summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--security/apparmor/apparmorfs.c49
-rw-r--r--security/apparmor/domain.c24
-rw-r--r--security/apparmor/include/apparmorfs.h8
-rw-r--r--security/apparmor/include/policy.h8
-rw-r--r--security/apparmor/include/policy_ns.h43
-rw-r--r--security/apparmor/policy.c32
-rw-r--r--security/apparmor/policy_ns.c82
-rw-r--r--security/apparmor/procattr.c4
8 files changed, 122 insertions, 128 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index efac1a9565e2..4409b63f0dd7 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -478,9 +478,9 @@ fail2:
return error;
}
-void __aa_fs_namespace_rmdir(struct aa_namespace *ns)
+void __aa_fs_ns_rmdir(struct aa_ns *ns)
{
- struct aa_namespace *sub;
+ struct aa_ns *sub;
struct aa_profile *child;
int i;
@@ -492,7 +492,7 @@ void __aa_fs_namespace_rmdir(struct aa_namespace *ns)
list_for_each_entry(sub, &ns->sub_ns, base.list) {
mutex_lock(&sub->lock);
- __aa_fs_namespace_rmdir(sub);
+ __aa_fs_ns_rmdir(sub);
mutex_unlock(&sub->lock);
}
@@ -502,10 +502,9 @@ void __aa_fs_namespace_rmdir(struct aa_namespace *ns)
}
}
-int __aa_fs_namespace_mkdir(struct aa_namespace *ns, struct dentry *parent,
- const char *name)
+int __aa_fs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name)
{
- struct aa_namespace *sub;
+ struct aa_ns *sub;
struct aa_profile *child;
struct dentry *dent, *dir;
int error;
@@ -536,7 +535,7 @@ int __aa_fs_namespace_mkdir(struct aa_namespace *ns, struct dentry *parent,
list_for_each_entry(sub, &ns->sub_ns, base.list) {
mutex_lock(&sub->lock);
- error = __aa_fs_namespace_mkdir(sub, ns_subns_dir(ns), NULL);
+ error = __aa_fs_ns_mkdir(sub, ns_subns_dir(ns), NULL);
mutex_unlock(&sub->lock);
if (error)
goto fail2;
@@ -548,7 +547,7 @@ fail:
error = PTR_ERR(dent);
fail2:
- __aa_fs_namespace_rmdir(ns);
+ __aa_fs_ns_rmdir(ns);
return error;
}
@@ -557,7 +556,7 @@ fail2:
#define list_entry_is_head(pos, head, member) (&pos->member == (head))
/**
- * __next_namespace - find the next namespace to list
+ * __next_ns - find the next namespace to list
* @root: root namespace to stop search at (NOT NULL)
* @ns: current ns position (NOT NULL)
*
@@ -568,10 +567,9 @@ fail2:
* Requires: ns->parent->lock to be held
* NOTE: will not unlock root->lock
*/
-static struct aa_namespace *__next_namespace(struct aa_namespace *root,
- struct aa_namespace *ns)
+static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns)
{
- struct aa_namespace *parent, *next;
+ struct aa_ns *parent, *next;
/* is next namespace a child */
if (!list_empty(&ns->sub_ns)) {
@@ -604,10 +602,10 @@ static struct aa_namespace *__next_namespace(struct aa_namespace *root,
* Returns: unrefcounted profile or NULL if no profile
* Requires: profile->ns.lock to be held
*/
-static struct aa_profile *__first_profile(struct aa_namespace *root,
- struct aa_namespace *ns)
+static struct aa_profile *__first_profile(struct aa_ns *root,
+ struct aa_ns *ns)
{
- for (; ns; ns = __next_namespace(root, ns)) {
+ for (; ns; ns = __next_ns(root, ns)) {
if (!list_empty(&ns->base.profiles))
return list_first_entry(&ns->base.profiles,
struct aa_profile, base.list);
@@ -627,7 +625,7 @@ static struct aa_profile *__first_profile(struct aa_namespace *root,
static struct aa_profile *__next_profile(struct aa_profile *p)
{
struct aa_profile *parent;
- struct aa_namespace *ns = p->ns;
+ struct aa_ns *ns = p->ns;
/* is next profile a child */
if (!list_empty(&p->base.profiles))
@@ -661,7 +659,7 @@ static struct aa_profile *__next_profile(struct aa_profile *p)
*
