tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

apparmor: rename audit_data->label to audit_data->subj_label

rename audit_data's label field to subj_label to better reflect its
use. Also at the same time drop unneeded assignments to ->subj_label
as the later call to aa_check_perms will do the assignment if needed.

Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>

John Johansen d20f5a1a bd7bd201

+17 -18
+3 -3
security/apparmor/audit.c
··· 113 113 audit_log_format(ab, " error=%d", ad->error); 114 114 } 115 115 116 - if (ad->label) { 117 - struct aa_label *label = ad->label; 116 + if (ad->subj_label) { 117 + struct aa_label *label = ad->subj_label; 118 118 119 119 if (label_isprofile(label)) { 120 120 struct aa_profile *profile = labels_profile(label); ··· 187 187 if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED) 188 188 type = AUDIT_APPARMOR_KILL; 189 189 190 - ad->label = &profile->label; 190 + ad->subj_label = &profile->label; 191 191 192 192 aa_audit_msg(type, ad, cb); 193 193
+1 -1
security/apparmor/file.c
··· 67 67 68 68 if (ad->peer) { 69 69 audit_log_format(ab, " target="); 70 - aa_label_xaudit(ab, labels_ns(ad->label), ad->peer, 70 + aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, 71 71 FLAG_VIEW_SUBNS, GFP_KERNEL); 72 72 } else if (ad->fs.target) { 73 73 audit_log_format(ab, " target=");
+1 -1
security/apparmor/include/audit.h
··· 109 109 int type; 110 110 u16 class; 111 111 const char *op; 112 - struct aa_label *label; 112 + struct aa_label *subj_label; 113 113 const char *name; 114 114 const char *info; 115 115 u32 request;
+1 -1
security/apparmor/ipc.c
··· 71 71 audit_log_format(ab, " signal=rtmin+%d", 72 72 ad->signal - SIGRT_BASE); 73 73 audit_log_format(ab, " peer="); 74 - aa_label_xaudit(ab, labels_ns(ad->label), ad->peer, 74 + aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, 75 75 FLAGS_NONE, GFP_ATOMIC); 76 76 } 77 77
+2 -3
security/apparmor/lib.c
··· 297 297 PERMS_NAMES_MASK); 298 298 } 299 299 audit_log_format(ab, " peer="); 300 - aa_label_xaudit(ab, labels_ns(ad->label), ad->peer, 300 + aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, 301 301 FLAGS_NONE, GFP_ATOMIC); 302 302 } 303 303 ··· 357 357 typeof(*rules), list); 358 358 struct aa_perms perms; 359 359 360 - ad->label = &profile->label; 361 360 ad->peer = &target->label; 362 361 ad->request = request; 363 362 ··· 418 419 } 419 420 420 421 if (ad) { 421 - ad->label = &profile->label; 422 + ad->subj_label = &profile->label; 422 423 ad->request = request; 423 424 ad->denied = denied; 424 425 ad->error = error;
+2 -2
security/apparmor/lsm.c
··· 722 722 return error; 723 723 724 724 fail: 725 - ad.label = begin_current_label_crit_section(); 725 + ad.subj_label = begin_current_label_crit_section(); 726 726 ad.info = name; 727 727 ad.error = error = -EINVAL; 728 728 aa_audit_msg(AUDIT_APPARMOR_DENIED, &ad, NULL); 729 - end_current_label_crit_section(ad.label); 729 + end_current_label_crit_section(ad.subj_label); 730 730 goto out; 731 731 } 732 732
+1 -1
security/apparmor/net.c
··· 100 100 } 101 101 if (ad->peer) { 102 102 audit_log_format(ab, " peer="); 103 - aa_label_xaudit(ab, labels_ns(ad->label), ad->peer, 103 + aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, 104 104 FLAGS_NONE, GFP_ATOMIC); 105 105 } 106 106 }
+3 -3
security/apparmor/policy.c
··· 733 733 734 734 /** 735 735 * audit_policy - Do auditing of policy changes 736 - * @label: label to check if it can manage policy 736 + * @subj_label: label to check if it can manage policy 737 737 * @op: policy operation being performed 738 738 * @ns_name: name of namespace being manipulated 739 739 * @name: name of profile being manipulated (NOT NULL) ··· 742 742 * 743 743 * Returns: the error to be returned after audit is done 744 744 */ 745 - static int audit_policy(struct aa_label *label, const char *op, 745 + static int audit_policy(struct aa_label *subj_label, const char *op, 746 746 const char *ns_name, const char *name, 747 747 const char *info, int error) 748 748 { ··· 752 752 ad.name = name; 753 753 ad.info = info; 754 754 ad.error = error; 755 - ad.label = label; 755 + ad.subj_label = subj_label; 756 756 757 757 aa_audit_msg(AUDIT_APPARMOR_STATUS, &ad, audit_cb); 758 758
+1 -1
security/apparmor/resource.c
··· 36 36 rlim_names[ad->rlim.rlim], ad->rlim.max); 37 37 if (ad->peer) { 38 38 audit_log_format(ab, " peer="); 39 - aa_label_xaudit(ab, labels_ns(ad->label), ad->peer, 39 + aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, 40 40 FLAGS_NONE, GFP_ATOMIC); 41 41 } 42 42 }
+2 -2
security/apparmor/task.c
··· 217 217 } 218 218 } 219 219 audit_log_format(ab, " peer="); 220 - aa_label_xaudit(ab, labels_ns(ad->label), ad->peer, 220 + aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, 221 221 FLAGS_NONE, GFP_ATOMIC); 222 222 } 223 223 ··· 263 263 if (&tracer->label == tracee) 264 264 return 0; 265 265 266 - ad->label = &tracer->label; 266 + ad->subj_label = &tracer->label; 267 267 ad->peer = tracee; 268 268 ad->request = 0; 269 269 ad->error = aa_capable(&tracer->label, CAP_SYS_PTRACE,