[apparmor] [PATCH 1/2] apparmor: introduce adaptive_current_label_crit_section helpers

Ryan Lee ryan.lee at canonical.com
Tue Jan 20 19:30:47 UTC 2026 

These helpers encapsulate selection logic that chooses between the atomic
and the non-atomic versions of the current_label_crit_section helpers,
allowing dynamic selection when atomicity is conditional.

Signed-off-by: Ryan Lee <ryan.lee at canonical.com>
---
 security/apparmor/include/cred.h | 38 ++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/security/apparmor/include/cred.h b/security/apparmor/include/cred.h
index b028e4c13b6f..d5e7d4203ac5 100644
--- a/security/apparmor/include/cred.h
+++ b/security/apparmor/include/cred.h
@@ -142,6 +142,24 @@ static inline void end_current_label_crit_section(struct aa_label *label)
 		aa_put_label(label);
 }
 
+/**
+ * end_adaptive_label_crit_section - end crit section begun with begin_adaptive...
+ * @label: label obtained from begin_adaptive_label_crit_section
+ * @needput: bool obtained from begin_adaptive_label_crit_section
+ * @in_atomic: whether we are in an atomic section
+ *
+ * Adaptively calls either the atomic or nonatomic version of
+ * end_current_label_crit_section depending on in_atomic
+ */
+static inline void end_adaptive_current_label_crit_section(
+	struct aa_label *label, bool needput, bool in_atomic)
+{
+	if (in_atomic)
+		__end_current_label_crit_section(label, needput);
+	else
+		end_current_label_crit_section(label);
+}
+
 /**
  * __begin_current_label_crit_section - current's confining label
  * @needput: store whether the label needs to be put when ending crit section
@@ -196,6 +214,26 @@ static inline struct aa_label *begin_current_label_crit_section(void)
 	return label;
 }
 
+/**
+ * begin_adaptive_label_crit_section - current's confining label
+ * @needput: output bool of whether label should be put
+ * @in_atomic: whether we are in an atomic section
+ *
+ * Adaptively calls either the atomic or nonatomic version of
+ * begin_current_label_crit_section depending on in_atomic
+ */
+static inline struct aa_label *begin_adaptive_current_label_crit_section(
+	bool *needput, bool in_atomic)
+{
+	if (in_atomic)
+		return __begin_current_label_crit_section(needput);
+	else {
+		/* Value is not used in this case but still initialize it */
+		*needput = false;
+		return begin_current_label_crit_section();
+	}
+}
+
 static inline struct aa_ns *aa_get_current_ns(void)
 {
 	struct aa_label *label;
-- 
2.43.0

More information about the AppArmor mailing list