* Returns: next profile or NULL if there isn't one
*/
-static struct aa_profile *next_profile(struct aa_namespace *root,
+static struct aa_profile *next_profile(struct aa_ns *root,
struct aa_profile *profile)
{
struct aa_profile *next = __next_profile(profile);
@@ -669,7 +667,7 @@ static struct aa_profile *next_profile(struct aa_namespace *root,
return next;
/* finished all profiles in namespace move to next namespace */
- return __first_profile(root, __next_namespace(root, profile->ns));
+ return __first_profile(root, __next_ns(root, profile->ns));
}
/**
@@ -684,9 +682,9 @@ static struct aa_profile *next_profile(struct aa_namespace *root,
static void *p_start(struct seq_file *f, loff_t *pos)
{
struct aa_profile *profile = NULL;
- struct aa_namespace *root = aa_current_profile()->ns;
+ struct aa_ns *root = aa_current_profile()->ns;
loff_t l = *pos;
- f->private = aa_get_namespace(root);
+ f->private = aa_get_ns(root);
/* find the first profile */
@@ -713,7 +711,7 @@ static void *p_start(struct seq_file *f, loff_t *pos)
static void *p_next(struct seq_file *f, void *p, loff_t *pos)
{
struct aa_profile *profile = p;
- struct aa_namespace *ns = f->private;
+ struct aa_ns *ns = f->private;
(*pos)++;
return next_profile(ns, profile);
@@ -729,14 +727,14 @@ static void *p_next(struct seq_file *f, void *p, loff_t *pos)
static void p_stop(struct seq_file *f, void *p)
{
struct aa_profile *profile = p;
- struct aa_namespace *root = f->private, *ns;
+ struct aa_ns *root = f->private, *ns;
if (profile) {
for (ns = profile->ns; ns && ns != root; ns = ns->parent)
mutex_unlock(&ns->lock);
}
mutex_unlock(&root->lock);
- aa_put_namespace(root);
+ aa_put_ns(root);
}
/**
@@ -749,7 +747,7 @@ static void p_stop(struct seq_file *f, void *p)
static int seq_show_profile(struct seq_file *f, void *p)
{
struct aa_profile *profile = (struct aa_profile *)p;
- struct aa_namespace *root = f->private;
+ struct aa_ns *root = f->private;
if (profile->ns != root)
seq_printf(f, ":%s://", aa_ns_name(root, profile->ns));
@@ -951,8 +949,7 @@ static int __init aa_create_aafs(void)
if (error)
goto error;
- error = __aa_fs_namespace_mkdir(root_ns, aa_fs_entry.dentry,
- "policy");
+ error = __aa_fs_ns_mkdir(root_ns, aa_fs_entry.dentry, "policy");
if (error)
goto error;
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 02d2f01e908d..503cb2c54447 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -94,7 +94,7 @@ out:
* Returns: permission set
*/
static struct file_perms change_profile_perms(struct aa_profile *profile,
- struct aa_namespace *ns,
+ struct aa_ns *ns,
const char *name, u32 request,
unsigned int start)
{
@@ -171,7 +171,7 @@ static struct aa_profile *__attach_match(const char *name,
*
* Returns: profile or NULL if no match found
*/
-static struct aa_profile *find_attach(struct aa_namespace *ns,
+static struct aa_profile *find_attach(struct aa_ns *ns,
struct list_head *list, const char *name)
{
struct aa_profile *profile;
@@ -240,7 +240,7 @@ static const char *next_name(int xtype, const char *name)
static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex)
{
struct aa_profile *new_profile = NULL;
- struct aa_namespace *ns = profile->ns;
+ struct aa_ns *ns = profile->ns;
u32 xtype = xindex & AA_X_TYPE_MASK;
int index = xindex & AA_X_INDEX_MASK;
const char *name;
@@ -248,7 +248,7 @@ static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex)
/* index is guaranteed to be in range, validated at load time */
for (name = profile->file.trans.table[index]; !new_profile && name;
name = next_name(xtype, name)) {
- struct aa_namespace *new_ns;
