apparmor: cleanup network hook comments

jrjohansen · jrjohansen · commit 1cba27501735 · 2023-11-26T01:02:48.000-08:00
Drop useless partial kernel doc style comments. Finish/update kerneldoc
comment where there is useful information

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
@@ -987,9 +987,6 @@ static int apparmor_userns_create(const struct cred *cred)
 	return error;
 }
 
-/**
- * apparmor_sk_alloc_security - allocate and attach the sk_security field
- */
 static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags)
 {
 	struct aa_sk_ctx *ctx;
@@ -1003,9 +1000,6 @@ static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags)
 	return 0;
 }
 
-/**
- * apparmor_sk_free_security - free the sk_security field
- */
 static void apparmor_sk_free_security(struct sock *sk)
 {
 	struct aa_sk_ctx *ctx = aa_sock(sk);
@@ -1018,6 +1012,8 @@ static void apparmor_sk_free_security(struct sock *sk)
 
 /**
  * apparmor_sk_clone_security - clone the sk_security field
+ * @sk: sock to have security cloned
+ * @newsk: sock getting clone
  */
 static void apparmor_sk_clone_security(const struct sock *sk,
 				       struct sock *newsk)
@@ -1034,9 +1030,6 @@ static void apparmor_sk_clone_security(const struct sock *sk,
 	new->peer = aa_get_label(ctx->peer);
 }
 
-/**
- * apparmor_socket_create - check perms before creating a new socket
- */
 static int apparmor_socket_create(int family, int type, int protocol, int kern)
 {
 	struct aa_label *label;
@@ -1058,10 +1051,14 @@ static int apparmor_socket_create(int family, int type, int protocol, int kern)
 
 /**
  * apparmor_socket_post_create - setup the per-socket security struct
+ * @sock: socket that is being setup
+ * @family: family of socket being created
+ * @type: type of the socket
+ * @ptotocol: protocol of the socket
+ * @kern: socket is a special kernel socket
  *
  * Note:
- * -   kernel sockets currently labeled unconfined but we may want to
- *     move to a special kernel label
+ * -   kernel sockets labeled kernel_t used to use unconfined
  * -   socket may not have sk here if created with sock_create_lite or
  *     sock_alloc. These should be accept cases which will be handled in
  *     sock_graft.
@@ -1087,9 +1084,6 @@ static int apparmor_socket_post_create(struct socket *sock, int family,
 	return 0;
 }
 
-/**
- * apparmor_socket_bind - check perms before bind addr to socket
- */
 static int apparmor_socket_bind(struct socket *sock,
 				struct sockaddr *address, int addrlen)
 {
@@ -1103,9 +1097,6 @@ static int apparmor_socket_bind(struct socket *sock,
 			 aa_sk_perm(OP_BIND, AA_MAY_BIND, sock->sk));
 }
 
-/**
- * apparmor_socket_connect - check perms before connecting @sock to @address
- */
 static int apparmor_socket_connect(struct socket *sock,
 				   struct sockaddr *address, int addrlen)
 {
@@ -1119,9 +1110,6 @@ static int apparmor_socket_connect(struct socket *sock,
 			 aa_sk_perm(OP_CONNECT, AA_MAY_CONNECT, sock->sk));
 }
 
-/**
- * apparmor_socket_listen - check perms before allowing listen
- */
 static int apparmor_socket_listen(struct socket *sock, int backlog)
 {
 	AA_BUG(!sock);
@@ -1133,9 +1121,7 @@ static int apparmor_socket_listen(struct socket *sock, int backlog)
 			 aa_sk_perm(OP_LISTEN, AA_MAY_LISTEN, sock->sk));
 }
 
-/**
- * apparmor_socket_accept - check perms before accepting a new connection.
- *
+/*
  * Note: while @newsock is created and has some information, the accept
  *       has not been done.
  */
@@ -1164,18 +1150,12 @@ static int aa_sock_msg_perm(const char *op, u32 request, struct socket *sock,
 			 aa_sk_perm(op, request, sock->sk));
 }
 
-/**
- * apparmor_socket_sendmsg - check perms before sending msg to another socket
- */
 static int apparmor_socket_sendmsg(struct socket *sock,
 				   struct msghdr *msg, int size)
 {
 	return aa_sock_msg_perm(OP_SENDMSG, AA_MAY_SEND, sock, msg, size);
 }
 
-/**
- * apparmor_socket_recvmsg - check perms before receiving a message
- */
 static int apparmor_socket_recvmsg(struct socket *sock,
 				   struct msghdr *msg, int size, int flags)
 {
@@ -1194,17 +1174,11 @@ static int aa_sock_perm(const char *op, u32 request, struct socket *sock)
 			 aa_sk_perm(op, request, sock->sk));
 }
 
