On 9/24/24 17:56, Ryan Lee wrote:
The profile_capabile function takes a struct apparmor_audit_data *ad,
which is documented as possibly being NULL. However, the single place that
calls this function never passes it a NULL ad. If we were ever to call
profile_capable with a NULL ad elsewhere, we would need to rework the
function, as its very first use of ad is to dereference ad->class without
checking if ad is NULL.
Thus, document profile_capable's ad parameter as not accepting NULL.
Signed-off-by: Ryan Lee <ryan....@canonical.com>
Acked-by: John Johansen <john.johan...@canonical.com>
I have pulled it into my tree
---
security/apparmor/capability.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
index 61d7ab4255b0..9f89e8b94993 100644
--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -115,7 +115,7 @@ static int audit_caps(struct apparmor_audit_data *ad,
struct aa_profile *profile
* @profile: profile being enforced (NOT NULL, NOT unconfined)
* @cap: capability to test if allowed
* @opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated
- * @ad: audit data (MAY BE NULL indicating no auditing)
+ * @ad: audit data (NOT NULL)
*
* Returns: 0 if allowed else -EPERM
*/
