summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorRyan Lee <ryan.lee@canonical.com>2024-09-24 17:56:05 -0700
committerJohn Johansen <john.johansen@canonical.com>2024-11-26 19:21:06 -0800
commit8532503eac69c65182939d2aefc6d01c9f421a46 (patch)
tree9ee019594f27d331a1564b9dd9d52fa77f729959 /security
parent9b897132424fe76bf6c61f22f9cf12af7f1d1e6a (diff)
apparmor: document capability.c:profile_capable ad ptr not being NULL
The profile_capabile function takes a struct apparmor_audit_data *ad, which is documented as possibly being NULL. However, the single place that calls this function never passes it a NULL ad. If we were ever to call profile_capable with a NULL ad elsewhere, we would need to rework the function, as its very first use of ad is to dereference ad->class without checking if ad is NULL. Thus, document profile_capable's ad parameter as not accepting NULL. Signed-off-by: Ryan Lee <ryan.lee@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/capability.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
index bf7df6086830..630b5f99b313 100644
--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -111,7 +111,7 @@ static int audit_caps(struct apparmor_audit_data *ad, struct aa_profile *profile
* @profile: profile being enforced (NOT NULL, NOT unconfined)
* @cap: capability to test if allowed
* @opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated
- * @ad: audit data (MAY BE NULL indicating no auditing)
+ * @ad: audit data (NOT NULL)
*
* Returns: 0 if allowed else -EPERM
*/