[apparmor] [PATCH] apparmor: document capability.c:profile_capable ad ptr not being NULL
John Johansen
john.johansen at canonical.com
Sat Nov 9 20:20:33 UTC 2024
On 9/24/24 17:56, Ryan Lee wrote:
> The profile_capabile function takes a struct apparmor_audit_data *ad,
> which is documented as possibly being NULL. However, the single place that
> calls this function never passes it a NULL ad. If we were ever to call
> profile_capable with a NULL ad elsewhere, we would need to rework the
> function, as its very first use of ad is to dereference ad->class without
> checking if ad is NULL.
>
> Thus, document profile_capable's ad parameter as not accepting NULL.
>
> Signed-off-by: Ryan Lee <ryan.lee at canonical.com>
Acked-by: John Johansen <john.johansen at canonical.com>
I have pulled it into my tree
> ---
> security/apparmor/capability.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
> index 61d7ab4255b0..9f89e8b94993 100644
> --- a/security/apparmor/capability.c
> +++ b/security/apparmor/capability.c
> @@ -115,7 +115,7 @@ static int audit_caps(struct apparmor_audit_data *ad, struct aa_profile *profile
> * @profile: profile being enforced (NOT NULL, NOT unconfined)
> * @cap: capability to test if allowed
> * @opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated
> - * @ad: audit data (MAY BE NULL indicating no auditing)
> + * @ad: audit data (NOT NULL)
> *
> * Returns: 0 if allowed else -EPERM
> */
More information about the AppArmor
mailing list