+ struct aa_ns *new_ns;
const char *xname = NULL;
new_ns = NULL;
@@ -268,7 +268,7 @@ static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex)
;
}
/* released below */
- new_ns = aa_find_namespace(ns, ns_name);
+ new_ns = aa_find_ns(ns, ns_name);
if (!new_ns)
continue;
} else if (*name == '@') {
@@ -281,7 +281,7 @@ static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex)
/* released by caller */
new_profile = aa_lookup_profile(new_ns ? new_ns : ns, xname);
- aa_put_namespace(new_ns);
+ aa_put_ns(new_ns);
}
/* released by caller */
@@ -302,7 +302,7 @@ static struct aa_profile *x_to_profile(struct aa_profile *profile,
const char *name, u32 xindex)
{
struct aa_profile *new_profile = NULL;
- struct aa_namespace *ns = profile->ns;
+ struct aa_ns *ns = profile->ns;
u32 xtype = xindex & AA_X_TYPE_MASK;
switch (xtype) {
@@ -339,7 +339,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
{
struct aa_task_cxt *cxt;
struct aa_profile *profile, *new_profile = NULL;
- struct aa_namespace *ns;
+ struct aa_ns *ns;
char *buffer = NULL;
unsigned int state;
struct file_perms perms = {};
@@ -746,7 +746,7 @@ int aa_change_profile(const char *ns_name, const char *hname, bool onexec,
{
const struct cred *cred;
struct aa_profile *profile, *target = NULL;
- struct aa_namespace *ns = NULL;
+ struct aa_ns *ns = NULL;
struct file_perms perms = {};
const char *name = NULL, *info = NULL;
int op, error = 0;
@@ -780,7 +780,7 @@ int aa_change_profile(const char *ns_name, const char *hname, bool onexec,
if (ns_name) {
/* released below */
- ns = aa_find_namespace(profile->ns, ns_name);
+ ns = aa_find_ns(profile->ns, ns_name);
if (!ns) {
/* we don't create new namespace in complain mode */
name = ns_name;
@@ -790,7 +790,7 @@ int aa_change_profile(const char *ns_name, const char *hname, bool onexec,
}
} else
/* released below */
- ns = aa_get_namespace(profile->ns);
+ ns = aa_get_ns(profile->ns);
/* if the name was not specified, use the name of the current profile */
if (!hname) {
@@ -843,7 +843,7 @@ audit:
error = aa_audit_file(profile, &perms, GFP_KERNEL, op, request,
name, hname, GLOBAL_ROOT_UID, info, error);
- aa_put_namespace(ns);
+ aa_put_ns(ns);
aa_put_profile(target);
put_cred(cred);
diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
index 414e56878dd0..5626bd48d7cb 100644
--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -62,7 +62,7 @@ extern const struct file_operations aa_fs_seq_file_ops;
extern void __init aa_destroy_aafs(void);
struct aa_profile;
-struct aa_namespace;
+struct aa_ns;
enum aafs_ns_type {
AAFS_NS_DIR,
@@ -97,8 +97,8 @@ void __aa_fs_profile_rmdir(struct aa_profile *profile);
void __aa_fs_profile_migrate_dents(struct aa_profile *old,
struct aa_profile *new);
int __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent);
-void __aa_fs_namespace_rmdir(struct aa_namespace *ns);
-int __aa_fs_namespace_mkdir(struct aa_namespace *ns, struct dentry *parent,
- const char *name);
+void __aa_fs_ns_rmdir(struct aa_ns *ns);
+int __aa_fs_ns_mkdir(struct aa_ns *ns, struct dentry *parent,
+ const char *name);
#endif /* __AA_APPARMORFS_H */
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index a1b1d8ab589c..415f8ab0b11e 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -31,7 +31,7 @@
#include "resource.h"
-struct aa_namespace;
+struct aa_ns;
extern const char *const aa_profile_mode_names[];
#define APPARMOR_MODE_NAMES_MAX_INDEX 4
@@ -141,7 +141,7 @@ struct aa_profile {
struct rcu_head rcu;
struct aa_profile __rcu *parent;
- struct aa_namespace *ns;
+ struct aa_ns *ns;
