summaryrefslogtreecommitdiff
path: root/security/apparmor/policy_ns.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/apparmor/policy_ns.c')
-rw-r--r--security/apparmor/policy_ns.c82
1 files changed, 40 insertions, 42 deletions
diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c
index d4e9924a276e..88b3b3c110e3 100644
--- a/security/apparmor/policy_ns.c
+++ b/security/apparmor/policy_ns.c
@@ -26,7 +26,7 @@
#include "include/policy.h"
/* root profile namespace */
-struct aa_namespace *root_ns;
+struct aa_ns *root_ns;
const char *aa_hidden_ns_name = "---";
/**
@@ -36,7 +36,7 @@ const char *aa_hidden_ns_name = "---";
*
* Returns: true if @view is visible from @curr else false
*/
-bool aa_ns_visible(struct aa_namespace *curr, struct aa_namespace *view)
+bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view)
{
if (curr == view)
return true;
@@ -55,7 +55,7 @@ bool aa_ns_visible(struct aa_namespace *curr, struct aa_namespace *view)
*
* Returns: name of @view visible from @curr
*/
-const char *aa_ns_name(struct aa_namespace *curr, struct aa_namespace *view)
+const char *aa_ns_name(struct aa_ns *curr, struct aa_ns *view)
{
/* if view == curr then the namespace name isn't displayed */
if (curr == view)
@@ -75,16 +75,15 @@ const char *aa_ns_name(struct aa_namespace *curr, struct aa_namespace *view)
}
/**
- * alloc_namespace - allocate, initialize and return a new namespace
+ * alloc_ns - allocate, initialize and return a new namespace
* @prefix: parent namespace name (MAYBE NULL)
* @name: a preallocated name (NOT NULL)
*
* Returns: refcounted namespace or NULL on failure.
*/
-static struct aa_namespace *alloc_namespace(const char *prefix,
- const char *name)
+static struct aa_ns *alloc_ns(const char *prefix, const char *name)
{
- struct aa_namespace *ns;
+ struct aa_ns *ns;
ns = kzalloc(sizeof(*ns), GFP_KERNEL);
AA_DEBUG("%s(%p)\n", __func__, ns);
@@ -96,7 +95,7 @@ static struct aa_namespace *alloc_namespace(const char *prefix,
INIT_LIST_HEAD(&ns->sub_ns);
mutex_init(&ns->lock);
- /* released by free_namespace */
+ /* released by aa_free_ns() */
ns->unconfined = aa_alloc_profile("unconfined");
if (!ns->unconfined)
goto fail_unconfined;
@@ -120,19 +119,19 @@ fail_ns:
}
/**
- * aa_free_namespace - free a profile namespace
+ * aa_free_ns - free a profile namespace
* @ns: the namespace to free (MAYBE NULL)
*
* Requires: All references to the namespace must have been put, if the
* namespace was referenced by a profile confining a task,
*/
-void aa_free_namespace(struct aa_namespace *ns)
+void aa_free_ns(struct aa_ns *ns)
{
if (!ns)
return;
aa_policy_destroy(&ns->base);
- aa_put_namespace(ns->parent);
+ aa_put_ns(ns->parent);
ns->unconfined->ns = NULL;
aa_free_profile(ns->unconfined);
@@ -140,7 +139,7 @@ void aa_free_namespace(struct aa_namespace *ns)
}
/**
- * aa_find_namespace - look up a profile namespace on the namespace list
+ * aa_find_ns - look up a profile namespace on the namespace list
* @root: namespace to search in (NOT NULL)
* @name: name of namespace to find (NOT NULL)
*
@@ -149,27 +148,26 @@ void aa_free_namespace(struct aa_namespace *ns)
*
* refcount released by caller
*/
-struct aa_namespace *aa_find_namespace(struct aa_namespace *root,
- const char *name)
+struct aa_ns *aa_find_ns(struct aa_ns *root, const char *name)
{
- struct aa_namespace *ns = NULL;
+ struct aa_ns *ns = NULL;
rcu_read_lock();
- ns = aa_get_namespace(__aa_find_namespace(&root->sub_ns, name));
+ ns = aa_get_ns(__aa_find_ns(&root->sub_ns, name));
rcu_read_unlock();
return ns;
}
/**
- * aa_prepare_namespace - find an existing or create a new namespace of @name
