apparmor: combine common_audit_data and apparmor_audit_data

Everywhere where common_audit_data is used apparmor audit_data is also used. We can simplify the code and drop the use of the aad macro everywhere by combining the two structures. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>

apparmor: combine common_audit_data and apparmor_audit_data
Everywhere where common_audit_data is used apparmor audit_data is also used. We can simplify the code and drop the use of the aad macro everywhere by combining the two structures. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
bd7bd201 · John Johansen · 79ddd4a7 · bd7bd201 · bd7bd201 · bd7bd201
Commit bd7bd201 authored Sep 14, 2022 by John Johansen
15 changed files
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -85,37 +85,36 @@ static const char *const aa_class_names[] = {
 /**
 * audit_pre() - core AppArmor function.
 * @ab: audit buffer to fill (NOT NULL)
- * @ca: audit structure containing data to audit (NOT NULL)
+ * @va: audit structure containing data to audit (NOT NULL)
 *
- * Record common AppArmor audit data from @sa
+ * Record common AppArmor audit data from @va
 */
-static void audit_pre(struct audit_buffer *ab, void *ca)
+static void audit_pre(struct audit_buffer *ab, void *va)
 {
-	struct common_audit_data *sa = ca;
+	struct apparmor_audit_data *ad = aad_of_va(va);
 	if (aa_g_audit_header) {
 		audit_log_format(ab, "apparmor=\"%s\"",
-				 aa_audit_type[aad(sa)->type]);
+				 aa_audit_type[ad->type]);
 	}
-	if (aad(sa)->op) {
+	if (ad->op)
-		audit_log_format(ab, " operation=\"%s\"", aad(sa)->op);
+		audit_log_format(ab, " operation=\"%s\"", ad->op);
-	}
-	if (aad(sa)->class)
+	if (ad->class)
 		audit_log_format(ab, " class=\"%s\"",
-				 aad(sa)->class <= AA_CLASS_LAST ?
+				 ad->class <= AA_CLASS_LAST ?
-				 aa_class_names[aad(sa)->class] :
+				 aa_class_names[ad->class] :
 				 "unknown");
-	if (aad(sa)->info) {
+	if (ad->info) {
-		audit_log_format(ab, " info=\"%s\"", aad(sa)->info);
+		audit_log_format(ab, " info=\"%s\"", ad->info);
-		if (aad(sa)->error)
+		if (ad->error)
-			audit_log_format(ab, " error=%d", aad(sa)->error);
+			audit_log_format(ab, " error=%d", ad->error);
 	}
-	if (aad(sa)->label) {
+	if (ad->label) {
-		struct aa_label *label = aad(sa)->label;
+		struct aa_label *label = ad->label;
 		if (label_isprofile(label)) {
 			struct aa_profile *profile = labels_profile(label);
@@ -134,43 +133,44 @@ static void audit_pre(struct audit_buffer *ab, void *ca)
 		}
 	}
-	if (aad(sa)->name) {
+	if (ad->name) {
 		audit_log_format(ab, " name=");
-		audit_log_untrustedstring(ab, aad(sa)->name);
+		audit_log_untrustedstring(ab, ad->name);
 	}
 }
 /**
 * aa_audit_msg - Log a message to the audit subsystem
 * @type: audit type for the message
- * @sa: audit event structure (NOT NULL)
+ * @ad: audit event structure (NOT NULL)
 * @cb: optional callback fn for type specific fields (MAYBE NULL)
 */
-void aa_audit_msg(int type, struct common_audit_data *sa,
+void aa_audit_msg(int type, struct apparmor_audit_data *ad,
 		  void (*cb) (struct audit_buffer *, void *))
 {
-	aad(sa)->type = type;
+	ad->type = type;
-	common_lsm_audit(sa, audit_pre, cb);
+	common_lsm_audit(&ad->common, audit_pre, cb);
 }
 /**
 * aa_audit - Log a profile based audit event to the audit subsystem
 * @type: audit type for the message
 * @profile: profile to check against (NOT NULL)
- * @sa: audit event (NOT NULL)
+ * @ad: audit event (NOT NULL)
 * @cb: optional callback fn for type specific fields (MAYBE NULL)
 *
 * Handle default message switching based off of audit mode flags
 *
 * Returns: error on failure
 */
-int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
