[apparmor] Help with extending struct aa_profile

Abhishek Vijeev abhishekvijeev at iisc.ac.in
Thu Jun 6 08:21:00 UTC 2019 

Hi,

I'm looking for some help with modifying AppArmor's kernel code. Kindly let me know whether this is the right forum for such discussions (as I didn't think it would be appropriate to ask for help via the 'Issues' tab on GitLab).

Onto my problem. Basically, I'm trying to add a custom field to 'struct aa_profile' found in <linux_kernel_path>/security/apparmor/include/policy.h and set this field to  a value of my choice. To accomplish this, I have added a single line of code to the 'unpack_profile( )' function found in <linux_kernel_path>/security/apparmor/policy_unpack.c.  However, a kernel that has been compiled with this single extra line of code fails to boot. The boot process halts at 'A start job is running for AppArmor initialization'.

For greater clarity, here is the structure after adding my custom field,

struct aa_profile {
struct aa_policy base;
struct aa_profile __rcu *parent;

struct aa_ns *ns;
const char *rename;

const char *attach;
struct aa_dfa *xmatch;
int xmatch_len;
enum audit_mode audit;
long mode;
u32 path_flags;
const char *disconnected;
int size;

struct aa_policydb policy;
struct aa_file_rules file;
struct aa_caps caps;

int xattr_count;
char **xattrs;

struct aa_rlimit rlimits;

struct aa_loaddata *rawdata;
unsigned char *hash;
char *dirname;
struct dentry *dents[AAFS_PROF_SIZEOF];
struct rhashtable *data;
struct aa_label label;
/*
* Custom field:
*/
int custom_field;
};

and here is the line of code to set this field (added at the end of 'unpack_profile( )'),

          profile -> custom_field = 10;

I'm not sure if I'm doing something fundamentally wrong with trying to modify the structure. I do understand that AppArmor verifies each policy's cryptographic hash, and suspect that a hash mismatch renders the kernel un-bootable. However, if the code that generates the hash and the code that calculates and verifies the hash at kernel boot are oblivious of the custom field, why would a mismatch occur?

I'd be grateful if you could kindly provide me with some insight into the root cause of this problem as well as how to resolve it. Do let me know if I can provide any additional information to help clarify the problem.

Thank you,
Abhishek.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20190606/b005e8b0/attachment.html>

More information about the AppArmor mailing list