+ * aa_prepare_ns - find an existing or create a new namespace of @name
* @name: the namespace to find or add (MAYBE NULL)
*
- * Returns: refcounted namespace or NULL if failed to create one
+ * Returns: refcounted ns or NULL if failed to create one
*/
-struct aa_namespace *aa_prepare_namespace(const char *name)
+struct aa_ns *aa_prepare_ns(const char *name)
{
- struct aa_namespace *ns, *root;
+ struct aa_ns *ns, *root;
root = aa_current_profile()->ns;
@@ -178,28 +176,28 @@ struct aa_namespace *aa_prepare_namespace(const char *name)
/* if name isn't specified the profile is loaded to the current ns */
if (!name) {
/* released by caller */
- ns = aa_get_namespace(root);
+ ns = aa_get_ns(root);
goto out;
}
/* try and find the specified ns and if it doesn't exist create it */
/* released by caller */
- ns = aa_get_namespace(__aa_find_namespace(&root->sub_ns, name));
+ ns = aa_get_ns(__aa_find_ns(&root->sub_ns, name));
if (!ns) {
- ns = alloc_namespace(root->base.hname, name);
+ ns = alloc_ns(root->base.hname, name);
if (!ns)
goto out;
- if (__aa_fs_namespace_mkdir(ns, ns_subns_dir(root), name)) {
+ if (__aa_fs_ns_mkdir(ns, ns_subns_dir(root), name)) {
AA_ERROR("Failed to create interface for ns %s\n",
ns->base.name);
- aa_free_namespace(ns);
+ aa_free_ns(ns);
ns = NULL;
goto out;
}
- ns->parent = aa_get_namespace(root);
+ ns->parent = aa_get_ns(root);
list_add_rcu(&ns->base.list, &root->sub_ns);
/* add list ref */
- aa_get_namespace(ns);
+ aa_get_ns(ns);
}
out:
mutex_unlock(&root->lock);
@@ -211,10 +209,10 @@ out:
static void __ns_list_release(struct list_head *head);
/**
- * destroy_namespace - remove everything contained by @ns
- * @ns: namespace to have it contents removed (NOT NULL)
+ * destroy_ns - remove everything contained by @ns
+ * @ns: ns to have it contents removed (NOT NULL)
*/
-static void destroy_namespace(struct aa_namespace *ns)
+static void destroy_ns(struct aa_ns *ns)
{
if (!ns)
return;
@@ -228,22 +226,22 @@ static void destroy_namespace(struct aa_namespace *ns)
if (ns->parent)
__aa_update_replacedby(ns->unconfined, ns->parent->unconfined);
- __aa_fs_namespace_rmdir(ns);
+ __aa_fs_ns_rmdir(ns);
mutex_unlock(&ns->lock);
}
/**
- * __aa_remove_namespace - remove a namespace and all its children
+ * __aa_remove_ns - remove a namespace and all its children
* @ns: namespace to be removed (NOT NULL)
*
* Requires: ns->parent->lock be held and ns removed from parent.
*/
-void __aa_remove_namespace(struct aa_namespace *ns)
+void __aa_remove_ns(struct aa_ns *ns)
{
/* remove ns from namespace list */
list_del_rcu(&ns->base.list);
- destroy_namespace(ns);
- aa_put_namespace(ns);
+ destroy_ns(ns);
+ aa_put_ns(ns);
}
/**
@@ -254,15 +252,15 @@ void __aa_remove_namespace(struct aa_namespace *ns)
*/
static void __ns_list_release(struct list_head *head)
{
- struct aa_namespace *ns, *tmp;
+ struct aa_ns *ns, *tmp;
list_for_each_entry_safe(ns, tmp, head, base.list)
- __aa_remove_namespace(ns);
+ __aa_remove_ns(ns);
}
/**
- * aa_alloc_root_ns - allocate the root profile namespace
+ * aa_alloc_root_ns - allocate the root profile namespcae
*
* Returns: %0 on success else error
*
@@ -270,7 +268,7 @@ static void __ns_list_release(struct list_head *head)
int __init aa_alloc_root_ns(void)
{
/* released by aa_free_root_ns - used as list ref*/
- root_ns = alloc_namespace(NULL, "root");
+ root_ns = alloc_ns(NULL, "root");
if (!root_ns)
return -ENOMEM;
@@ -282,10 +280,10 @@ int __init aa_alloc_root_ns(void)
*/
void __init aa_free_root_ns(void)
{
- struct aa_namespace *ns = root_ns;
+ struct aa_ns *ns = root_ns;
root_ns = NULL;
- destroy_namespace(ns);
- aa_put_namespace(ns);
+ destroy_ns(ns);
+ aa_put_ns(ns);
}