The profile_capabile function takes a struct apparmor_audit_data *ad, which is documented as possibly being NULL. However, the single place that calls this function never passes it a NULL ad. If we were ever to call profile_capable with a NULL ad elsewhere, we would need to rework the function, as its very first use of ad is to dereference ad->class without checking if ad is NULL.
Thus, document profile_capable's ad parameter as not accepting NULL. Signed-off-by: Ryan Lee <ryan....@canonical.com> --- security/apparmor/capability.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c index 61d7ab4255b0..9f89e8b94993 100644 --- a/security/apparmor/capability.c +++ b/security/apparmor/capability.c @@ -115,7 +115,7 @@ static int audit_caps(struct apparmor_audit_data *ad, struct aa_profile *profile * @profile: profile being enforced (NOT NULL, NOT unconfined) * @cap: capability to test if allowed * @opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated - * @ad: audit data (MAY BE NULL indicating no auditing) + * @ad: audit data (NOT NULL) * * Returns: 0 if allowed else -EPERM */ -- 2.43.0
