA_SFS_DIR("query",			aa_sfs_entry_query),
 	{ }
 };
 
-- 
2.12.3