mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-19 11:43:40 +00:00
apparmor: rename audit_data->label to audit_data->subj_label
rename audit_data's label field to subj_label to better reflect its use. Also at the same time drop unneeded assignments to ->subj_label as the later call to aa_check_perms will do the assignment if needed. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
parent
bd7bd201ca
commit
d20f5a1a6e
@ -113,8 +113,8 @@ static void audit_pre(struct audit_buffer *ab, void *va)
|
||||
audit_log_format(ab, " error=%d", ad->error);
|
||||
}
|
||||
|
||||
if (ad->label) {
|
||||
struct aa_label *label = ad->label;
|
||||
if (ad->subj_label) {
|
||||
struct aa_label *label = ad->subj_label;
|
||||
|
||||
if (label_isprofile(label)) {
|
||||
struct aa_profile *profile = labels_profile(label);
|
||||
@ -187,7 +187,7 @@ int aa_audit(int type, struct aa_profile *profile,
|
||||
if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
|
||||
type = AUDIT_APPARMOR_KILL;
|
||||
|
||||
ad->label = &profile->label;
|
||||
ad->subj_label = &profile->label;
|
||||
|
||||
aa_audit_msg(type, ad, cb);
|
||||
|
||||
|
@ -67,7 +67,7 @@ static void file_audit_cb(struct audit_buffer *ab, void *va)
|
||||
|
||||
if (ad->peer) {
|
||||
audit_log_format(ab, " target=");
|
||||
aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
|
||||
aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
|
||||
FLAG_VIEW_SUBNS, GFP_KERNEL);
|
||||
} else if (ad->fs.target) {
|
||||
audit_log_format(ab, " target=");
|
||||
|
@ -109,7 +109,7 @@ struct apparmor_audit_data {
|
||||
int type;
|
||||
u16 class;
|
||||
const char *op;
|
||||
struct aa_label *label;
|
||||
struct aa_label *subj_label;
|
||||
const char *name;
|
||||
const char *info;
|
||||
u32 request;
|
||||
|
@ -71,7 +71,7 @@ static void audit_signal_cb(struct audit_buffer *ab, void *va)
|
||||
audit_log_format(ab, " signal=rtmin+%d",
|
||||
ad->signal - SIGRT_BASE);
|
||||
audit_log_format(ab, " peer=");
|
||||
aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
|
||||
aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
|
||||
FLAGS_NONE, GFP_ATOMIC);
|
||||
}
|
||||
|
||||
|
@ -297,7 +297,7 @@ static void aa_audit_perms_cb(struct audit_buffer *ab, void *va)
|
||||
PERMS_NAMES_MASK);
|
||||
}
|
||||
audit_log_format(ab, " peer=");
|
||||
aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
|
||||
aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
|
||||
FLAGS_NONE, GFP_ATOMIC);
|
||||
}
|
||||
|
||||
@ -357,7 +357,6 @@ int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
|
||||
typeof(*rules), list);
|
||||
struct aa_perms perms;
|
||||
|
||||
ad->label = &profile->label;
|
||||
ad->peer = &target->label;
|
||||
ad->request = request;
|
||||
|
||||
@ -419,7 +418,7 @@ int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
|
||||
}
|
||||
|
||||
if (ad) {
|
||||
ad->label = &profile->label;
|
||||
ad->subj_label = &profile->label;
|
||||
ad->request = request;
|
||||
ad->denied = denied;
|
||||
ad->error = error;
|
||||
|
@ -722,11 +722,11 @@ out:
|
||||
return error;
|
||||
|
||||
fail:
|
||||
ad.label = begin_current_label_crit_section();
|
||||
ad.subj_label = begin_current_label_crit_section();
|
||||
ad.info = name;
|
||||
ad.error = error = -EINVAL;
|
||||
aa_audit_msg(AUDIT_APPARMOR_DENIED, &ad, NULL);
|
||||
end_current_label_crit_section(ad.label);
|
||||
end_current_label_crit_section(ad.subj_label);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -100,7 +100,7 @@ void audit_net_cb(struct audit_buffer *ab, void *va)
|
||||
}
|
||||
if (ad->peer) {
|
||||
audit_log_format(ab, " peer=");
|
||||
aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
|
||||
aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
|
||||
FLAGS_NONE, GFP_ATOMIC);
|
||||
}
|
||||
}
|
||||
|
@ -733,7 +733,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
|
||||
|
||||
/**
|
||||
* audit_policy - Do auditing of policy changes
|
||||
* @label: label to check if it can manage policy
|
||||
* @subj_label: label to check if it can manage policy
|
||||
* @op: policy operation being performed
|
||||
* @ns_name: name of namespace being manipulated
|
||||
* @name: name of profile being manipulated (NOT NULL)
|
||||
@ -742,7 +742,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
|
||||
*
|
||||
* Returns: the error to be returned after audit is done
|
||||
*/
|
||||
static int audit_policy(struct aa_label *label, const char *op,
|
||||
static int audit_policy(struct aa_label *subj_label, const char *op,
|
||||
const char *ns_name, const char *name,
|
||||
const char *info, int error)
|
||||
{
|
||||
@ -752,7 +752,7 @@ static int audit_policy(struct aa_label *label, const char *op,
|
||||
ad.name = name;
|
||||
ad.info = info;
|
||||
ad.error = error;
|
||||
ad.label = label;
|
||||
ad.subj_label = subj_label;
|
||||
|
||||
aa_audit_msg(AUDIT_APPARMOR_STATUS, &ad, audit_cb);
|
||||
|
||||
|
@ -36,7 +36,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
|
||||
rlim_names[ad->rlim.rlim], ad->rlim.max);
|
||||
if (ad->peer) {
|
||||
audit_log_format(ab, " peer=");
|
||||
aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
|
||||
aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
|
||||
FLAGS_NONE, GFP_ATOMIC);
|
||||
}
|
||||
}
|
||||
|
@ -217,7 +217,7 @@ static void audit_ptrace_cb(struct audit_buffer *ab, void *va)
|
||||
}
|
||||
}
|
||||
audit_log_format(ab, " peer=");
|
||||
aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
|
||||
aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
|
||||
FLAGS_NONE, GFP_ATOMIC);
|
||||
}
|
||||
|
||||
@ -263,7 +263,7 @@ static int profile_tracer_perm(struct aa_profile *tracer,
|
||||
if (&tracer->label == tracee)
|
||||
return 0;
|
||||
|
||||
ad->label = &tracer->label;
|
||||
ad->subj_label = &tracer->label;
|
||||
ad->peer = tracee;
|
||||
ad->request = 0;
|
||||
ad->error = aa_capable(&tracer->label, CAP_SYS_PTRACE,
|
||||
|
Loading…
x
Reference in New Issue
Block a user