struct aa_replacedby *replacedby;
const char *rename;
@@ -177,8 +177,8 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat);
void aa_free_profile(struct aa_profile *profile);
void aa_free_profile_kref(struct kref *kref);
struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name);
-struct aa_profile *aa_lookup_profile(struct aa_namespace *ns, const char *name);
-struct aa_profile *aa_match_profile(struct aa_namespace *ns, const char *name);
+struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *name);
+struct aa_profile *aa_match_profile(struct aa_ns *ns, const char *name);
ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace);
ssize_t aa_remove_profiles(char *name, size_t size);
diff --git a/security/apparmor/include/policy_ns.h b/security/apparmor/include/policy_ns.h
index 4b9e8c7c669a..323752cc0c87 100644
--- a/security/apparmor/include/policy_ns.h
+++ b/security/apparmor/include/policy_ns.h
@@ -35,7 +35,7 @@ struct aa_ns_acct {
int count;
};
-/* struct aa_namespace - namespace for a set of profiles
+/* struct aa_ns - namespace for a set of profiles
* @base: common policy
* @parent: parent of namespace
* @lock: lock for modifying the object
@@ -46,9 +46,9 @@ struct aa_ns_acct {
* @uniq_id: a unique id count for the profiles in the namespace
* @dents: dentries for the namespaces file entries in apparmorfs
*
- * An aa_namespace defines the set profiles that are searched to determine
+ * An aa_ns defines the set profiles that are searched to determine
* which profile to attach to a task. Profiles can not be shared between
- * aa_namespaces and profile names within a namespace are guaranteed to be
+ * aa_nss and profile names within a namespace are guaranteed to be
* unique. When profiles in separate namespaces have the same name they
* are NOT considered to be equivalent.
*
@@ -57,9 +57,9 @@ struct aa_ns_acct {
*
* Namespace names must be unique and can not contain the characters :/\0
*/
-struct aa_namespace {
+struct aa_ns {
struct aa_policy base;
- struct aa_namespace *parent;
+ struct aa_ns *parent;
struct mutex lock;
struct aa_ns_acct acct;
struct aa_profile *unconfined;
@@ -70,21 +70,20 @@ struct aa_namespace {
struct dentry *dents[AAFS_NS_SIZEOF];
};
-extern struct aa_namespace *root_ns;
+extern struct aa_ns *root_ns;
extern const char *aa_hidden_ns_name;
-bool aa_ns_visible(struct aa_namespace *curr, struct aa_namespace *view);
-const char *aa_ns_name(struct aa_namespace *parent, struct aa_namespace *child);
-void aa_free_namespace(struct aa_namespace *ns);
+bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view);
+const char *aa_ns_name(struct aa_ns *parent, struct aa_ns *child);
+void aa_free_ns(struct aa_ns *ns);
int aa_alloc_root_ns(void);
void aa_free_root_ns(void);
-void aa_free_namespace_kref(struct kref *kref);
+void aa_free_ns_kref(struct kref *kref);
-struct aa_namespace *aa_find_namespace(struct aa_namespace *root,
- const char *name);
-struct aa_namespace *aa_prepare_namespace(const char *name);
-void __aa_remove_namespace(struct aa_namespace *ns);
+struct aa_ns *aa_find_ns(struct aa_ns *root, const char *name);
+struct aa_ns *aa_prepare_ns(const char *name);
+void __aa_remove_ns(struct aa_ns *ns);
static inline struct aa_profile *aa_deref_parent(struct aa_profile *p)
{
@@ -93,13 +92,13 @@ static inline struct aa_profile *aa_deref_parent(struct aa_profile *p)
}
/**
- * aa_get_namespace - increment references count on @ns
+ * aa_get_ns - increment references count on @ns
* @ns: namespace to increment reference count of (MAYBE NULL)
*
