tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

apparmor: fix documentation mismatches in val_mask_to_str and socket functions

This patch fixes kernel-doc warnings:
1. val_mask_to_str:
- Added missing descriptions for `size` and `table` parameters.
- Removed outdated str_size and chrs references.
2. Socket Functions:
- Makes non-null requirements clear for socket/address args.
- Standardizes return values per kernel conventions.
- Adds Unix domain socket protocol details.

These changes silence doc validation warnings and improve accuracy for
AppArmor LSM docs.

Signed-off-by: Peng Jiang <jiang.peng9@zte.com.cn>
Signed-off-by: John Johansen <john.johansen@canonical.com>

authored by

Peng Jiang and committed by
John Johansen f9c9dce0 4ce7d3cf

+23 -3
+1 -1
security/apparmor/lib.c
··· 85 85 * val_mask_to_str - convert a perm mask to its short string 86 86 * @str: character buffer to store string in (at least 10 characters) 87 87 * @size: size of the @str buffer 88 - * @table: NUL-terminated character buffer of permission characters 88 + * @table: NUL-terminated character buffer of permission characters (NOT NULL) 89 89 * @mask: permission mask to convert 90 90 */ 91 91 static int val_mask_to_str(char *str, size_t size,
+22 -2
security/apparmor/lsm.c
··· 1186 1186 * @peer_sk: sk that is accepting the connection 1187 1187 * @newsk: new sk created for this connection 1188 1188 * peer is locked when this hook is called 1189 + * 1190 + * Return: 1191 + * 0 if connection is permitted 1192 + * error code on denial or failure 1189 1193 */ 1190 1194 static int apparmor_unix_stream_connect(struct sock *sk, struct sock *peer_sk, 1191 1195 struct sock *newsk) ··· 1225 1221 * @sock: socket sending the message 1226 1222 * @peer: socket message is being send to 1227 1223 * 1224 + * Performs bidirectional permission checks for Unix domain socket communication: 1225 + * 1. Verifies sender has AA_MAY_SEND to target socket 1226 + * 2. Verifies receiver has AA_MAY_RECEIVE from source socket 1227 + * 1228 1228 * sock and peer are locked when this hook is called 1229 1229 * called by: dgram_connect peer setup but path not copied to newsk 1230 + * 1231 + * Return: 1232 + * 0 if transmission is permitted 1233 + * error code on denial or failure 1230 1234 */ 1231 1235 static int apparmor_unix_may_send(struct socket *sock, struct socket *peer) 1232 1236 { ··· 1351 1339 1352 1340 /** 1353 1341 * apparmor_socket_bind - check perms before bind addr to socket 1354 - * @sock: socket to bind the address to 1355 - * @address: address that is being bound 1342 + * @sock: socket to bind the address to (must be non-NULL) 1343 + * @address: address that is being bound (must be non-NULL) 1356 1344 * @addrlen: length of @address 1345 + * 1346 + * Performs security checks before allowing a socket to bind to an address. 1347 + * Handles Unix domain sockets specially through aa_unix_bind_perm(). 1348 + * For other socket families, uses generic permission check via aa_sk_perm(). 1349 + * 1350 + * Return: 1351 + * 0 if binding is permitted 1352 + * error code on denial or invalid parameters 1357 1353 */ 1358 1354 static int apparmor_socket_bind(struct socket *sock, 1359 1355 struct sockaddr *address, int addrlen)