diff --git a/WorkItems.md b/WorkItems.md index 535e4bf..d280f00 100644 --- a/WorkItems.md +++ b/WorkItems.md @@ -46,7 +46,13 @@ For a list of improvements and extensions to AppArmor see the [development roadm ### Dependencies -```mermaid + KernelWork[Base Kernel Changes] @@ -102,7 +108,11 @@ graph TB AuditCache --> AuditObject[Audit Record allocation] AuditObject --> AuditStack[AuditRecordOffStack] end -``` + + +--> + +![Dependency Graph for Prompting WorkItem](img/prompting-dependencies.svg "Prompting Dependencies") ### Work Items - [x] `JJ`: Rework Kernel locking to support prompting and realtime diff --git a/img/prompting-dependencies.svg b/img/prompting-dependencies.svg new file mode 100644 index 0000000..c0ed385 --- /dev/null +++ b/img/prompting-dependencies.svg @@ -0,0 +1,494 @@ +
Prompting Dependencies
Base Kernel Changes
Prompting
Profile Flags
Prompt Rule Prefix
Profile Flags in Kernel
Parser support for prompt flag
Rework file Perm check
Profile Flags in Userspace
Utils support for prompt flag
Rule Prefixes
Locking Rework
Buffer Rework
Internal Object Delegation
Type Cache
kernel interface
ioctl uapi
fd interface queues
task queues
Queue for prompt audit events
libapparmor API
filter generation
filter rule parsing
make re lib available to applications
Notification Policy
Kernel check notify policy
Parser support Notify policy
Utils support Notify policy
Library parse notification audit
Object Type
permission remap
Rework AppArmor Audit
Split Label Iterator
extended permissions
Kernel prefix support
Prefix Support in policy
Kernel Unpack extended perms
Permission Mapping in Backend Compiler
Prefix support in Parser
Prefix support in Utils
Reroute events from Audit to Prompt subsystem
Dedup audit records
Caching of Audit records
Audit Record allocation
AuditRecordOffStack
\ No newline at end of file