+int aa_audit(int type, struct aa_profile *profile,
+	     struct apparmor_audit_data *ad,
 	     void (*cb) (struct audit_buffer *, void *))
 {
 	AA_BUG(!profile);
 	if (type == AUDIT_APPARMOR_AUTO) {
-		if (likely(!aad(sa)->error)) {
+		if (likely(!ad->error)) {
 			if (AUDIT_MODE(profile) != AUDIT_ALL)
 				return 0;
 			type = AUDIT_APPARMOR_AUDIT;
@@ -182,24 +182,24 @@ int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
 	if (AUDIT_MODE(profile) == AUDIT_QUIET ||
 	    (type == AUDIT_APPARMOR_DENIED &&
 	     AUDIT_MODE(profile) == AUDIT_QUIET_DENIED))
-		return aad(sa)->error;
+		return ad->error;
 	if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
 		type = AUDIT_APPARMOR_KILL;
-	aad(sa)->label = &profile->label;
+	ad->label = &profile->label;
-	aa_audit_msg(type, sa, cb);
+	aa_audit_msg(type, ad, cb);
-	if (aad(sa)->type == AUDIT_APPARMOR_KILL)
+	if (ad->type == AUDIT_APPARMOR_KILL)
 		(void)send_sig_info(SIGKILL, NULL,
-			sa->type == LSM_AUDIT_DATA_TASK && sa->u.tsk ?
+			ad->common.type == LSM_AUDIT_DATA_TASK &&
-				    sa->u.tsk : current);
+			ad->common.u.tsk ? ad->common.u.tsk : current);
-	if (aad(sa)->type == AUDIT_APPARMOR_ALLOWED)
+	if (ad->type == AUDIT_APPARMOR_ALLOWED)
-		return complain_error(aad(sa)->error);
+		return complain_error(ad->error);
-	return aad(sa)->error;
+	return ad->error;
 }
 struct aa_audit_rule {

--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -51,7 +51,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
 /**
 * audit_caps - audit a capability
- * @sa: audit data
+ * @as: audit data
 * @profile: profile being tested for confinement (NOT NULL)
 * @cap: capability tested
 * @error: error code returned by test
@@ -59,9 +59,9 @@ static void audit_cb(struct audit_buffer *ab, void *va)
 * Do auditing of capability and handle, audit/complain/kill modes switching
 * and duplicate message elimination.
 *
- * Returns: 0 or sa->error on success,  error code on failure
+ * Returns: 0 or ad->error on success,  error code on failure
 */
-static int audit_caps(struct common_audit_data *sa, struct aa_profile *profile,
+static int audit_caps(struct apparmor_audit_data *ad, struct aa_profile *profile,
 		      int cap, int error)
 {
 	struct aa_ruleset *rules = list_first_entry(&profile->rules,
@@ -69,7 +69,7 @@ static int audit_caps(struct common_audit_data *sa, struct aa_profile *profile,
 	struct audit_cache *ent;
 	int type = AUDIT_APPARMOR_AUTO;
-	aad(sa)->error = error;
+	ad->error = error;
 	if (likely(!error)) {
 		/* test if auditing is being forced */
@@ -101,7 +101,7 @@ static int audit_caps(struct common_audit_data *sa, struct aa_profile *profile,
 	}
 	put_cpu_var(audit_cache);
-	return aa_audit(type, profile, sa, audit_cb);
+	return aa_audit(type, profile, ad, audit_cb);
 }
 /**
@@ -109,12 +109,12 @@ static int audit_caps(struct common_audit_data *sa, struct aa_profile *profile,
 * @profile: profile being enforced    (NOT NULL, NOT unconfined)
 * @cap: capability to test if allowed
 * @opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated
- * @sa: audit data (MAY BE NULL indicating no auditing)
+ * @ad: audit data (MAY BE NULL indicating no auditing)
 *
 * Returns: 0 if allowed else -EPERM
 */
 static int profile_capable(struct aa_profile *profile, int cap,
-			   unsigned int opts, struct common_audit_data *sa)
+			   unsigned int opts, struct apparmor_audit_data *ad)
 {
 	struct aa_ruleset *rules = list_first_entry(&profile->rules,
 						    typeof(*rules), list);
@@ -132,10 +132,10 @@ static int profile_capable(struct aa_profile *profile, int cap,
 		/* audit the cap request in complain mode but note that it
 		 * should be optional.