* Returns: pointer to @ns, if @ns is NULL returns NULL
* Requires: @ns must be held with valid refcount when called
*/
-static inline struct aa_namespace *aa_get_namespace(struct aa_namespace *ns)
+static inline struct aa_ns *aa_get_ns(struct aa_ns *ns)
{
if (ns)
aa_get_profile(ns->unconfined);
@@ -108,19 +107,19 @@ static inline struct aa_namespace *aa_get_namespace(struct aa_namespace *ns)
}
/**
- * aa_put_namespace - decrement refcount on @ns
+ * aa_put_ns - decrement refcount on @ns
* @ns: namespace to put reference of
*
* Decrement reference count of @ns and if no longer in use free it
*/
-static inline void aa_put_namespace(struct aa_namespace *ns)
+static inline void aa_put_ns(struct aa_ns *ns)
{
if (ns)
aa_put_profile(ns->unconfined);
}
/**
- * __aa_find_namespace - find a namespace on a list by @name
+ * __aa_find_ns - find a namespace on a list by @name
* @head: list to search for namespace on (NOT NULL)
* @name: name of namespace to look for (NOT NULL)
*
@@ -128,10 +127,10 @@ static inline void aa_put_namespace(struct aa_namespace *ns)
*
* Requires: rcu_read_lock be held
*/
-static inline struct aa_namespace *__aa_find_namespace(struct list_head *head,
- const char *name)
+static inline struct aa_ns *__aa_find_ns(struct list_head *head,
+ const char *name)
{
- return (struct aa_namespace *)__policy_find(head, name);
+ return (struct aa_ns *)__policy_find(head, name);
}
#endif /* AA_NAMESPACE_H */
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 2a861824319e..2dd8717a5a89 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -213,7 +213,7 @@ void aa_free_profile(struct aa_profile *profile)
aa_policy_destroy(&profile->base);
aa_put_profile(rcu_access_pointer(profile->parent));
- aa_put_namespace(profile->ns);
+ aa_put_ns(profile->ns);
kzfree(profile->rename);
aa_free_file_rules(&profile->file);
@@ -237,7 +237,7 @@ static void aa_free_profile_rcu(struct rcu_head *head)
{
struct aa_profile *p = container_of(head, struct aa_profile, rcu);
if (p->flags & PFLAG_NS_COUNT)
- aa_free_namespace(p->ns);
+ aa_free_ns(p->ns);
else
aa_free_profile(p);
}
@@ -324,7 +324,7 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat)
/* released on free_profile */
rcu_assign_pointer(profile->parent, aa_get_profile(parent));
- profile->ns = aa_get_namespace(parent->ns);
+ profile->ns = aa_get_ns(parent->ns);
mutex_lock(&profile->ns->lock);
__list_add_profile(&parent->base.profiles, profile);
@@ -403,7 +403,7 @@ struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name)
*
* Returns: unrefcounted policy or NULL if not found
*/
-static struct aa_policy *__lookup_parent(struct aa_namespace *ns,
+static struct aa_policy *__lookup_parent(struct aa_ns *ns,
const char *hname)
{
struct aa_policy *policy;
@@ -466,7 +466,7 @@ static struct aa_profile *__lookup_profile(struct aa_policy *base,
*
* Returns: refcounted profile or NULL if not found
*/
-struct aa_profile *aa_lookup_profile(struct aa_namespace *ns, const char *hname)
+struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *hname)
{
struct aa_profile *profile;
@@ -670,7 +670,7 @@ static void __replace_profile(struct aa_profile *old, struct aa_profile *new,
*
* Returns: profile to replace (no ref) on success else ptr error
*/
-static int __lookup_replace(struct aa_namespace *ns, const char *hname,
+static int __lookup_replace(struct aa_ns *ns, const char *hname,
bool noreplace, struct aa_profile **p,
const char **info)
{
@@ -701,7 +701,7 @@ static int __lookup_replace(struct aa_namespace *ns, const char *hname,
ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
{
const char *ns_name, *info = NULL;
- struct aa_namespace *ns = NULL;
+ struct aa_ns *ns = NULL;
struct aa_load_ent *ent, *tmp;
int op = OP_PROF_REPL;
ssize_t error;
@@ -713,7 +713,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
goto out;
/* released below */
- ns = aa_prepare_namespace(ns_name);
+ ns = aa_prepare_ns(ns_name);
if (!ns) {
error = audit_policy(op, GFP_KERNEL, ns_name,
"failed to prepare namespace", -ENOMEM);
@@ -738,7 +738,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
}
/* released when @new is freed */
- ent->new->ns = aa_get_namespace(ns);
+ ent->new->ns = aa_get_ns(ns);
if (ent->old || ent->rename)
continue;
@@ -835,7 +835,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
mutex_unlock(&ns->lock);
out:
- aa_put_namespace(ns);
+ aa_put_ns(ns);
if (error)
return error;
@@ -881,7 +881,7 @@ free:
*/
ssize_t aa_remove_profiles(char *fqname, size_t size)
{
- struct aa_namespace *root, *ns = NULL;
+ struct aa_ns *root, *ns = NULL;
struct aa_profile *profile = NULL;
const char *name = fqname, *info = NULL;
ssize_t error = 0;
@@ -898,7 +898,7 @@ ssize_t aa_remove_profiles(char *fqname, size_t size)
char *ns_name;
name = aa_split_fqname(fqname, &ns_name);
/* released below */
- ns = aa_find_namespace(root, ns_name);
+ ns = aa_find_ns(root, ns_name);
if (!ns) {
info = "namespace does not exist";
error = -ENOENT;
@@ -906,12 +906,12 @@ ssize_t aa_remove_profiles(char *fqname, size_t size)
}
} else
/* released below */
- ns = aa_get_namespace(root);
+ ns = aa_get_ns(root);
if (!name) {
/* remove namespace - can only happen if fqname[0] == ':' */
mutex_lock(&ns->parent->lock);
- __aa_remove_namespace(ns);
+ __aa_remove_ns(ns);
mutex_unlock(&ns->parent->lock);
} else {
/* remove profile */
@@ -929,13 +929,13 @@ ssize_t aa_remove_profiles(char *fqname, size_t size)
/* don't fail removal if audit fails */
(void) audit_policy(OP_PROF_RM, GFP_KERNEL, name, info, error);
- aa_put_namespace(ns);
+ aa_put_ns(ns);
aa_put_profile(profile);
return size;
fail_ns_lock:
mutex_unlock(&ns->lock);
- aa_put_namespace(ns);
+ aa_put_ns(ns);
fail:
(void) audit_policy(OP_PROF_RM, GFP_KERNEL, name, info, error);
diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c
index d4e9924a276e..88b3b3c110e3 100644
--- a/security/apparmor/policy_ns.c
+++ b/security/apparmor/policy_ns.c
@@ -26,7 +26,7 @@
#include "include/policy.h"
/* root profile namespace */
-struct aa_namespace *root_ns;
+struct aa_ns *root_ns;
const char *aa_hidden_ns_name = "---";
/**
@@ -36,7 +36,7 @@ const char *aa_hidden_ns_name = "---";
*
* Returns: true if @view is visible from @curr else false
*/
-bool aa_ns_visible(struct aa_namespace *curr, struct aa_namespace *view)
+bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view)
{
if (curr == view)
return true;
@@ -55,7 +55,7 @@ bool aa_ns_visible(struct aa_namespace *curr, struct aa_namespace *view)
*
* Returns: name of @view visible from @curr
*/
-const char *aa_ns_name(struct aa_namespace *curr, struct aa_namespace *view)
+const char *aa_ns_name(struct aa_ns *curr, struct aa_ns *view)
{
/* if view == curr then the namespace name isn't displayed */
if (curr == view)
@@ -75,16 +75,15 @@ const char *aa_ns_name(struct aa_namespace *curr, struct aa_namespace *view)
}
/**
- * alloc_namespace - allocate, initialize and return a new namespace
+ * alloc_ns - allocate, initialize and return a new namespace
* @prefix: parent namespace name (MAYBE NULL)
* @name: a preallocated name (NOT NULL)
*
* Returns: refcounted namespace or NULL on failure.
