UBUNTU: SAUCE: apparmor: rename audit_data->label to audit_data->subj…

…_label BugLink: https://bugs.launchpad.net/bugs/2012136 rename audit_data's label field to subj_label to better reflect its use. Also at the same time drop unneeded assignments to ->subj_label as the later call to aa_check_perms will do the assignment if needed. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
mariux64 · Mar 23, 2023 · cf01c39 · cf01c39
1 parent 8227d63
commit cf01c39
Show file tree

Hide file tree

Showing 10 changed files with 18 additions and 23 deletions.
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
@@ -114,8 +114,8 @@ static void audit_pre(struct audit_buffer *ab, void *ca)
 			audit_log_format(ab, " error=%d", ad->error);
 	}
 
-	if (ad->label) {
-		struct aa_label *label = ad->label;
+	if (ad->subj_label) {
+		struct aa_label *label = ad->subj_label;
 
 		if (label_isprofile(label)) {
 			struct aa_profile *profile = labels_profile(label);
@@ -187,7 +187,7 @@ int aa_audit(int type, struct aa_profile *profile,
 	if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
 		type = AUDIT_APPARMOR_KILL;
 
-	ad->label = &profile->label;
+	ad->subj_label = &profile->label;
 
 	aa_audit_msg(type, ad, cb);
 

diff --git a/security/apparmor/file.c b/security/apparmor/file.c
@@ -69,7 +69,7 @@ static void file_audit_cb(struct audit_buffer *ab, void *va)
 
 	if (ad->peer) {
 		audit_log_format(ab, " target=");
-		aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+		aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
 				FLAG_VIEW_SUBNS, GFP_KERNEL);
 	} else if (ad->fs.target) {
 		audit_log_format(ab, " target=");

diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
@@ -110,7 +110,7 @@ struct apparmor_audit_data {
 	int type;
 	u16 class;
 	const char *op;
-	struct aa_label *label;
+	struct aa_label *subj_label;
 	const char *name;
 	const char *info;
 	u32 request;

diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c
@@ -74,7 +74,7 @@ static void audit_signal_cb(struct audit_buffer *ab, void *va)
 		audit_log_format(ab, " signal=rtmin+%d",
 				 ad->signal - SIGRT_BASE);
 	audit_log_format(ab, " peer=");
-	aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+	aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
 			FLAGS_NONE, GFP_ATOMIC);
 }
 
@@ -131,7 +131,7 @@ static void audit_mqueue_cb(struct audit_buffer *ab, void *va)
 	}
 	if (ad->peer) {
 		audit_log_format(ab, " olabel=");
-		aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+		aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
 				FLAGS_NONE, GFP_ATOMIC);
 	}
 }
@@ -150,8 +150,6 @@ int aa_profile_mqueue_perm(struct aa_profile *profile, const struct path *path,
 	    !RULE_MEDIATES(rules, AA_CLASS_POSIX_MQUEUE))
 		return 0;
 
-	ad->label = &profile->label;
-
 	name = dentry_path_raw(path->dentry, buffer, aa_g_path_max);
 	if (IS_ERR(name))
 		return PTR_ERR(name);

diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
@@ -306,7 +306,7 @@ static void aa_audit_perms_cb(struct audit_buffer *ab, void *va)
 	aa_audit_perms(ab, ad, aa_file_perm_chrs, PERMS_CHRS_MASK,
 		       aa_base_perm_names, PERMS_NAMES_MASK);
 	audit_log_format(ab, " peer=");
-	aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+	aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
 				      FLAGS_NONE, GFP_ATOMIC);
 }
 
@@ -366,7 +366,6 @@ int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
 						    typeof(*rules), list);
 	struct aa_perms perms;
 
-	ad->label = &profile->label;
 	ad->peer = &target->label;
 	ad->request = request;
 
@@ -429,7 +428,7 @@ int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
 	}
 
 	if (ad) {
-		ad->label = &profile->label;
+		ad->subj_label = &profile->label;
 		ad->request = request;
 		ad->denied = denied;
 		ad->error = error;

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
@@ -847,7 +847,6 @@ static int profile_interface_lsm(struct aa_profile *profile,
 	if (state) {
 		perms = *aa_lookup_perms(&rules->policy, state);
 		aa_apply_modes_to_perms(profile, &perms);
-		ad->label = &profile->label;
 
 		return aa_check_perms(profile, &perms, AA_MAY_WRITE, ad, NULL);
 	}
@@ -943,11 +942,11 @@ static int apparmor_setprocattr(const char *name, void *value,
 	return error;
 
 fail:
-	ad.label = begin_current_label_crit_section();
+	ad.subj_label = begin_current_label_crit_section();
 	ad.info = name;
 	ad.error = error = -EINVAL;
 	aa_audit_msg(AUDIT_APPARMOR_DENIED, &ad, NULL);
-	end_current_label_crit_section(ad.label);
+	end_current_label_crit_section(ad.subj_label);
 	goto out;
 }
 

diff --git a/security/apparmor/net.c b/security/apparmor/net.c
@@ -155,7 +155,7 @@ void audit_net_cb(struct audit_buffer *ab, void *va)
 	}
 	if (ad->peer) {
 		audit_log_format(ab, " peer=");
-		aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+		aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
 				FLAGS_NONE, GFP_ATOMIC);
 	}
 }

diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
@@ -724,7 +724,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
 
 /**
  * audit_policy - Do auditing of policy changes
- * @label: label to check if it can manage policy
+ * @subj_label: label to check if it can manage policy
  * @op: policy operation being performed
  * @ns_name: name of namespace being manipulated
  * @name: name of profile being manipulated (NOT NULL)
@@ -733,7 +733,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
  *
  * Returns: the error to be returned after audit is done
  */
-static int audit_policy(struct aa_label *label, const char *op,
+static int audit_policy(struct aa_label *subj_label, const char *op,
 			const char *ns_name, const char *name,
 			const char *info, int error)
 {
@@ -743,7 +743,7 @@ static int audit_policy(struct aa_label *label, const char *op,
 	ad.name = name;
 	ad.info = info;
 	ad.error = error;
-	ad.label = label;
+	ad.subj_label = subj_label;
 
 	aa_audit_msg(AUDIT_APPARMOR_STATUS, &ad, audit_cb);
 

diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
@@ -36,7 +36,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
 			 rlim_names[ad->rlim.rlim], ad->rlim.max);
 	if (ad->peer) {
 		audit_log_format(ab, " peer=");
-		aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+		aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
 				FLAGS_NONE, GFP_ATOMIC);
 	}
 }

diff --git a/security/apparmor/task.c b/security/apparmor/task.c
@@ -220,7 +220,7 @@ static void audit_ptrace_cb(struct audit_buffer *ab, void *va)
 		}
 	}
 	audit_log_format(ab, " peer=");
-	aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+	aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
 			FLAGS_NONE, GFP_ATOMIC);
 }
 
@@ -266,7 +266,7 @@ static int profile_tracer_perm(struct aa_profile *tracer,
 	if (&tracer->label == tracee)
 		return 0;
 
-	ad->label = &tracer->label;
+	ad->subj_label = &tracer->label;
 	ad->peer = tracee;
 	ad->request = 0;
 	ad->error = aa_capable(&tracer->label, CAP_SYS_PTRACE,
@@ -314,7 +314,6 @@ int aa_profile_ns_perm(struct aa_profile *profile,
 {
 	struct aa_perms perms = { };
 
-	ad->label = &profile->label;
 	ad->request = request;
 
 	if (profile_unconfined(profile)) {