[apparmor] [PATCH 2/4] libapparmor: Update code to correctly use the terms context and label

Mon Feb 9 22:37:57 UTC 2015

Adjust the libapparmor function prototypes, variable names, and comments
that incorrectly used the name "con" when referring to the label.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 libraries/libapparmor/include/sys/apparmor.h  |   9 ++-
 libraries/libapparmor/src/kernel_interface.c  | 112 +++++++++++++-------------
 libraries/libapparmor/swig/SWIG/libapparmor.i |   6 +-
 3 files changed, 64 insertions(+), 63 deletions(-)

diff --git a/libraries/libapparmor/include/sys/apparmor.h b/libraries/libapparmor/include/sys/apparmor.h
index 12a7691..361cde8 100644
--- a/libraries/libapparmor/include/sys/apparmor.h
+++ b/libraries/libapparmor/include/sys/apparmor.h
@@ -62,11 +62,12 @@ extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);
  */
 extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
 			      char **mode);
-extern int aa_getprocattr(pid_t tid, const char *attr, char **con, char **mode);
-extern int aa_gettaskcon(pid_t target, char **con, char **mode);
-extern int aa_getcon(char **con, char **mode);
+extern int aa_getprocattr(pid_t tid, const char *attr, char **label,
+			  char **mode);
+extern int aa_gettaskcon(pid_t target, char **label, char **mode);
+extern int aa_getcon(char **label, char **mode);
 extern int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode);
-extern int aa_getpeercon(int fd, char **con, char **mode);
+extern int aa_getpeercon(int fd, char **label, char **mode);
 
 /* A NUL character is used to separate the query command prefix string from the
  * rest of the query string. The query command sizes intentionally include the
diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c
index e3ef04a..de856f7 100644
--- a/libraries/libapparmor/src/kernel_interface.c
+++ b/libraries/libapparmor/src/kernel_interface.c
@@ -152,13 +152,13 @@ static char *procattr_path(pid_t pid, const char *attr)
 }
 
 /**
- * parse_confinement_mode - get the mode from the confinement string
- * @con: the confinement string
- * @size: size of the confinement string
+ * parse_confinement_mode - get the mode from the confinement context
+ * @con: the confinement context
+ * @size: size of the confinement context
  *
  * Modifies con to NUL-terminate the label string and the mode string.
  *
- * Returns: a pointer to the NUL-terminated mode inside the confinement string
+ * Returns: a pointer to the NUL-terminated mode inside the confinement context
  * or NULL if the mode was not found
  */
 static char *parse_confinement_mode(char *con, int size)
@@ -262,27 +262,27 @@ out:
 #define INITIAL_GUESS_SIZE 128
 
 /**
- * aa_getprocattr - get the contents of @attr for @tid into @buf
+ * aa_getprocattr - get the contents of @attr for @tid into @label and @mode
  * @tid: tid of task to query
  * @attr: which /proc/<tid>/attr/<attr> to query
- * @con: allocated buffer the result is stored in
- * @mode: if non-NULL and a mode is present, will point to mode string in @con
+ * @label: allocated buffer the label is stored in
+ * @mode: if non-NULL and a mode is present, will point to mode string in @label
  *
  * Returns: size of data read or -1 on error, and sets errno
  *
- * Guarantees that @con and @mode are null terminated.  The length returned
- * is for all data including both @con and @mode, and maybe > than strlen(@con)
- * even if @mode is NULL
+ * Guarantees that @label and @mode are null terminated.  The length returned
+ * is for all data including both @label and @mode, and maybe > than
+ * strlen(@label) even if @mode is NULL
  *
- * Caller is responsible for freeing the buffer returned in @con.  @mode is
- * always contained within @con's buffer and so NEVER do free(@mode)
+ * Caller is responsible for freeing the buffer returned in @label.  @mode is
+ * always contained within @label's buffer and so NEVER do free(@mode)
  */
-int aa_getprocattr(pid_t tid, const char *attr, char **con, char **mode)
+int aa_getprocattr(pid_t tid, const char *attr, char **label, char **mode)
 {
 	int rc, size = INITIAL_GUESS_SIZE/2;
 	char *buffer = NULL;
 
-	if (!con) {
+	if (!label) {
 		errno = EINVAL;
 		return -1;
 	}
@@ -299,11 +299,11 @@ int aa_getprocattr(pid_t tid, const char *attr, char **con, char **mode)
 
 	if (rc == -1) {
 		free(buffer);
-		*con = NULL;
+		*label = NULL;
 		if (mode)
 			*mode = NULL;
 	} else
-		*con = buffer;
+		*label = buffer;
 
 	return rc;
 }
@@ -527,42 +527,42 @@ int (aa_change_hat_vargs)(unsigned long token, int nhats, ...)
 }
 
 /**
- * aa_gettaskcon - get the confinement for task @target in an allocated buffer
+ * aa_gettaskcon - get the confinement context for task @target in an allocated buffer
  * @target: task to query
- * @con: pointer to returned buffer with the confinement string
- * @mode: if non-NULL and a mode is present, will point to mode string in @con
+ * @label: pointer to returned buffer with the label
+ * @mode: if non-NULL and a mode is present, will point to mode string in @label
  *
- * Returns: length of confinement data or -1 on error and sets errno
+ * Returns: length of confinement context or -1 on error and sets errno
  *
- * Guarantees that @con and @mode are null terminated.  The length returned
- * is for all data including both @con and @mode, and maybe > than strlen(@con)
- * even if @mode is NULL
+ * Guarantees that @label and @mode are null terminated.  The length returned
+ * is for all data including both @label and @mode, and maybe > than
+ * strlen(@label) even if @mode is NULL
  *
- * Caller is responsible for freeing the buffer returned in @con.  @mode is
- * always contained within @con's buffer and so NEVER do free(@mode)
+ * Caller is responsible for freeing the buffer returned in @label.  @mode is
+ * always contained within @label's buffer and so NEVER do free(@mode)
  */
-int aa_gettaskcon(pid_t target, char **con, char **mode)
+int aa_gettaskcon(pid_t target, char **label, char **mode)
 {
-	return aa_getprocattr(target, "current", con, mode);
+	return aa_getprocattr(target, "current", label, mode);
 }
 
