diff options
| author | Ryan Lee <ryan.lee@canonical.com> | 2024-09-25 02:56:05 +0200 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2024-11-27 04:21:06 +0100 |
| commit | 8532503eac69c65182939d2aefc6d01c9f421a46 (patch) | |
| tree | 9ee019594f27d331a1564b9dd9d52fa77f729959 /security/apparmor | |
| parent | apparmor: fix 'Do simple duplicate message elimination' (diff) | |
| download | linux-8532503eac69c65182939d2aefc6d01c9f421a46.tar.xz linux-8532503eac69c65182939d2aefc6d01c9f421a46.zip | |
apparmor: document capability.c:profile_capable ad ptr not being NULL
The profile_capabile function takes a struct apparmor_audit_data *ad,
which is documented as possibly being NULL. However, the single place that
calls this function never passes it a NULL ad. If we were ever to call
profile_capable with a NULL ad elsewhere, we would need to rework the
function, as its very first use of ad is to dereference ad->class without
checking if ad is NULL.
Thus, document profile_capable's ad parameter as not accepting NULL.
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
| -rw-r--r-- | security/apparmor/capability.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c index bf7df6086830..630b5f99b313 100644 --- a/security/apparmor/capability.c +++ b/security/apparmor/capability.c @@ -111,7 +111,7 @@ static int audit_caps(struct apparmor_audit_data *ad, struct aa_profile *profile * @profile: profile being enforced (NOT NULL, NOT unconfined) * @cap: capability to test if allowed * @opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated - * @ad: audit data (MAY BE NULL indicating no auditing) + * @ad: audit data (NOT NULL) * * Returns: 0 if allowed else -EPERM */ |