diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index 78078b84acad4..fd75706a1c8b6 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c @@ -114,8 +114,8 @@ static void audit_pre(struct audit_buffer *ab, void *ca) audit_log_format(ab, " error=%d", ad->error); } - if (ad->label) { - struct aa_label *label = ad->label; + if (ad->subj_label) { + struct aa_label *label = ad->subj_label; if (label_isprofile(label)) { struct aa_profile *profile = labels_profile(label); @@ -187,7 +187,7 @@ int aa_audit(int type, struct aa_profile *profile, if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED) type = AUDIT_APPARMOR_KILL; - ad->label = &profile->label; + ad->subj_label = &profile->label; aa_audit_msg(type, ad, cb); diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 36b4e9e4e1be3..68c2f7bc5d79b 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -69,7 +69,7 @@ static void file_audit_cb(struct audit_buffer *ab, void *va) if (ad->peer) { audit_log_format(ab, " target="); - aa_label_xaudit(ab, labels_ns(ad->label), ad->peer, + aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, FLAG_VIEW_SUBNS, GFP_KERNEL); } else if (ad->fs.target) { audit_log_format(ab, " target="); diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index 3bbd351d0a3e6..ac48f3f1439c3 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -110,7 +110,7 @@ struct apparmor_audit_data { int type; u16 class; const char *op; - struct aa_label *label; + struct aa_label *subj_label; const char *name; const char *info; u32 request; diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c index 9134edd76b24c..329a2f7457a73 100644 --- a/security/apparmor/ipc.c +++ b/security/apparmor/ipc.c @@ -74,7 +74,7 @@ static void audit_signal_cb(struct audit_buffer *ab, void *va) audit_log_format(ab, " signal=rtmin+%d", ad->signal - SIGRT_BASE); audit_log_format(ab, " peer="); - aa_label_xaudit(ab, labels_ns(ad->label), ad->peer, + aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, FLAGS_NONE, GFP_ATOMIC); } @@ -131,7 +131,7 @@ static void audit_mqueue_cb(struct audit_buffer *ab, void *va) } if (ad->peer) { audit_log_format(ab, " olabel="); - aa_label_xaudit(ab, labels_ns(ad->label), ad->peer, + aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, FLAGS_NONE, GFP_ATOMIC); } } @@ -150,8 +150,6 @@ int aa_profile_mqueue_perm(struct aa_profile *profile, const struct path *path, !RULE_MEDIATES(rules, AA_CLASS_POSIX_MQUEUE)) return 0; - ad->label = &profile->label; - name = dentry_path_raw(path->dentry, buffer, aa_g_path_max); if (IS_ERR(name)) return PTR_ERR(name); diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index 6e3f91db14b8b..889c6f79bb818 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c @@ -306,7 +306,7 @@ static void aa_audit_perms_cb(struct audit_buffer *ab, void *va) aa_audit_perms(ab, ad, aa_file_perm_chrs, PERMS_CHRS_MASK, aa_base_perm_names, PERMS_NAMES_MASK); audit_log_format(ab, " peer="); - aa_label_xaudit(ab, labels_ns(ad->label), ad->peer, + aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, FLAGS_NONE, GFP_ATOMIC); } @@ -366,7 +366,6 @@ int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target, typeof(*rules), list); struct aa_perms perms; - ad->label = &profile->label; ad->peer = &target->label; ad->request = request; @@ -429,7 +428,7 @@ int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms, } if (ad) { - ad->label = &profile->label; + ad->subj_label = &profile->label; ad->request = request; ad->denied = denied; ad->error = error; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 51652429fb81a..d68d55122cf10 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -847,7 +847,6 @@ static int profile_interface_lsm(struct aa_profile *profile, if (state) { perms = *aa_lookup_perms(&rules->policy, state); aa_apply_modes_to_perms(profile, &perms); - ad->label = &profile->label; return aa_check_perms(profile, &perms, AA_MAY_WRITE, ad, NULL); } @@ -943,11 +942,11 @@ static int apparmor_setprocattr(const char *name, void *value, return error; fail: - ad.label = begin_current_label_crit_section(); + ad.subj_label = begin_current_label_crit_section(); ad.info = name; ad.error = error = -EINVAL; aa_audit_msg(AUDIT_APPARMOR_DENIED, &ad, NULL); - end_current_label_crit_section(ad.label); + end_current_label_crit_section(ad.subj_label); goto out; } diff --git a/security/apparmor/net.c b/security/apparmor/net.c index f4b675bdc0a58..a3ae32ecc1362 100644 --- a/security/apparmor/net.c +++ b/security/apparmor/net.c @@ -155,7 +155,7 @@ void audit_net_cb(struct audit_buffer *ab, void *va) } if (ad->peer) { audit_log_format(ab, " peer="); - aa_label_xaudit(ab, labels_ns(ad->label), ad->peer, + aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, FLAGS_NONE, GFP_ATOMIC); } } diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index eca7ee47670bc..d526ffbfb32e2 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -724,7 +724,7 @@ static void audit_cb(struct audit_buffer *ab, void *va) /** * audit_policy - Do auditing of policy changes - * @label: label to check if it can manage policy + * @subj_label: label to check if it can manage policy * @op: policy operation being performed * @ns_name: name of namespace being manipulated * @name: name of profile being manipulated (NOT NULL) @@ -733,7 +733,7 @@ static void audit_cb(struct audit_buffer *ab, void *va) * * Returns: the error to be returned after audit is done */ -static int audit_policy(struct aa_label *label, const char *op, +static int audit_policy(struct aa_label *subj_label, const char *op, const char *ns_name, const char *name, const char *info, int error) { @@ -743,7 +743,7 @@ static int audit_policy(struct aa_label *label, const char *op, ad.name = name; ad.info = info; ad.error = error; - ad.label = label; + ad.subj_label = subj_label; aa_audit_msg(AUDIT_APPARMOR_STATUS, &ad, audit_cb); diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c index f6c1cb4d6033f..a68dc09b1e721 100644 --- a/security/apparmor/resource.c +++ b/security/apparmor/resource.c @@ -36,7 +36,7 @@ static void audit_cb(struct audit_buffer *ab, void *va) rlim_names[ad->rlim.rlim], ad->rlim.max); if (ad->peer) { audit_log_format(ab, " peer="); - aa_label_xaudit(ab, labels_ns(ad->label), ad->peer, + aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, FLAGS_NONE, GFP_ATOMIC); } } diff --git a/security/apparmor/task.c b/security/apparmor/task.c index 104892faf6f7c..31d4e8e9b30a2 100644 --- a/security/apparmor/task.c +++ b/security/apparmor/task.c @@ -220,7 +220,7 @@ static void audit_ptrace_cb(struct audit_buffer *ab, void *va) } } audit_log_format(ab, " peer="); - aa_label_xaudit(ab, labels_ns(ad->label), ad->peer, + aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer, FLAGS_NONE, GFP_ATOMIC); } @@ -266,7 +266,7 @@ static int profile_tracer_perm(struct aa_profile *tracer, if (&tracer->label == tracee) return 0; - ad->label = &tracer->label; + ad->subj_label = &tracer->label; ad->peer = tracee; ad->request = 0; ad->error = aa_capable(&tracer->label, CAP_SYS_PTRACE, @@ -314,7 +314,6 @@ int aa_profile_ns_perm(struct aa_profile *profile, { struct aa_perms perms = { }; - ad->label = &profile->label; ad->request = request; if (profile_unconfined(profile)) {