audit_log_format(ab, " error=%d", ad->error);
}
- if (ad->label) {
- struct aa_label *label = ad->label;
+ if (ad->subj_label) {
+ struct aa_label *label = ad->subj_label;
if (label_isprofile(label)) {
struct aa_profile *profile = labels_profile(label);
if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
type = AUDIT_APPARMOR_KILL;
- ad->label = &profile->label;
+ ad->subj_label = &profile->label;
aa_audit_msg(type, ad, cb);
if (ad->peer) {
audit_log_format(ab, " target=");
- aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+ aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
FLAG_VIEW_SUBNS, GFP_KERNEL);
} else if (ad->fs.target) {
audit_log_format(ab, " target=");
int type;
u16 class;
const char *op;
- struct aa_label *label;
+ struct aa_label *subj_label;
const char *name;
const char *info;
u32 request;
audit_log_format(ab, " signal=rtmin+%d",
ad->signal - SIGRT_BASE);
audit_log_format(ab, " peer=");
- aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+ aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
FLAGS_NONE, GFP_ATOMIC);
}
PERMS_NAMES_MASK);
}
audit_log_format(ab, " peer=");
- aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+ aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
FLAGS_NONE, GFP_ATOMIC);
}
typeof(*rules), list);
struct aa_perms perms;
- ad->label = &profile->label;
ad->peer = &target->label;
ad->request = request;
}
if (ad) {
- ad->label = &profile->label;
+ ad->subj_label = &profile->label;
ad->request = request;
ad->denied = denied;
ad->error = error;
return error;
fail:
- ad.label = begin_current_label_crit_section();
+ ad.subj_label = begin_current_label_crit_section();
ad.info = name;
ad.error = error = -EINVAL;
aa_audit_msg(AUDIT_APPARMOR_DENIED, &ad, NULL);
- end_current_label_crit_section(ad.label);
+ end_current_label_crit_section(ad.subj_label);
goto out;
}
}
if (ad->peer) {
audit_log_format(ab, " peer=");
- aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+ aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
FLAGS_NONE, GFP_ATOMIC);
}
}
/**
* audit_policy - Do auditing of policy changes
- * @label: label to check if it can manage policy
+ * @subj_label: label to check if it can manage policy
* @op: policy operation being performed
* @ns_name: name of namespace being manipulated
* @name: name of profile being manipulated (NOT NULL)
*
* Returns: the error to be returned after audit is done
*/
-static int audit_policy(struct aa_label *label, const char *op,
+static int audit_policy(struct aa_label *subj_label, const char *op,
const char *ns_name, const char *name,
const char *info, int error)
{
ad.name = name;
ad.info = info;
ad.error = error;
- ad.label = label;
+ ad.subj_label = subj_label;
aa_audit_msg(AUDIT_APPARMOR_STATUS, &ad, audit_cb);
rlim_names[ad->rlim.rlim], ad->rlim.max);
if (ad->peer) {
audit_log_format(ab, " peer=");
- aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+ aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
FLAGS_NONE, GFP_ATOMIC);
}
}
}
}
audit_log_format(ab, " peer=");
- aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+ aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
FLAGS_NONE, GFP_ATOMIC);
}
if (&tracer->label == tracee)
return 0;
- ad->label = &tracer->label;
+ ad->subj_label = &tracer->label;
ad->peer = tracee;
ad->request = 0;
ad->error = aa_capable(&tracer->label, CAP_SYS_PTRACE,