apparmor: rename apparmor file fns and data to indicate use

prefixes are used for fns/data that are not static to apparmorfs.c with the prefixes being aafs - special magic apparmorfs for policy namespace data aa_sfs - for fns/data that go into securityfs aa_fs - for fns/data that may be used in the either of aafs or securityfs Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Reviewed-by: Kees Cook <keescook@chromium.org>

apparmor: rename apparmor file fns and data to indicate use
prefixes are used for fns/data that are not static to apparmorfs.c with the prefixes being aafs - special magic apparmorfs for policy namespace data aa_sfs - for fns/data that go into securityfs aa_fs - for fns/data that may be used in the either of aafs or securityfs Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Reviewed-by: Kees Cook <keescook@chromium.org>
c97204ba · John Johansen · a481f4d9 · c97204ba · c97204ba · c97204ba
Commit c97204ba authored May 25, 2017 by John Johansen
9 changed files
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
@@ -20,7 +20,7 @@ cmd_make-caps = echo "static const char *const capability_names[] = {" > $@ ;\
 	sed $< >>$@ -r -n -e '/CAP_FS_MASK/d' \
 	-e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/[\2] = "\L\1",/p';\
 	echo "};" >> $@ ;\
-	printf '%s' '\#define AA_FS_CAPS_MASK "' >> $@ ;\
+	printf '%s' '\#define AA_SFS_CAPS_MASK "' >> $@ ;\
 	sed $< -r -n -e '/CAP_FS_MASK/d' \
 	    -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/\L\1/p' | \
 	     tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
@@ -46,7 +46,7 @@ cmd_make-caps = echo "static const char *const capability_names[] = {" > $@ ;\
 #    #define RLIMIT_FSIZE        1   /* Maximum filesize */
 #    #define RLIMIT_STACK		3	/* max stack size */
 # to
-# #define AA_FS_RLIMIT_MASK "fsize stack"
+# #define AA_SFS_RLIMIT_MASK "fsize stack"
 quiet_cmd_make-rlim = GEN     $@
 cmd_make-rlim = echo "static const char *const rlim_names[RLIM_NLIMITS] = {" \
 	> $@ ;\
@@ -56,7 +56,7 @@ cmd_make-rlim = echo "static const char *const rlim_names[RLIM_NLIMITS] = {" \
 	echo "static const int rlim_map[RLIM_NLIMITS] = {" >> $@ ;\
 	sed -r -n "s/^\# ?define[ \t]+(RLIMIT_[A-Z0-9_]+).*/\1,/p" $< >> $@ ;\
 	echo "};" >> $@ ; \
-	printf '%s' '\#define AA_FS_RLIMIT_MASK "' >> $@ ;\
+	printf '%s' '\#define AA_SFS_RLIMIT_MASK "' >> $@ ;\
 	sed -r -n 's/^\# ?define[ \t]+RLIMIT_([A-Z0-9_]+).*/\L\1/p' $< | \
 	    tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@

--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -28,8 +28,8 @@
 */
 #include "capability_names.h"
-struct aa_fs_entry aa_fs_entry_caps[] = {
+struct aa_sfs_entry aa_sfs_entry_caps[] = {
-	AA_FS_FILE_STRING("mask", AA_FS_CAPS_MASK),
+	AA_SFS_FILE_STRING("mask", AA_SFS_CAPS_MASK),
 	{ }
 };

--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -17,49 +17,49 @@
 extern struct path aa_null;
-enum aa_fs_type {
+enum aa_sfs_type {
-	AA_FS_TYPE_BOOLEAN,
+	AA_SFS_TYPE_BOOLEAN,
-	AA_FS_TYPE_STRING,
+	AA_SFS_TYPE_STRING,
-	AA_FS_TYPE_U64,
+	AA_SFS_TYPE_U64,
-	AA_FS_TYPE_FOPS,
+	AA_SFS_TYPE_FOPS,
-	AA_FS_TYPE_DIR,
+	AA_SFS_TYPE_DIR,
 };
-struct aa_fs_entry;
+struct aa_sfs_entry;
-struct aa_fs_entry {
+struct aa_sfs_entry {
 	const char *name;
 	struct dentry *dentry;
 	umode_t mode;
-	enum aa_fs_type v_type;
+	enum aa_sfs_type v_type;
 	union {
 		bool boolean;
 		char *string;
 		unsigned long u64;
-		struct aa_fs_entry *files;
+		struct aa_sfs_entry *files;
 	} v;
 	const struct file_operations *file_ops;
 };
-extern const struct file_operations aa_fs_seq_file_ops;
+extern const struct file_operations aa_sfs_seq_file_ops;
-#define AA_FS_FILE_BOOLEAN(_name, _value) \
+#define AA_SFS_FILE_BOOLEAN(_name, _value) \
 	{ .name = (_name), .mode = 0444, \
-	  .v_type = AA_FS_TYPE_BOOLEAN, .v.boolean = (_value), \
+	  .v_type = AA_SFS_TYPE_BOOLEAN, .v.boolean = (_value), \
-	  .file_ops = &aa_fs_seq_file_ops }
+	  .file_ops = &aa_sfs_seq_file_ops }
-#define AA_FS_FILE_STRING(_name, _value) \
+#define AA_SFS_FILE_STRING(_name, _value) \
 	{ .name = (_name), .mode = 0444, \
-	  .v_type = AA_FS_TYPE_STRING, .v.string = (_value), \
+	  .v_type = AA_SFS_TYPE_STRING, .v.string = (_value), \
-	  .file_ops = &aa_fs_seq_file_ops }
+	  .file_ops = &aa_sfs_seq_file_ops }
-#define AA_FS_FILE_U64(_name, _value) \
+#define AA_SFS_FILE_U64(_name, _value) \
 	{ .name = (_name), .mode = 0444, \
-	  .v_type = AA_FS_TYPE_U64, .v.u64 = (_value), \
+	  .v_type = AA_SFS_TYPE_U64, .v.u64 = (_value), \
-	  .file_ops = &aa_fs_seq_file_ops }
+	  .file_ops = &aa_sfs_seq_file_ops }
-#define AA_FS_FILE_FOPS(_name, _mode, _fops) \
+#define AA_SFS_FILE_FOPS(_name, _mode, _fops) \
-	{ .name = (_name), .v_type = AA_FS_TYPE_FOPS, \
+	{ .name = (_name), .v_type = AA_SFS_TYPE_FOPS, \
 	  .mode = (_mode), .file_ops = (_fops) }
-#define AA_FS_DIR(_name, _value) \
+#define AA_SFS_DIR(_name, _value) \
-	{ .name = (_name), .v_type = AA_FS_TYPE_DIR, .v.files = (_value) }
+	{ .name = (_name), .v_type = AA_SFS_TYPE_DIR, .v.files = (_value) }
 extern void __init aa_destroy_aafs(void);
@@ -107,12 +107,12 @@ enum aafs_prof_type {
 #define prof_child_dir(X) ((X)->dents[AAFS_PROF_PROFS])
 void __aa_bump_ns_revision(struct aa_ns *ns);
-void __aa_fs_profile_rmdir(struct aa_profile *profile);
+void __aafs_profile_rmdir(struct aa_profile *profile);
-void __aa_fs_profile_migrate_dents(struct aa_profile *old,
+void __aafs_profile_migrate_dents(struct aa_profile *old,
 				   struct aa_profile *new);
-int __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent);
+int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent);
-void __aa_fs_ns_rmdir(struct aa_ns *ns);
+void __aafs_ns_rmdir(struct aa_ns *ns);
-int __aa_fs_ns_mkdir(struct aa_ns *ns, struct dentry *parent,
+int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent,
 		     const char *name);
 struct aa_loaddata;

