apparmor: allow profiles to provide info to disconnected paths

Signed-off-by: John Johansen <john.johansen@canonical.com>

2 files changed, 4 insertions, 1 deletions

diff --git a/security/apparmor/include/path.h b/security/apparmor/include/path.h
index 0444fdde3918..78e4909dcc6a 100644
--- a/security/apparmor/include/path.h
+++ b/security/apparmor/include/path.h
@@ -27,7 +27,8 @@ enum path_flags {
 };
 
 int aa_path_name(const struct path *path, int flags, char **buffer,
-		 const char **name, const char **info);
+		 const char **name, const char **info,
+		 const char *disconnected);
 
 #define MAX_PATH_BUFFERS 2
 
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index 67bc96afe541..dffa01c018c8 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -128,6 +128,7 @@ struct aa_data {
  * @mode: the enforcement mode of the profile
  * @flags: flags controlling profile behavior
  * @path_flags: flags controlling path generation behavior
+ * @disconnected: what to prepend if attach_disconnected is specified
  * @size: the memory consumed by this profiles rules
  * @policy: general match rules governing policy
  * @file: The set of rules governing basic file access and domain transitions
@@ -169,6 +170,7 @@ struct aa_profile {
 	long mode;
 	long flags;
 	u32 path_flags;
+	const char *disconnected;
 	int size;
 
 	struct aa_policydb policy;