 /**
- * aa_getcon - get the confinement for current task in an allocated buffer
- * @con: pointer to return buffer with the confinement if successful
- * @mode: if non-NULL and a mode is present, will point to mode string in @con
+ * aa_getcon - get the confinement context for current task in an allocated buffer
+ * @label: pointer to return buffer with the label if successful
+ * @mode: if non-NULL and a mode is present, will point to mode string in @label
  *
- * Returns: length of confinement data or -1 on error and sets errno
+ * Returns: length of confinement context or -1 on error and sets errno
  *
- * Guarantees that @con and @mode are null terminated.  The length returned
- * is for all data including both @con and @mode, and may > than strlen(@con)
- * even if @mode is NULL
+ * Guarantees that @label and @mode are null terminated.  The length returned
+ * is for all data including both @label and @mode, and may > than
+ * strlen(@label) even if @mode is NULL
  *
- * Caller is responsible for freeing the buffer returned in @con.  @mode is
- * always contained within @con's buffer and so NEVER do free(@mode)
+ * Caller is responsible for freeing the buffer returned in @label.  @mode is
+ * always contained within @label's buffer and so NEVER do free(@mode)
  */
-int aa_getcon(char **con, char **mode)
+int aa_getcon(char **label, char **mode)
 {
-	return aa_gettaskcon(aa_gettid(), con, mode);
+	return aa_gettaskcon(aa_gettid(), label, mode);
 }
 
 
@@ -571,14 +571,14 @@ int aa_getcon(char **con, char **mode)
 #endif
 
 /**
- * aa_getpeercon_raw - get the confinement of the socket's peer (other end)
- * @fd: socket to get peer confinement for
+ * aa_getpeercon_raw - get the confinement context of the socket's peer (other end)
+ * @fd: socket to get peer confinement context for
  * @buf: buffer to store the result in
  * @len: initially contains size of the buffer, returns size of data read
  * @mode: if non-NULL and a mode is present, will point to mode string in @buf
  *
- * Returns: length of confinement data including null termination or -1 on error
- *          if errno == ERANGE then @len will hold the size needed
+ * Returns: length of confinement context including null termination or -1 on
+ *          error if errno == ERANGE then @len will hold the size needed
  */
 int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode)
 {
@@ -620,26 +620,26 @@ out:
 }
 
 /**
- * aa_getpeercon - get the confinement of the socket's peer (other end)
- * @fd: socket to get peer confinement for
- * @con: pointer to allocated buffer with the confinement string
- * @mode: if non-NULL and a mode is present, will point to mode string in @con
+ * aa_getpeercon - get the confinement context of the socket's peer (other end)
+ * @fd: socket to get peer confinement context for
+ * @label: pointer to allocated buffer with the label
+ * @mode: if non-NULL and a mode is present, will point to mode string in @label
  *
- * Returns: length of confinement data including null termination or -1 on error
+ * Returns: length of confinement context including null termination or -1 on error
  *
- * Guarantees that @con and @mode are null terminated.  The length returned
- * is for all data including both @con and @mode, and maybe > than strlen(@con)
- * even if @mode is NULL
+ * Guarantees that @label and @mode are null terminated.  The length returned
+ * is for all data including both @label and @mode, and maybe > than
+ * strlen(@label) even if @mode is NULL
  *
- * Caller is responsible for freeing the buffer returned in @con.  @mode is
- * always contained within @con's buffer and so NEVER do free(@mode)
+ * Caller is responsible for freeing the buffer returned in @label.  @mode is
+ * always contained within @label's buffer and so NEVER do free(@mode)
  */
-int aa_getpeercon(int fd, char **con, char **mode)
+int aa_getpeercon(int fd, char **label, char **mode)
 {
 	int rc, last_size, size = INITIAL_GUESS_SIZE;
 	char *buffer = NULL;
 
-	if (!con) {
+	if (!label) {
 		errno = EINVAL;
 		return -1;
 	}
@@ -657,12 +657,12 @@ int aa_getpeercon(int fd, char **con, char **mode)
 
 	if (rc == -1) {
 		free(buffer);
-		*con = NULL;
+		*label = NULL;
 		if (mode)
 			*mode = NULL;
 		size = -1;
 	} else
-		*con = buffer;
+		*label = buffer;
 
 	return size;
 }
diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
index 32a2fb3..6bae3f6 100644
--- a/libraries/libapparmor/swig/SWIG/libapparmor.i
+++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
@@ -33,10 +33,10 @@ extern int aa_change_hat_vargs(unsigned long token, int count, ...);
 extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
 			      char **mode);
 extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode);
-extern int aa_gettaskcon(pid_t target, char **con, char **mode);
-extern int aa_getcon(char **con, char **mode);
+extern int aa_gettaskcon(pid_t target, char **label, char **mode);
+extern int aa_getcon(char **label, char **mode);
 extern int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode);
-extern int aa_getpeercon(int fd, char **con, char **mode);
+extern int aa_getpeercon(int fd, char **label, char **mode);
 extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allow,
 			  int *audit);
 
-- 
2.1.0


