Commit f9c9dce0 authored by Peng Jiang's avatar Peng Jiang Committed by John Johansen
Browse files

apparmor: fix documentation mismatches in val_mask_to_str and socket functions 



This patch fixes kernel-doc warnings:
1. val_mask_to_str:
- Added missing descriptions for `size` and `table` parameters.
- Removed outdated str_size and chrs references.
2. Socket Functions:
- Makes non-null requirements clear for socket/address args.
- Standardizes return values per kernel conventions.
- Adds Unix domain socket protocol details.

These changes silence doc validation warnings and improve accuracy for
AppArmor LSM docs.

Signed-off-by: default avatarPeng Jiang <jiang.peng9@zte.com.cn>
Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent 4ce7d3cf

security/apparmor/lib.c

+1 −1
Original line number Diff line number Diff line
@@ -85,7 +85,7 @@ int aa_parse_debug_params(const char *str) 
 * val_mask_to_str - convert a perm mask to its short string

 * @str: character buffer to store string in (at least 10 characters)

 * @size: size of the @str buffer

 * @table: NUL-terminated character buffer of permission characters

 * @table: NUL-terminated character buffer of permission characters (NOT NULL)

 * @mask: permission mask to convert

 */

static int val_mask_to_str(char *str, size_t size,

security/apparmor/lsm.c

+22 −2
Original line number Diff line number Diff line
@@ -1186,6 +1186,10 @@ static void unix_connect_peers(struct aa_sk_ctx *sk_ctx, 
 * @peer_sk: sk that is accepting the connection

 * @newsk: new sk created for this connection

 * peer is locked when this hook is called

 *

 * Return:

 *   0 if connection is permitted

 *   error code on denial or failure

 */

static int apparmor_unix_stream_connect(struct sock *sk, struct sock *peer_sk,

					struct sock *newsk)
@@ -1221,8 +1225,16 @@ static int apparmor_unix_stream_connect(struct sock *sk, struct sock *peer_sk, 
 * @sock: socket sending the message

 * @peer: socket message is being send to

 *

 * Performs bidirectional permission checks for Unix domain socket communication:

 * 1. Verifies sender has AA_MAY_SEND to target socket

 * 2. Verifies receiver has AA_MAY_RECEIVE from source socket

 *

 * sock and peer are locked when this hook is called

 * called by: dgram_connect peer setup but path not copied to newsk

 *

 * Return:

 *   0 if transmission is permitted

 *   error code on denial or failure

 */

static int apparmor_unix_may_send(struct socket *sock, struct socket *peer)

{
@@ -1339,9 +1351,17 @@ static int apparmor_socket_socketpair(struct socket *socka, 


/**

 * apparmor_socket_bind - check perms before bind addr to socket

 * @sock: socket to bind the address to

 * @address: address that is being bound

 * @sock: socket to bind the address to (must be non-NULL)

 * @address: address that is being bound (must be non-NULL)

 * @addrlen: length of @address

 *

 * Performs security checks before allowing a socket to bind to an address.

 * Handles Unix domain sockets specially through aa_unix_bind_perm().

 * For other socket families, uses generic permission check via aa_sk_perm().

 *

 * Return:

 *   0 if binding is permitted

 *   error code on denial or invalid parameters

 */

static int apparmor_socket_bind(struct socket *sock,

				struct sockaddr *address, int addrlen)