-/**
- * apparmor_socket_getsockname - check perms before getting the local address
- */
 static int apparmor_socket_getsockname(struct socket *sock)
 {
 	return aa_sock_perm(OP_GETSOCKNAME, AA_MAY_GETATTR, sock);
 }
 
-/**
- * apparmor_socket_getpeername - check perms before getting remote address
- */
 static int apparmor_socket_getpeername(struct socket *sock)
 {
 	return aa_sock_perm(OP_GETPEERNAME, AA_MAY_GETATTR, sock);
@@ -1223,29 +1197,20 @@ static int aa_sock_opt_perm(const char *op, u32 request, struct socket *sock,
 			 aa_sk_perm(op, request, sock->sk));
 }
 
-/**
- * apparmor_socket_getsockopt - check perms before getting socket options
- */
 static int apparmor_socket_getsockopt(struct socket *sock, int level,
 				      int optname)
 {
 	return aa_sock_opt_perm(OP_GETSOCKOPT, AA_MAY_GETOPT, sock,
 				level, optname);
 }
 
-/**
- * apparmor_socket_setsockopt - check perms before setting socket options
- */
 static int apparmor_socket_setsockopt(struct socket *sock, int level,
 				      int optname)
 {
 	return aa_sock_opt_perm(OP_SETSOCKOPT, AA_MAY_SETOPT, sock,
 				level, optname);
 }
 
-/**
- * apparmor_socket_shutdown - check perms before shutting down @sock conn
- */
 static int apparmor_socket_shutdown(struct socket *sock, int how)
 {
 	return aa_sock_perm(OP_SHUTDOWN, AA_MAY_SHUTDOWN, sock);
@@ -1254,6 +1219,8 @@ static int apparmor_socket_shutdown(struct socket *sock, int how)
 #ifdef CONFIG_NETWORK_SECMARK
 /**
  * apparmor_socket_sock_rcv_skb - check perms before associating skb to sk
+ * @sk: sk to associate @skb with
+ * @skb: skb to check for perms
  *
  * Note: can not sleep may be called with locks held
  *
@@ -1285,6 +1252,11 @@ static struct aa_label *sk_peer_label(struct sock *sk)
 
 /**
  * apparmor_socket_getpeersec_stream - get security context of peer
+ * @sock: socket that we are trying to get the peer context of
+ * @optval: output - buffer to copy peer name to
+ * @optlen: output - size of copied name in @optval
+ * @len: size of @optval buffer
+ * Returns: 0 on success, -errno of failure
  *
  * Note: for tcp only valid if using ipsec or cipso on lan
  */