--- a/security/apparmor/include/capability.h
+++ b/security/apparmor/include/capability.h
@@ -36,7 +36,7 @@ struct aa_caps {
 	kernel_cap_t extended;
 };
-extern struct aa_fs_entry aa_fs_entry_caps[];
+extern struct aa_sfs_entry aa_sfs_entry_caps[];
 int aa_capable(struct aa_profile *profile, int cap, int audit);

--- a/security/apparmor/include/resource.h
+++ b/security/apparmor/include/resource.h
@@ -34,7 +34,7 @@ struct aa_rlimit {
 	struct rlimit limits[RLIM_NLIMITS];
 };
-extern struct aa_fs_entry aa_fs_entry_rlimit[];
+extern struct aa_sfs_entry aa_sfs_entry_rlimit[];
 int aa_map_resource(int resource);
 int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *,

--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -160,7 +160,7 @@ static void __remove_profile(struct aa_profile *profile)
 	__aa_profile_list_release(&profile->base.profiles);
 	/* released by free_profile */
 	__aa_update_proxy(profile, profile->ns->unconfined);
-	__aa_fs_profile_rmdir(profile);
+	__aafs_profile_rmdir(profile);
 	__list_remove_profile(profile);
 }
@@ -784,7 +784,7 @@ static void __replace_profile(struct aa_profile *old, struct aa_profile *new,
 		/* aafs interface uses proxy */
 		rcu_assign_pointer(new->proxy->profile,
 				   aa_get_profile(new));
-	__aa_fs_profile_migrate_dents(old, new);
+	__aafs_profile_migrate_dents(old, new);
 	if (list_empty(&new->base.list)) {
 		/* new is not on a list already */
@@ -971,7 +971,7 @@ ssize_t aa_replace_profiles(struct aa_ns *view, struct aa_profile *profile,
 				parent = prof_child_dir(p);
 			} else
 				parent = ns_subprofs_dir(ent->new->ns);
-			error = __aa_fs_profile_mkdir(ent->new, parent);
+			error = __aafs_profile_mkdir(ent->new, parent);
 		}
 		if (error) {

--- a/security/apparmor/policy_ns.c
+++ b/security/apparmor/policy_ns.c
@@ -196,7 +196,7 @@ static struct aa_ns *__aa_create_ns(struct aa_ns *parent, const char *name,
 	if (!ns)
 		return NULL;
 	mutex_lock(&ns->lock);
-	error = __aa_fs_ns_mkdir(ns, ns_subns_dir(parent), name);
+	error = __aafs_ns_mkdir(ns, ns_subns_dir(parent), name);
 	if (error) {
 		AA_ERROR("Failed to create interface for ns %s\n",
 			 ns->base.name);
@@ -284,7 +284,7 @@ static void destroy_ns(struct aa_ns *ns)
 	if (ns->parent)
 		__aa_update_proxy(ns->unconfined, ns->parent->unconfined);
-	__aa_fs_ns_rmdir(ns);
+	__aafs_ns_rmdir(ns);
 	mutex_unlock(&ns->lock);
 }

--- a/security/apparmor/resource.c
+++ b/security/apparmor/resource.c
@@ -24,8 +24,8 @@
 */
 #include "rlim_names.h"
-struct aa_fs_entry aa_fs_entry_rlimit[] = {
+struct aa_sfs_entry aa_sfs_entry_rlimit[] = {
-	AA_FS_FILE_STRING("mask", AA_FS_RLIMIT_MASK),
+	AA_SFS_FILE_STRING("mask", AA_SFS_RLIMIT_MASK),
 	{ }
 };