*/
-static struct aa_namespace *alloc_namespace(const char *prefix,
- const char *name)
+static struct aa_ns *alloc_ns(const char *prefix, const char *name)
{
- struct aa_namespace *ns;
+ struct aa_ns *ns;
ns = kzalloc(sizeof(*ns), GFP_KERNEL);
AA_DEBUG("%s(%p)\n", __func__, ns);
@@ -96,7 +95,7 @@ static struct aa_namespace *alloc_namespace(const char *prefix,
INIT_LIST_HEAD(&ns->sub_ns);
mutex_init(&ns->lock);
- /* released by free_namespace */
+ /* released by aa_free_ns() */
ns->unconfined = aa_alloc_profile("unconfined");
if (!ns->unconfined)
goto fail_unconfined;
@@ -120,19 +119,19 @@ fail_ns:
}
/**
- * aa_free_namespace - free a profile namespace
+ * aa_free_ns - free a profile namespace
* @ns: the namespace to free (MAYBE NULL)
*
* Requires: All references to the namespace must have been put, if the
* namespace was referenced by a profile confining a task,
*/
-void aa_free_namespace(struct aa_namespace *ns)
+void aa_free_ns(struct aa_ns *ns)
{
if (!ns)
return;
aa_policy_destroy(&ns->base);
- aa_put_namespace(ns->parent);
+ aa_put_ns(ns->parent);
ns->unconfined->ns = NULL;
aa_free_profile(ns->unconfined);
@@ -140,7 +139,7 @@ void aa_free_namespace(struct aa_namespace *ns)
}
/**
- * aa_find_namespace - look up a profile namespace on the namespace list
+ * aa_find_ns - look up a profile namespace on the namespace list
* @root: namespace to search in (NOT NULL)
* @name: name of namespace to find (NOT NULL)
*
@@ -149,27 +148,26 @@ void aa_free_namespace(struct aa_namespace *ns)
*
* refcount released by caller
*/
-struct aa_namespace *aa_find_namespace(struct aa_namespace *root,
- const char *name)
+struct aa_ns *aa_find_ns(struct aa_ns *root, const char *name)
{
- struct aa_namespace *ns = NULL;
+ struct aa_ns *ns = NULL;
rcu_read_lock();
- ns = aa_get_namespace(__aa_find_namespace(&root->sub_ns, name));
+ ns = aa_get_ns(__aa_find_ns(&root->sub_ns, name));
rcu_read_unlock();
return ns;
}
/**
- * aa_prepare_namespace - find an existing or create a new namespace of @name
+ * aa_prepare_ns - find an existing or create a new namespace of @name
* @name: the namespace to find or add (MAYBE NULL)
*
- * Returns: refcounted namespace or NULL if failed to create one
+ * Returns: refcounted ns or NULL if failed to create one
*/
-struct aa_namespace *aa_prepare_namespace(const char *name)
+struct aa_ns *aa_prepare_ns(const char *name)
{
- struct aa_namespace *ns, *root;
+ struct aa_ns *ns, *root;
root = aa_current_profile()->ns;
@@ -178,28 +176,28 @@ struct aa_namespace *aa_prepare_namespace(const char *name)
/* if name isn't specified the profile is loaded to the current ns */
if (!name) {
/* released by caller */
- ns = aa_get_namespace(root);
+ ns = aa_get_ns(root);
goto out;
}
/* try and find the specified ns and if it doesn't exist create it */
/* released by caller */
- ns = aa_get_namespace(__aa_find_namespace(&root->sub_ns, name));
+ ns = aa_get_ns(__aa_find_ns(&root->sub_ns, name));
if (!ns) {
- ns = alloc_namespace(root->base.hname, name);
+ ns = alloc_ns(root->base.hname, name);
if (!ns)
goto out;
- if (__aa_fs_namespace_mkdir(ns, ns_subns_dir(root), name)) {
+ if (__aa_fs_ns_mkdir(ns, ns_subns_dir(root), name)) {
