From: Ryan Lee <ryan.lee@canonical.com>
Date: Wed, 25 Sep 2024 00:56:05 +0000 (-0700)
Subject: apparmor: document capability.c:profile_capable ad ptr not being NULL
X-Git-Tag: microblaze-v6.16~497^2~7
X-Git-Url: http://git.monstr.eu/?a=commitdiff_plain;h=8532503eac69c65182939d2aefc6d01c9f421a46;p=linux-2.6-microblaze.git

apparmor: document capability.c:profile_capable ad ptr not being NULL

The profile_capabile function takes a struct apparmor_audit_data *ad,
which is documented as possibly being NULL. However, the single place that
calls this function never passes it a NULL ad. If we were ever to call
profile_capable with a NULL ad elsewhere, we would need to rework the
function, as its very first use of ad is to dereference ad->class without
checking if ad is NULL.

Thus, document profile_capable's ad parameter as not accepting NULL.

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
---

diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
index bf7df6086830..630b5f99b313 100644
--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -111,7 +111,7 @@ static int audit_caps(struct apparmor_audit_data *ad, struct aa_profile *profile
  * @profile: profile being enforced    (NOT NULL, NOT unconfined)
  * @cap: capability to test if allowed
  * @opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated
- * @ad: audit data (MAY BE NULL indicating no auditing)
+ * @ad: audit data (NOT NULL)
  *
  * Returns: 0 if allowed else -EPERM
  */