 		 */
-		aad(sa)->info = "optional: no audit";
+		ad->info = "optional: no audit";
 	}
-	return audit_caps(sa, profile, cap, error);
+	return audit_caps(ad, profile, cap, error);
 }
 /**
@@ -152,11 +152,11 @@ int aa_capable(struct aa_label *label, int cap, unsigned int opts)
 {
 	struct aa_profile *profile;
 	int error = 0;
-	DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_CAP, AA_CLASS_CAP, OP_CAPABLE);
+	DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_CAP, AA_CLASS_CAP, OP_CAPABLE);
-	sa.u.cap = cap;
+	ad.common.u.cap = cap;
 	error = fn_for_each_confined(label, profile,
-			profile_capable(profile, cap, opts, &sa));
+			profile_capable(profile, cap, opts, &ad));
 	return error;
 }
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -44,33 +44,34 @@ static u32 map_mask_to_chr_mask(u32 mask)
 static void file_audit_cb(struct audit_buffer *ab, void *va)
 {
 	struct common_audit_data *sa = va;
+	struct apparmor_audit_data *ad = aad(sa);
 	kuid_t fsuid = current_fsuid();
 	char str[10];
-	if (aad(sa)->request & AA_AUDIT_FILE_MASK) {
+	if (ad->request & AA_AUDIT_FILE_MASK) {
 		aa_perm_mask_to_str(str, sizeof(str), aa_file_perm_chrs,
-				    map_mask_to_chr_mask(aad(sa)->request));
+				    map_mask_to_chr_mask(ad->request));
 		audit_log_format(ab, " requested_mask=\"%s\"", str);
 	}
-	if (aad(sa)->denied & AA_AUDIT_FILE_MASK) {
+	if (ad->denied & AA_AUDIT_FILE_MASK) {
 		aa_perm_mask_to_str(str, sizeof(str), aa_file_perm_chrs,
-				    map_mask_to_chr_mask(aad(sa)->denied));
+				    map_mask_to_chr_mask(ad->denied));
 		audit_log_format(ab, " denied_mask=\"%s\"", str);
 	}
-	if (aad(sa)->request & AA_AUDIT_FILE_MASK) {
+	if (ad->request & AA_AUDIT_FILE_MASK) {
 		audit_log_format(ab, " fsuid=%d",
 				 from_kuid(&init_user_ns, fsuid));
 		audit_log_format(ab, " ouid=%d",
-				 from_kuid(&init_user_ns, aad(sa)->fs.ouid));
+				 from_kuid(&init_user_ns, ad->fs.ouid));
 	}
-	if (aad(sa)->peer) {
+	if (ad->peer) {
 		audit_log_format(ab, " target=");
-		aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer,
+		aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
 				FLAG_VIEW_SUBNS, GFP_KERNEL);
-	} else if (aad(sa)->fs.target) {
+	} else if (ad->fs.target) {
 		audit_log_format(ab, " target=");
-		audit_log_untrustedstring(ab, aad(sa)->fs.target);
+		audit_log_untrustedstring(ab, ad->fs.target);
 	}
 }
@@ -95,50 +96,49 @@ int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms,
 		  kuid_t ouid, const char *info, int error)
 {
 	int type = AUDIT_APPARMOR_AUTO;
-	DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_TASK, AA_CLASS_FILE, op);
+	DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_TASK, AA_CLASS_FILE, op);
-	sa.u.tsk = NULL;
+	ad.request = request;
-	aad(&sa)->request = request;
+	ad.name = name;
-	aad(&sa)->name = name;
+	ad.fs.target = target;
-	aad(&sa)->fs.target = target;
+	ad.peer = tlabel;
-	aad(&sa)->peer = tlabel;
+	ad.fs.ouid = ouid;
-	aad(&sa)->fs.ouid = ouid;
+	ad.info = info;
-	aad(&sa)->info = info;