AA_ERROR("Failed to create interface for ns %s\n",
ns->base.name);
- aa_free_namespace(ns);
+ aa_free_ns(ns);
ns = NULL;
goto out;
}
- ns->parent = aa_get_namespace(root);
+ ns->parent = aa_get_ns(root);
list_add_rcu(&ns->base.list, &root->sub_ns);
/* add list ref */
- aa_get_namespace(ns);
+ aa_get_ns(ns);
}
out:
mutex_unlock(&root->lock);
@@ -211,10 +209,10 @@ out:
static void __ns_list_release(struct list_head *head);
/**
- * destroy_namespace - remove everything contained by @ns
- * @ns: namespace to have it contents removed (NOT NULL)
+ * destroy_ns - remove everything contained by @ns
+ * @ns: ns to have it contents removed (NOT NULL)
*/
-static void destroy_namespace(struct aa_namespace *ns)
+static void destroy_ns(struct aa_ns *ns)
{
if (!ns)
return;
@@ -228,22 +226,22 @@ static void destroy_namespace(struct aa_namespace *ns)
if (ns->parent)
__aa_update_replacedby(ns->unconfined, ns->parent->unconfined);
- __aa_fs_namespace_rmdir(ns);
+ __aa_fs_ns_rmdir(ns);
mutex_unlock(&ns->lock);
}
/**
- * __aa_remove_namespace - remove a namespace and all its children
+ * __aa_remove_ns - remove a namespace and all its children
* @ns: namespace to be removed (NOT NULL)
*
* Requires: ns->parent->lock be held and ns removed from parent.
*/
-void __aa_remove_namespace(struct aa_namespace *ns)
+void __aa_remove_ns(struct aa_ns *ns)
{
/* remove ns from namespace list */
list_del_rcu(&ns->base.list);
- destroy_namespace(ns);
- aa_put_namespace(ns);
+ destroy_ns(ns);
+ aa_put_ns(ns);
}
/**
@@ -254,15 +252,15 @@ void __aa_remove_namespace(struct aa_namespace *ns)
*/
static void __ns_list_release(struct list_head *head)
{
- struct aa_namespace *ns, *tmp;
+ struct aa_ns *ns, *tmp;
list_for_each_entry_safe(ns, tmp, head, base.list)
- __aa_remove_namespace(ns);
+ __aa_remove_ns(ns);
}
/**
- * aa_alloc_root_ns - allocate the root profile namespace
+ * aa_alloc_root_ns - allocate the root profile namespcae
*
* Returns: %0 on success else error
*
@@ -270,7 +268,7 @@ static void __ns_list_release(struct list_head *head)
int __init aa_alloc_root_ns(void)
{
/* released by aa_free_root_ns - used as list ref*/
- root_ns = alloc_namespace(NULL, "root");
+ root_ns = alloc_ns(NULL, "root");
if (!root_ns)
return -ENOMEM;
@@ -282,10 +280,10 @@ int __init aa_alloc_root_ns(void)
*/
void __init aa_free_root_ns(void)
{
- struct aa_namespace *ns = root_ns;
+ struct aa_ns *ns = root_ns;
root_ns = NULL;
- destroy_namespace(ns);
- aa_put_namespace(ns);
+ destroy_ns(ns);
+ aa_put_ns(ns);
}
diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c
index bb2600d9d826..15ddf74ac269 100644
--- a/security/apparmor/procattr.c
+++ b/security/apparmor/procattr.c
@@ -40,8 +40,8 @@ int aa_getprocattr(struct aa_profile *profile, char **string)
int len = 0, mode_len = 0, ns_len = 0, name_len;
const char *mode_str = aa_profile_mode_names[profile->mode];
const char *ns_name = NULL;
- struct aa_namespace *ns = profile->ns;
- struct aa_namespace *current_ns = __aa_current_profile()->ns;
+ struct aa_ns *ns = profile->ns;
+ struct aa_ns *current_ns = __aa_current_profile()->ns;
char *s;
if (!aa_ns_visible(current_ns, ns))