summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2022-09-19 10:46:09 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2023-11-28 20:20:07 +0300
commit30b3669d40ad2400dfac75d1250596b5b0cb241b (patch)
tree7d97e6852ed8e96cf6b8ca265f6d1b402b9bb797 /security
parentc57bc80f4508acd8c52bd89b01d324889065320d (diff)
downloadlinux-30b3669d40ad2400dfac75d1250596b5b0cb241b.tar.xz
apparmor: rename audit_data->label to audit_data->subj_label
[ Upstream commit d20f5a1a6e792d22199c9989ec7ab9e95c48d60c ] rename audit_data's label field to subj_label to better reflect its use. Also at the same time drop unneeded assignments to ->subj_label as the later call to aa_check_perms will do the assignment if needed. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation") Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/audit.c6
-rw-r--r--security/apparmor/file.c2
-rw-r--r--security/apparmor/include/audit.h2
-rw-r--r--security/apparmor/ipc.c2
-rw-r--r--security/apparmor/lib.c5
-rw-r--r--security/apparmor/lsm.c4
-rw-r--r--security/apparmor/net.c2
-rw-r--r--security/apparmor/policy.c6
-rw-r--r--security/apparmor/resource.c2
-rw-r--r--security/apparmor/task.c4
10 files changed, 17 insertions, 18 deletions
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index 06ad6a8fcce1..6933cb2f679b 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -113,8 +113,8 @@ static void audit_pre(struct audit_buffer *ab, void *va)
audit_log_format(ab, " error=%d", ad->error);
}
- if (ad->label) {
- struct aa_label *label = ad->label;
+ if (ad->subj_label) {
+ struct aa_label *label = ad->subj_label;
if (label_isprofile(label)) {
struct aa_profile *profile = labels_profile(label);
@@ -187,7 +187,7 @@ int aa_audit(int type, struct aa_profile *profile,
if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
type = AUDIT_APPARMOR_KILL;
- ad->label = &profile->label;
+ ad->subj_label = &profile->label;
aa_audit_msg(type, ad, cb);
diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index 9ea95fa18e7d..5bfa70a97207 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -67,7 +67,7 @@ static void file_audit_cb(struct audit_buffer *ab, void *va)
if (ad->peer) {
audit_log_format(ab, " target=");
- aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+ aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
FLAG_VIEW_SUBNS, GFP_KERNEL);
} else if (ad->fs.target) {
audit_log_format(ab, " target=");
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
index 85931ec94e91..096f0a04af87 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -109,7 +109,7 @@ struct apparmor_audit_data {
int type;
u16 class;
const char *op;
- struct aa_label *label;
+ struct aa_label *subj_label;
const char *name;
const char *info;
u32 request;
diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c
index f198b8d620a4..fd8306399b82 100644
--- a/security/apparmor/ipc.c
+++ b/security/apparmor/ipc.c
@@ -71,7 +71,7 @@ static void audit_signal_cb(struct audit_buffer *ab, void *va)
audit_log_format(ab, " signal=rtmin+%d",
ad->signal - SIGRT_BASE);
audit_log_format(ab, " peer=");
- aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+ aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
FLAGS_NONE, GFP_ATOMIC);
}
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index d6b2750fd72e..c87bccafff44 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -297,7 +297,7 @@ static void aa_audit_perms_cb(struct audit_buffer *ab, void *va)
PERMS_NAMES_MASK);
}
audit_log_format(ab, " peer=");
- aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+ aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
FLAGS_NONE, GFP_ATOMIC);
}
@@ -357,7 +357,6 @@ int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
typeof(*rules), list);
struct aa_perms perms;
- ad->label = &profile->label;
ad->peer = &target->label;
ad->request = request;
@@ -419,7 +418,7 @@ int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
}
if (ad) {
- ad->label = &profile->label;
+ ad->subj_label = &profile->label;
ad->request = request;
ad->denied = denied;
ad->error = error;
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index fd7852a4737c..359fbfbb4a66 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -722,11 +722,11 @@ out:
return error;
fail:
- ad.label = begin_current_label_crit_section();
+ ad.subj_label = begin_current_label_crit_section();
ad.info = name;
ad.error = error = -EINVAL;
aa_audit_msg(AUDIT_APPARMOR_DENIED, &ad, NULL);
- end_current_label_crit_section(ad.label);
+ end_current_label_crit_section(ad.subj_label);
goto out;
}
diff --git a/security/apparmor/net.c b/security/apparmor/net.c
index 0c7304cd479c..5e50f80e35db 100644
--- a/security/apparmor/net.c
+++ b/security/apparmor/net.c
@@ -100,7 +100,7 @@ void audit_net_cb(struct audit_buffer *ab, void *va)
}
if (ad->peer) {
audit_log_format(ab, " peer=");
- aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+ aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
FLAGS_NONE, GFP_ATOMIC);
}
}
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 9a7dbe64f102..e5f1ef83b0fd 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -733,7 +733,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
/**
* audit_policy - Do auditing of policy changes
- * @label: label to check if it can manage policy
+ * @subj_label: label to check if it can manage policy
* @op: policy operation being performed
* @ns_name: name of namespace being manipulated
* @name: name of profile being manipulated (NOT NULL)
@@ -742,7 +742,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
*
* Returns: the error to be returned after audit is done
*/
-static int audit_policy(struct aa_label *label, const char *op,
+static int audit_policy(struct aa_label *subj_label, const char *op,
const char *ns_name, const char *name,
const char *info, int error)
{
@@ -752,7 +752,7 @@ static int audit_policy(struct aa_label *label, const char *op,
ad.name = name;
ad.info = info;
ad.error = error;
- ad.label = label;
+ ad.subj_label = subj_label;
aa_audit_msg(AUDIT_APPARMOR_STATUS, &ad, audit_cb);
diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
index b6b5e1bfe9a2..73ba26c646a5 100644
--- a/security/apparmor/resource.c
+++ b/security/apparmor/resource.c
@@ -36,7 +36,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
rlim_names[ad->rlim.rlim], ad->rlim.max);
if (ad->peer) {
audit_log_format(ab, " peer=");
- aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+ aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
FLAGS_NONE, GFP_ATOMIC);
}
}
diff --git a/security/apparmor/task.c b/security/apparmor/task.c
index 8bd1f212215c..79850e832142 100644
--- a/security/apparmor/task.c
+++ b/security/apparmor/task.c
@@ -220,7 +220,7 @@ static void audit_ptrace_cb(struct audit_buffer *ab, void *va)
}
}
audit_log_format(ab, " peer=");
- aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+ aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
FLAGS_NONE, GFP_ATOMIC);
}
@@ -266,7 +266,7 @@ static int profile_tracer_perm(struct aa_profile *tracer,
if (&tracer->label == tracee)
return 0;
- ad->label = &tracer->label;
+ ad->subj_label = &tracer->label;
ad->peer = tracee;
ad->request = 0;
ad->error = aa_capable(&tracer->label, CAP_SYS_PTRACE,