+	ad.error = error;
-	aad(&sa)->error = error;
+	ad.common.u.tsk = NULL;
-	sa.u.tsk = NULL;
+	if (likely(!ad.error)) {
-	if (likely(!aad(&sa)->error)) {
 		u32 mask = perms->audit;
 		if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL))
 			mask = 0xffff;
 		/* mask off perms that are not being force audited */
-		aad(&sa)->request &= mask;
+		ad.request &= mask;
-		if (likely(!aad(&sa)->request))
+		if (likely(!ad.request))
 			return 0;
 		type = AUDIT_APPARMOR_AUDIT;
 	} else {
 		/* only report permissions that were denied */
-		aad(&sa)->request = aad(&sa)->request & ~perms->allow;
+		ad.request = ad.request & ~perms->allow;
-		AA_BUG(!aad(&sa)->request);
+		AA_BUG(!ad.request);
-		if (aad(&sa)->request & perms->kill)
+		if (ad.request & perms->kill)
 			type = AUDIT_APPARMOR_KILL;
 		/* quiet known rejects, assumes quiet and kill do not overlap */
-		if ((aad(&sa)->request & perms->quiet) &&
+		if ((ad.request & perms->quiet) &&
 		    AUDIT_MODE(profile) != AUDIT_NOQUIET &&
 		    AUDIT_MODE(profile) != AUDIT_ALL)
-			aad(&sa)->request &= ~perms->quiet;
+			ad.request &= ~perms->quiet;
-		if (!aad(&sa)->request)
+		if (!ad.request)
-			return aad(&sa)->error;
+			return ad.error;
 	}
-	aad(&sa)->denied = aad(&sa)->request & ~perms->allow;
+	ad.denied = ad.request & ~perms->allow;
-	return aa_audit(type, profile, &sa, file_audit_cb);
+	return aa_audit(type, profile, &ad, file_audit_cb);
 }
 static int path_name(const char *op, struct aa_label *label,

--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -152,33 +152,35 @@ struct apparmor_audit_data {
 			unsigned long flags;
 		} mnt;
 	};
+	struct common_audit_data common;
 };
 /* macros for dealing with  apparmor_audit_data structure */
-#define aad(SA) ((SA)->apparmor_audit_data)
+#define aad(SA) (container_of(SA, struct apparmor_audit_data, common))
+#define aad_of_va(VA) aad((struct common_audit_data *)(VA))
 #define DEFINE_AUDIT_DATA(NAME, T, C, X)				\
 	/* TODO: cleanup audit init so we don't need _aad = {0,} */	\
-	struct apparmor_audit_data NAME ## _aad = {                     \
+	struct apparmor_audit_data NAME = {				\
 		.class = (C),						\
 		.op = (X),                                              \
-	};                                                              \
+		.common.type = (T),					\
-	struct common_audit_data NAME =					\
+		.common.u.tsk = NULL,					\
-	{								\
+		.common.apparmor_audit_data = &NAME,			\
-	.type = (T),							\
+	};
-	.u.tsk = NULL,							\
-	};								\
+void aa_audit_msg(int type, struct apparmor_audit_data *ad,
-	NAME.apparmor_audit_data = &(NAME ## _aad)
-void aa_audit_msg(int type, struct common_audit_data *sa,
 		  void (*cb) (struct audit_buffer *, void *));
-int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
+int aa_audit(int type, struct aa_profile *profile,
+	     struct apparmor_audit_data *ad,
 	     void (*cb) (struct audit_buffer *, void *));
-#define aa_audit_error(ERROR, SA, CB)				\
+#define aa_audit_error(ERROR, AD, CB)				\