Original file line number	Diff line number	Diff line change
`@@ -987,9 +987,6 @@ static int apparmor_userns_create(const struct cred *cred)`
`987`	`987`	`return error;`
`988`	`988`	`}`
`989`	`989`
`990`		`-/**`
`991`		`- * apparmor_sk_alloc_security - allocate and attach the sk_security field`
`992`		`- */`
`993`	`990`	`static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags)`
`994`	`991`	`{`
`995`	`992`	`struct aa_sk_ctx *ctx;`
`@@ -1003,9 +1000,6 @@ static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags)`
`1003`	`1000`	`return 0;`
`1004`	`1001`	`}`
`1005`	`1002`
`1006`		`-/**`
`1007`		`- * apparmor_sk_free_security - free the sk_security field`
`1008`		`- */`
`1009`	`1003`	`static void apparmor_sk_free_security(struct sock *sk)`
`1010`	`1004`	`{`
`1011`	`1005`	`struct aa_sk_ctx *ctx = aa_sock(sk);`
`@@ -1018,6 +1012,8 @@ static void apparmor_sk_free_security(struct sock *sk)`
`1018`	`1012`
`1019`	`1013`	`/**`
`1020`	`1014`	`* apparmor_sk_clone_security - clone the sk_security field`
	`1015`	`+ * @sk: sock to have security cloned`
	`1016`	`+ * @newsk: sock getting clone`
`1021`	`1017`	`*/`
`1022`	`1018`	`static void apparmor_sk_clone_security(const struct sock *sk,`
`1023`	`1019`	`struct sock *newsk)`
`@@ -1034,9 +1030,6 @@ static void apparmor_sk_clone_security(const struct sock *sk,`
`1034`	`1030`	`new->peer = aa_get_label(ctx->peer);`
`1035`	`1031`	`}`
`1036`	`1032`
`1037`		`-/**`
`1038`		`- * apparmor_socket_create - check perms before creating a new socket`
`1039`		`- */`
`1040`	`1033`	`static int apparmor_socket_create(int family, int type, int protocol, int kern)`
`1041`	`1034`	`{`
`1042`	`1035`	`struct aa_label *label;`
`@@ -1058,10 +1051,14 @@ static int apparmor_socket_create(int family, int type, int protocol, int kern)`
`1058`	`1051`
`1059`	`1052`	`/**`
`1060`	`1053`	`* apparmor_socket_post_create - setup the per-socket security struct`
	`1054`	`+ * @sock: socket that is being setup`
	`1055`	`+ * @family: family of socket being created`
	`1056`	`+ * @type: type of the socket`
	`1057`	`+ * @ptotocol: protocol of the socket`
	`1058`	`+ * @kern: socket is a special kernel socket`
`1061`	`1059`	`*`
`1062`	`1060`	`* Note:`
`1063`		`- * - kernel sockets currently labeled unconfined but we may want to`
`1064`		`- * move to a special kernel label`
	`1061`	`+ * - kernel sockets labeled kernel_t used to use unconfined`
`1065`	`1062`	`* - socket may not have sk here if created with sock_create_lite or`
`1066`	`1063`	`* sock_alloc. These should be accept cases which will be handled in`
`1067`	`1064`	`* sock_graft.`
`@@ -1087,9 +1084,6 @@ static int apparmor_socket_post_create(struct socket *sock, int family,`
`1087`	`1084`	`return 0;`
`1088`	`1085`	`}`
`1089`	`1086`
`1090`		`-/**`
`1091`		`- * apparmor_socket_bind - check perms before bind addr to socket`
`1092`		`- */`
`1093`	`1087`	`static int apparmor_socket_bind(struct socket *sock,`
`1094`	`1088`	`struct sockaddr *address, int addrlen)`
`1095`	`1089`	`{`
`@@ -1103,9 +1097,6 @@ static int apparmor_socket_bind(struct socket *sock,`
`1103`	`1097`	`aa_sk_perm(OP_BIND, AA_MAY_BIND, sock->sk));`
`1104`	`1098`	`}`
`1105`	`1099`
`1106`		`-/**`
`1107`		`- * apparmor_socket_connect - check perms before connecting @sock to @address`
`1108`		`- */`
`1109`	`1100`	`static int apparmor_socket_connect(struct socket *sock,`
`1110`	`1101`	`struct sockaddr *address, int addrlen)`
`1111`	`1102`	`{`
`@@ -1119,9 +1110,6 @@ static int apparmor_socket_connect(struct socket *sock,`
`1119`	`1110`	`aa_sk_perm(OP_CONNECT, AA_MAY_CONNECT, sock->sk));`
`1120`	`1111`	`}`
`1121`	`1112`
`1122`		`-/**`
`1123`		`- * apparmor_socket_listen - check perms before allowing listen`
`1124`		`- */`
`1125`	`1113`	`static int apparmor_socket_listen(struct socket *sock, int backlog)`
`1126`	`1114`	`{`
`1127`	`1115`	`AA_BUG(!sock);`
`@@ -1133,9 +1121,7 @@ static int apparmor_socket_listen(struct socket *sock, int backlog)`
`1133`	`1121`	`aa_sk_perm(OP_LISTEN, AA_MAY_LISTEN, sock->sk));`
`1134`	`1122`	`}`
`1135`	`1123`
`1136`		`-/**`
`1137`		`- * apparmor_socket_accept - check perms before accepting a new connection.`
