apparmor: combine common_audit_data and apparmor_audit_data

Everywhere where common_audit_data is used apparmor audit_data is also used. We can simplify the code and drop the use of the aad macro everywhere by combining the two structures. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2022-09-14 00:20:12 -0700
committer: John Johansen <john.johansen@canonical.com> 2023-10-18 15:30:29 -0700
commit: bd7bd201ca46c211c3ab251ca9854787d1331a2f (patch)
tree: 4b7abdb8932549682082d9bf01c75c80d8f0e0de /security/apparmor/lib.c
parent: 79ddd4a7c5fa8883f99a88409e5ad9812e484094 (diff)
download: lwn-bd7bd201ca46c211c3ab251ca9854787d1331a2f.tar.gz
lwn-bd7bd201ca46c211c3ab251ca9854787d1331a2f.zip
1 files changed, 24 insertions, 23 deletions
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index 8e1073477c09..d6b2750fd72e 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -144,10 +144,10 @@ const char *aa_splitn_fqname(const char *fqname, size_t n, const char **ns_name,
 void aa_info_message(const char *str)
 {
 	if (audit_enabled) {
-		DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, AA_CLASS_NONE, NULL);
+		DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_NONE, AA_CLASS_NONE, NULL);
 
-		aad(&sa)->info = str;
-		aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL);
+		ad.info = str;
+		aa_audit_msg(AUDIT_APPARMOR_STATUS, &ad, NULL);
 	}
 	printk(KERN_INFO "AppArmor: %s\n", str);
 }
@@ -282,21 +282,22 @@ void aa_audit_perm_mask(struct audit_buffer *ab, u32 mask, const char *chrs,
 static void aa_audit_perms_cb(struct audit_buffer *ab, void *va)
 {
 	struct common_audit_data *sa = va;
+	struct apparmor_audit_data *ad = aad(sa);
 
-	if (aad(sa)->request) {
+	if (ad->request) {
 		audit_log_format(ab, " requested_mask=");
-		aa_audit_perm_mask(ab, aad(sa)->request, aa_file_perm_chrs,
+		aa_audit_perm_mask(ab, ad->request, aa_file_perm_chrs,
 				   PERMS_CHRS_MASK, aa_file_perm_names,
 				   PERMS_NAMES_MASK);
 	}
-	if (aad(sa)->denied) {
+	if (ad->denied) {
 		audit_log_format(ab, "denied_mask=");
-		aa_audit_perm_mask(ab, aad(sa)->denied, aa_file_perm_chrs,
+		aa_audit_perm_mask(ab, ad->denied, aa_file_perm_chrs,
 				   PERMS_CHRS_MASK, aa_file_perm_names,
 				   PERMS_NAMES_MASK);
 	}
 	audit_log_format(ab, " peer=");
-	aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer,
+	aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
 				      FLAGS_NONE, GFP_ATOMIC);
 }
 
@@ -350,21 +351,21 @@ void aa_profile_match_label(struct aa_profile *profile,
 /* currently unused */
 int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
 			  u32 request, int type, u32 *deny,
-			  struct common_audit_data *sa)
+			  struct apparmor_audit_data *ad)
 {
 	struct aa_ruleset *rules = list_first_entry(&profile->rules,
 						    typeof(*rules), list);
 	struct aa_perms perms;
 
-	aad(sa)->label = &profile->label;
-	aad(sa)->peer = &target->label;
-	aad(sa)->request = request;
+	ad->label = &profile->label;
+	ad->peer = &target->label;
+	ad->request = request;
 
 	aa_profile_match_label(profile, rules, &target->label, type, request,
 			       &perms);
 	aa_apply_modes_to_perms(profile, &perms);
 	*deny |= request & perms.deny;
-	return aa_check_perms(profile, &perms, request, sa, aa_audit_perms_cb);
+	return aa_check_perms(profile, &perms, request, ad, aa_audit_perms_cb);
 }
 
 /**
@@ -372,7 +373,7 @@ int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
  * @profile: profile being checked
  * @perms: perms computed for the request
  * @request: requested perms
- * @sa: initialized audit structure (MAY BE NULL if not auditing)
+ * @ad: initialized audit structure (MAY BE NULL if not auditing)
  * @cb: callback fn for type specific fields (MAY BE NULL)
  *
  * Returns: 0 if permission else error code
@@ -385,7 +386,7 @@ int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
  *	 with a positive value.
  */
 int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
-		   u32 request, struct common_audit_data *sa,
+		   u32 request, struct apparmor_audit_data *ad,
 		   void (*cb)(struct audit_buffer *, void *))
 {
 	int type, error;
@@ -394,7 +395,7 @@ int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
 	if (likely(!denied)) {
 		/* mask off perms that are not being force audited */
 		request &= perms->audit;
-		if (!request || !sa)
+		if (!request || !ad)
 			return 0;
 
 		type = AUDIT_APPARMOR_AUDIT;
@@ -413,16 +414,16 @@ int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
 			error = -ENOENT;
 
 		denied &= ~perms->quiet;
-		if (!sa || !denied)
+		if (!ad || !denied)
 			return error;
 	}
 
-	if (sa) {
-		aad(sa)->label = &profile->label;
-		aad(sa)->request = request;
-		aad(sa)->denied = denied;
-		aad(sa)->error = error;
-		aa_audit_msg(type, sa, cb);
+	if (ad) {
+		ad->label = &profile->label;
+		ad->request = request;
+		ad->denied = denied;
+		ad->error = error;
+		aa_audit_msg(type, ad, cb);
 	}
 
 	if (type == AUDIT_APPARMOR_ALLOWED)
author	John Johansen <john.johansen@canonical.com>	2022-09-14 00:20:12 -0700
committer	John Johansen <john.johansen@canonical.com>	2023-10-18 15:30:29 -0700
commit	bd7bd201ca46c211c3ab251ca9854787d1331a2f (patch)
tree	4b7abdb8932549682082d9bf01c75c80d8f0e0de /security/apparmor/lib.c
parent	79ddd4a7c5fa8883f99a88409e5ad9812e484094 (diff)
download	lwn-bd7bd201ca46c211c3ab251ca9854787d1331a2f.tar.gz lwn-bd7bd201ca46c211c3ab251ca9854787d1331a2f.zip