 ({								\
-	aad((SA))->error = (ERROR);				\
+	(AD)->error = (ERROR);					\
-	aa_audit_msg(AUDIT_APPARMOR_ERROR, (SA), (CB));		\
+	aa_audit_msg(AUDIT_APPARMOR_ERROR, (AD), (CB));		\
-	aad((SA))->error;					\
+	(AD)->error;					\
 })

--- a/security/apparmor/include/net.h
+++ b/security/apparmor/include/net.h
@@ -65,9 +65,9 @@ static inline struct aa_sk_ctx *aa_sock(const struct sock *sk)
 						     LSM_AUDIT_DATA_NONE, \
 						     AA_CLASS_NET,        \
 			  OP);						  \
-	NAME.u.net = &(NAME ## _net);					  \
+	NAME.common.u.net = &(NAME ## _net);				  \
-	aad(&NAME)->net.type = (T);					  \
+	NAME.net.type = (T);						  \
-	aad(&NAME)->net.protocol = (P)
+	NAME.net.protocol = (P)
 #define DEFINE_AUDIT_SK(NAME, OP, SK)					\
 	DEFINE_AUDIT_NET(NAME, OP, SK, (SK)->sk_family, (SK)->sk_type,	\
@@ -94,16 +94,17 @@ struct aa_secmark {
 extern struct aa_sfs_entry aa_sfs_entry_network[];
 void audit_net_cb(struct audit_buffer *ab, void *va);
-int aa_profile_af_perm(struct aa_profile *profile, struct common_audit_data *sa,
+int aa_profile_af_perm(struct aa_profile *profile,
+		       struct apparmor_audit_data *ad,
 		       u32 request, u16 family, int type);
 int aa_af_perm(struct aa_label *label, const char *op, u32 request, u16 family,
 	       int type, int protocol);
 static inline int aa_profile_af_sk_perm(struct aa_profile *profile,
-					struct common_audit_data *sa,
+					struct apparmor_audit_data *ad,
 					u32 request,
 					struct sock *sk)
 {
-	return aa_profile_af_perm(profile, sa, request, sk->sk_family,
+	return aa_profile_af_perm(profile, ad, request, sk->sk_family,
 				  sk->sk_type);
 }
 int aa_sk_perm(const char *op, u32 request, struct sock *sk);

--- a/security/apparmor/include/perms.h
+++ b/security/apparmor/include/perms.h
@@ -212,8 +212,8 @@ void aa_profile_match_label(struct aa_profile *profile,
 			    int type, u32 request, struct aa_perms *perms);
 int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
 			  u32 request, int type, u32 *deny,
-			  struct common_audit_data *sa);
+			  struct apparmor_audit_data *ad);
 int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
-		   u32 request, struct common_audit_data *sa,
+		   u32 request, struct apparmor_audit_data *ad,
 		   void (*cb)(struct audit_buffer *, void *));
 #endif /* __AA_PERM_H */
--- a/security/apparmor/ipc.c
+++ b/security/apparmor/ipc.c
@@ -52,31 +52,32 @@ static const char *audit_signal_mask(u32 mask)
 static void audit_signal_cb(struct audit_buffer *ab, void *va)
 {
 	struct common_audit_data *sa = va;
+	struct apparmor_audit_data *ad = aad(sa);
-	if (aad(sa)->request & AA_SIGNAL_PERM_MASK) {
+	if (ad->request & AA_SIGNAL_PERM_MASK) {
 		audit_log_format(ab, " requested_mask=\"%s\"",
-				 audit_signal_mask(aad(sa)->request));
+				 audit_signal_mask(ad->request));
-		if (aad(sa)->denied & AA_SIGNAL_PERM_MASK) {
+		if (ad->denied & AA_SIGNAL_PERM_MASK) {
 			audit_log_format(ab, " denied_mask=\"%s\"",
-					 audit_signal_mask(aad(sa)->denied));