`1138`		`- *`
	`1124`	`+/*`
`1139`	`1125`	`* Note: while @newsock is created and has some information, the accept`
`1140`	`1126`	`* has not been done.`
`1141`	`1127`	`*/`
`@@ -1164,18 +1150,12 @@ static int aa_sock_msg_perm(const char op, u32 request, struct socket sock,`
`1164`	`1150`	`aa_sk_perm(op, request, sock->sk));`
`1165`	`1151`	`}`
`1166`	`1152`
`1167`		`-/**`
`1168`		`- * apparmor_socket_sendmsg - check perms before sending msg to another socket`
`1169`		`- */`
`1170`	`1153`	`static int apparmor_socket_sendmsg(struct socket *sock,`
`1171`	`1154`	`struct msghdr *msg, int size)`
`1172`	`1155`	`{`
`1173`	`1156`	`return aa_sock_msg_perm(OP_SENDMSG, AA_MAY_SEND, sock, msg, size);`
`1174`	`1157`	`}`
`1175`	`1158`
`1176`		`-/**`
`1177`		`- * apparmor_socket_recvmsg - check perms before receiving a message`
`1178`		`- */`
`1179`	`1159`	`static int apparmor_socket_recvmsg(struct socket *sock,`
`1180`	`1160`	`struct msghdr *msg, int size, int flags)`
`1181`	`1161`	`{`
`@@ -1194,17 +1174,11 @@ static int aa_sock_perm(const char op, u32 request, struct socket sock)`
`1194`	`1174`	`aa_sk_perm(op, request, sock->sk));`
`1195`	`1175`	`}`
`1196`	`1176`
`1197`		`-/**`
`1198`		`- * apparmor_socket_getsockname - check perms before getting the local address`
`1199`		`- */`
`1200`	`1177`	`static int apparmor_socket_getsockname(struct socket *sock)`
`1201`	`1178`	`{`
`1202`	`1179`	`return aa_sock_perm(OP_GETSOCKNAME, AA_MAY_GETATTR, sock);`
`1203`	`1180`	`}`
`1204`	`1181`
`1205`		`-/**`
`1206`		`- * apparmor_socket_getpeername - check perms before getting remote address`
`1207`		`- */`
`1208`	`1182`	`static int apparmor_socket_getpeername(struct socket *sock)`
`1209`	`1183`	`{`
`1210`	`1184`	`return aa_sock_perm(OP_GETPEERNAME, AA_MAY_GETATTR, sock);`
`@@ -1223,29 +1197,20 @@ static int aa_sock_opt_perm(const char op, u32 request, struct socket sock,`
`1223`	`1197`	`aa_sk_perm(op, request, sock->sk));`
`1224`	`1198`	`}`
`1225`	`1199`
`1226`		`-/**`
`1227`		`- * apparmor_socket_getsockopt - check perms before getting socket options`
`1228`		`- */`
`1229`	`1200`	`static int apparmor_socket_getsockopt(struct socket *sock, int level,`
`1230`	`1201`	`int optname)`
`1231`	`1202`	`{`
`1232`	`1203`	`return aa_sock_opt_perm(OP_GETSOCKOPT, AA_MAY_GETOPT, sock,`
`1233`	`1204`	`level, optname);`
`1234`	`1205`	`}`
`1235`	`1206`
`1236`		`-/**`
`1237`		`- * apparmor_socket_setsockopt - check perms before setting socket options`
`1238`		`- */`
`1239`	`1207`	`static int apparmor_socket_setsockopt(struct socket *sock, int level,`
`1240`	`1208`	`int optname)`
`1241`	`1209`	`{`
`1242`	`1210`	`return aa_sock_opt_perm(OP_SETSOCKOPT, AA_MAY_SETOPT, sock,`
`1243`	`1211`	`level, optname);`
`1244`	`1212`	`}`
`1245`	`1213`
`1246`		`-/**`
`1247`		`- * apparmor_socket_shutdown - check perms before shutting down @sock conn`
`1248`		`- */`
`1249`	`1214`	`static int apparmor_socket_shutdown(struct socket *sock, int how)`
`1250`	`1215`	`{`
`1251`	`1216`	`return aa_sock_perm(OP_SHUTDOWN, AA_MAY_SHUTDOWN, sock);`
`@@ -1254,6 +1219,8 @@ static int apparmor_socket_shutdown(struct socket *sock, int how)`
`1254`	`1219`	`#ifdef CONFIG_NETWORK_SECMARK`
`1255`	`1220`	`/**`
`1256`	`1221`	`* apparmor_socket_sock_rcv_skb - check perms before associating skb to sk`
	`1222`	`+ * @sk: sk to associate @skb with`
	`1223`	`+ * @skb: skb to check for perms`
`1257`	`1224`	`*`
`1258`	`1225`	`* Note: can not sleep may be called with locks held`
`1259`	`1226`	`*`
`@@ -1285,6 +1252,11 @@ static struct aa_label sk_peer_label(struct sock sk)`
`1285`	`1252`
`1286`	`1253`	`/**`
`1287`	`1254`	`* apparmor_socket_getpeersec_stream - get security context of peer`
	`1255`	`+ * @sock: socket that we are trying to get the peer context of`
	`1256`	`+ * @optval: output - buffer to copy peer name to`
	`1257`	`+ * @optlen: output - size of copied name in @optval`
	`1258`	`+ * @len: size of @optval buffer`
	`1259`	`+ * Returns: 0 on success, -errno of failure`
`1288`	`1260`	`*`
`1289`	`1261`	`* Note: for tcp only valid if using ipsec or cipso on lan`
`1290`	`1262`	`*/`