parser: add support for matching based on extended file attributes

Add userland support for matching based on extended file attributes. This leverages DFA based matching already in the kernel: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=8e51f908 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=73f488cd Matching is exposed via flags on the profile: /usr/bin/* xattrs=(user.foo=bar user.bar=**) { # ... } Profiles list the set of extended attributes that a file MUST have, and a regex to match the value of that extended attributes. Additional extended attributes on the file don't effect the match. Signed-off-by: Eric Chiang <ericchiang@google.com>
2025-08-31 06:16:03 +00:00 · 2018-12-06 10:54:46 -08:00
parent 6804731892
commit a42fd8c6f4
23 changed files with 246 additions and 8 deletions
--- a/parser/libapparmor_re/aare_rules.h
+++ b/parser/libapparmor_re/aare_rules.h
@@ -104,6 +104,7 @@ class aare_rules {
 		      uint32_t audit, dfaflags_t flags);
 	bool add_rule_vec(int deny, uint32_t perms, uint32_t audit, int count,
 			  const char **rulev, dfaflags_t flags);
+	bool append_rule(const char *rule, dfaflags_t flags);
 	void *create_dfa(size_t *size, int *min_match_len, dfaflags_t flags);
 };