apparmor: rename audit_data->label to audit_data->subj_label
authorJohn Johansen <john.johansen@canonical.com>
Mon, 19 Sep 2022 07:46:09 +0000 (00:46 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 28 Nov 2023 17:20:07 +0000 (17:20 +0000)
[ Upstream commit d20f5a1a6e792d22199c9989ec7ab9e95c48d60c ]

rename audit_data's label field to subj_label to better reflect its
use. Also at the same time drop unneeded assignments to ->subj_label
as the later call to aa_check_perms will do the assignment if needed.

Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Stable-dep-of: 157a3537d6bc ("apparmor: Fix regression in mount mediation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
security/apparmor/audit.c
security/apparmor/file.c
security/apparmor/include/audit.h
security/apparmor/ipc.c
security/apparmor/lib.c
security/apparmor/lsm.c
security/apparmor/net.c
security/apparmor/policy.c
security/apparmor/resource.c
security/apparmor/task.c

index 06ad6a8fcce1890549ffab205aaa1dffd9ac56f2..6933cb2f679b0b816be5151a550a3d668ae1dd65 100644 (file)
@@ -113,8 +113,8 @@ static void audit_pre(struct audit_buffer *ab, void *va)
                        audit_log_format(ab, " error=%d", ad->error);
        }
 
-       if (ad->label) {
-               struct aa_label *label = ad->label;
+       if (ad->subj_label) {
+               struct aa_label *label = ad->subj_label;
 
                if (label_isprofile(label)) {
                        struct aa_profile *profile = labels_profile(label);
@@ -187,7 +187,7 @@ int aa_audit(int type, struct aa_profile *profile,
        if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
                type = AUDIT_APPARMOR_KILL;
 
-       ad->label = &profile->label;
+       ad->subj_label = &profile->label;
 
        aa_audit_msg(type, ad, cb);
 
index 9ea95fa18e7d5f4871cf20c681421cc760662056..5bfa70a972071e499ebd2aabd0b853864f828c4b 100644 (file)
@@ -67,7 +67,7 @@ static void file_audit_cb(struct audit_buffer *ab, void *va)
 
        if (ad->peer) {
                audit_log_format(ab, " target=");
-               aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+               aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
                                FLAG_VIEW_SUBNS, GFP_KERNEL);
        } else if (ad->fs.target) {
                audit_log_format(ab, " target=");
index 85931ec94e916239ff56dcbc988c697f027c77de..096f0a04af87f165035d4859a18803b412eeb0c4 100644 (file)
@@ -109,7 +109,7 @@ struct apparmor_audit_data {
        int type;
        u16 class;
        const char *op;
-       struct aa_label *label;
+       struct aa_label *subj_label;
        const char *name;
        const char *info;
        u32 request;
index f198b8d620a4fb40eb27318e8027e5619a0fe5a5..fd8306399b820c046b94aa74f4e71559cc2e8ee5 100644 (file)
@@ -71,7 +71,7 @@ static void audit_signal_cb(struct audit_buffer *ab, void *va)
                audit_log_format(ab, " signal=rtmin+%d",
                                 ad->signal - SIGRT_BASE);
        audit_log_format(ab, " peer=");
-       aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+       aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
                        FLAGS_NONE, GFP_ATOMIC);
 }
 
index d6b2750fd72e4510443cc41b368190e474da86e9..c87bccafff446c333fd649aae7525bbfdf7488f5 100644 (file)
@@ -297,7 +297,7 @@ static void aa_audit_perms_cb(struct audit_buffer *ab, void *va)
                                   PERMS_NAMES_MASK);
        }
        audit_log_format(ab, " peer=");
-       aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+       aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
                                      FLAGS_NONE, GFP_ATOMIC);
 }
 
@@ -357,7 +357,6 @@ int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
                                                    typeof(*rules), list);
        struct aa_perms perms;
 
-       ad->label = &profile->label;
        ad->peer = &target->label;
        ad->request = request;
 
@@ -419,7 +418,7 @@ int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
        }
 
        if (ad) {
-               ad->label = &profile->label;
+               ad->subj_label = &profile->label;
                ad->request = request;
                ad->denied = denied;
                ad->error = error;
index fd7852a4737c7ec2d30e6fc2dad2103214938a82..359fbfbb4a66e13b0f9e5cac59fbcc1ecf0d246f 100644 (file)
@@ -722,11 +722,11 @@ out:
        return error;
 
 fail:
-       ad.label = begin_current_label_crit_section();
+       ad.subj_label = begin_current_label_crit_section();
        ad.info = name;
        ad.error = error = -EINVAL;
        aa_audit_msg(AUDIT_APPARMOR_DENIED, &ad, NULL);
-       end_current_label_crit_section(ad.label);
+       end_current_label_crit_section(ad.subj_label);
        goto out;
 }
 
index 0c7304cd479c563ba499eb9a21b5d96d9c9662a6..5e50f80e35db07a65e9a88e942b8100117a95724 100644 (file)
@@ -100,7 +100,7 @@ void audit_net_cb(struct audit_buffer *ab, void *va)
        }
        if (ad->peer) {
                audit_log_format(ab, " peer=");
-               aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+               aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
                                FLAGS_NONE, GFP_ATOMIC);
        }
 }
index 9a7dbe64f102bea35968696efe94fc13635ee424..e5f1ef83b0fda61e8dff886600523b41aa70863b 100644 (file)
@@ -733,7 +733,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
 
 /**
  * audit_policy - Do auditing of policy changes
- * @label: label to check if it can manage policy
+ * @subj_label: label to check if it can manage policy
  * @op: policy operation being performed
  * @ns_name: name of namespace being manipulated
  * @name: name of profile being manipulated (NOT NULL)
@@ -742,7 +742,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
  *
  * Returns: the error to be returned after audit is done
  */
-static int audit_policy(struct aa_label *label, const char *op,
+static int audit_policy(struct aa_label *subj_label, const char *op,
                        const char *ns_name, const char *name,
                        const char *info, int error)
 {
@@ -752,7 +752,7 @@ static int audit_policy(struct aa_label *label, const char *op,
        ad.name = name;
        ad.info = info;
        ad.error = error;
-       ad.label = label;
+       ad.subj_label = subj_label;
 
        aa_audit_msg(AUDIT_APPARMOR_STATUS, &ad, audit_cb);
 
index b6b5e1bfe9a26f420c706d65c87d361dfdb2ed40..73ba26c646a5e5c6d53befa85da1f16f9b0101a5 100644 (file)
@@ -36,7 +36,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
                         rlim_names[ad->rlim.rlim], ad->rlim.max);
        if (ad->peer) {
                audit_log_format(ab, " peer=");
-               aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+               aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
                                FLAGS_NONE, GFP_ATOMIC);
        }
 }
index 8bd1f212215c4a9e460dca98ff19d111fcf76c20..79850e8321420f2c080bac686cd185dacba38546 100644 (file)
@@ -220,7 +220,7 @@ static void audit_ptrace_cb(struct audit_buffer *ab, void *va)
                }
        }
        audit_log_format(ab, " peer=");
-       aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
+       aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
                        FLAGS_NONE, GFP_ATOMIC);
 }
 
@@ -266,7 +266,7 @@ static int profile_tracer_perm(struct aa_profile *tracer,
        if (&tracer->label == tracee)
                return 0;
 
-       ad->label = &tracer->label;
+       ad->subj_label = &tracer->label;
        ad->peer = tracee;
        ad->request = 0;
        ad->error = aa_capable(&tracer->label, CAP_SYS_PTRACE,