From: Tyler Hicks <code@tyhicks.com>
To: Quanfa Fu <quanfafu@gmail.com>
Cc: john.johansen@canonical.com, paul@paul-moore.com,
jmorris@namei.org, serge@hallyn.com,
linux-security-module@vger.kernel.org, apparmor@lists.ubuntu.com,
linux-kernel@vger.kernel.org
Subject: Re: [apparmor] [PATCH] apparmor: make aa_set_current_onexec return void
Date: Tue, 17 Jan 2023 22:15:57 -0600 [thread overview]
Message-ID: <Y8dyfZIAhFfIvVBn@sequoia> (raw)
In-Reply-To: <20230114164952.232653-1-quanfafu@gmail.com>
On 2023-01-15 00:49:52, Quanfa Fu wrote:
> Change the return type to void since it always return 0, and no need
> to do the checking in aa_set_current_onexec.
>
> Signed-off-by: Quanfa Fu <quanfafu@gmail.com>
This looks like a safe change to me. There's nothing to error check
within aa_set_current_onexec() so returning void is fine.
Reviewed-by: "Tyler Hicks (Microsoft)" <code@tyhicks.com>
Tyler
> ---
> security/apparmor/domain.c | 2 +-
> security/apparmor/include/task.h | 2 +-
> security/apparmor/task.c | 5 +----
> 3 files changed, 3 insertions(+), 6 deletions(-)
>
> diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
> index 6dd3cc5309bf..bbc9c8a87b8e 100644
> --- a/security/apparmor/domain.c
> +++ b/security/apparmor/domain.c
> @@ -1446,7 +1446,7 @@ int aa_change_profile(const char *fqname, int flags)
> }
>
> /* full transition will be built in exec path */
> - error = aa_set_current_onexec(target, stack);
> + aa_set_current_onexec(target, stack);
> }
>
> audit:
> diff --git a/security/apparmor/include/task.h b/security/apparmor/include/task.h
> index 13437d62c70f..01717fe432c3 100644
> --- a/security/apparmor/include/task.h
> +++ b/security/apparmor/include/task.h
> @@ -30,7 +30,7 @@ struct aa_task_ctx {
> };
>
> int aa_replace_current_label(struct aa_label *label);
> -int aa_set_current_onexec(struct aa_label *label, bool stack);
> +void aa_set_current_onexec(struct aa_label *label, bool stack);
> int aa_set_current_hat(struct aa_label *label, u64 token);
> int aa_restore_previous_label(u64 cookie);
> struct aa_label *aa_get_task_label(struct task_struct *task);
> diff --git a/security/apparmor/task.c b/security/apparmor/task.c
> index 84d16a29bfcb..5671a716fcd2 100644
> --- a/security/apparmor/task.c
> +++ b/security/apparmor/task.c
> @@ -93,9 +93,8 @@ int aa_replace_current_label(struct aa_label *label)
> * aa_set_current_onexec - set the tasks change_profile to happen onexec
> * @label: system label to set at exec (MAYBE NULL to clear value)
> * @stack: whether stacking should be done
> - * Returns: 0 or error on failure
> */
> -int aa_set_current_onexec(struct aa_label *label, bool stack)
> +void aa_set_current_onexec(struct aa_label *label, bool stack)
> {
> struct aa_task_ctx *ctx = task_ctx(current);
>
> @@ -103,8 +102,6 @@ int aa_set_current_onexec(struct aa_label *label, bool stack)
> aa_put_label(ctx->onexec);
> ctx->onexec = label;
> ctx->token = stack;
> -
> - return 0;
> }
>
> /**
> --
> 2.31.1
>
>
next prev parent reply other threads:[~2023-01-18 4:16 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-14 16:49 [PATCH] apparmor: make aa_set_current_onexec return void Quanfa Fu
2023-01-18 4:15 ` Tyler Hicks [this message]
2023-01-18 6:45 ` [apparmor] " John Johansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y8dyfZIAhFfIvVBn@sequoia \
--to=code@tyhicks.com \
--cc=apparmor@lists.ubuntu.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=quanfafu@gmail.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.