+					 audit_signal_mask(ad->denied));
 		}
 	}
-	if (aad(sa)->signal == SIGUNKNOWN)
+	if (ad->signal == SIGUNKNOWN)
 		audit_log_format(ab, "signal=unknown(%d)",
-				 aad(sa)->unmappedsig);
+				 ad->unmappedsig);
-	else if (aad(sa)->signal < MAXMAPPED_SIGNAME)
+	else if (ad->signal < MAXMAPPED_SIGNAME)
-		audit_log_format(ab, " signal=%s", sig_names[aad(sa)->signal]);
+		audit_log_format(ab, " signal=%s", sig_names[ad->signal]);
 	else
 		audit_log_format(ab, " signal=rtmin+%d",
-				 aad(sa)->signal - SIGRT_BASE);
+				 ad->signal - SIGRT_BASE);
 	audit_log_format(ab, " peer=");
-	aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer,
+	aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
 			FLAGS_NONE, GFP_ATOMIC);
 }
 static int profile_signal_perm(struct aa_profile *profile,
 			       struct aa_label *peer, u32 request,
-			       struct common_audit_data *sa)
+			       struct apparmor_audit_data *ad)
 {
 	struct aa_ruleset *rules = list_first_entry(&profile->rules,
 						    typeof(*rules), list);
@@ -87,24 +88,24 @@ static int profile_signal_perm(struct aa_profile *profile,
 	    !ANY_RULE_MEDIATES(&profile->rules, AA_CLASS_SIGNAL))
 		return 0;
-	aad(sa)->peer = peer;
+	ad->peer = peer;
 	/* TODO: secondary cache check <profile, profile, perm> */
 	state = aa_dfa_next(rules->policy.dfa,
 			    rules->policy.start[AA_CLASS_SIGNAL],
-			    aad(sa)->signal);
+			    ad->signal);
 	aa_label_match(profile, rules, peer, state, false, request, &perms);
 	aa_apply_modes_to_perms(profile, &perms);
-	return aa_check_perms(profile, &perms, request, sa, audit_signal_cb);
+	return aa_check_perms(profile, &perms, request, ad, audit_signal_cb);
 }
 int aa_may_signal(struct aa_label *sender, struct aa_label *target, int sig)
 {
 	struct aa_profile *profile;
-	DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, AA_CLASS_SIGNAL, OP_SIGNAL);
+	DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_NONE, AA_CLASS_SIGNAL, OP_SIGNAL);
-	aad(&sa)->signal = map_signal_num(sig);
+	ad.signal = map_signal_num(sig);
-	aad(&sa)->unmappedsig = sig;
+	ad.unmappedsig = sig;
 	return xcheck_labels(sender, target, profile,
-			profile_signal_perm(profile, target, MAY_WRITE, &sa),
+			profile_signal_perm(profile, target, MAY_WRITE, &ad),
-			profile_signal_perm(profile, sender, MAY_READ, &sa));
+			profile_signal_perm(profile, sender, MAY_READ, &ad));
 }
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -144,10 +144,10 @@ const char *aa_splitn_fqname(const char *fqname, size_t n, const char **ns_name,
 void aa_info_message(const char *str)
 {
 	if (audit_enabled) {
-		DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, AA_CLASS_NONE, NULL);
+		DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_NONE, AA_CLASS_NONE, NULL);
-		aad(&sa)->info = str;
+		ad.info = str;
-		aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL);
+		aa_audit_msg(AUDIT_APPARMOR_STATUS, &ad, NULL);
 	}
 	printk(KERN_INFO "AppArmor: %s\n", str);
 }
@@ -282,21 +282,22 @@ void aa_audit_perm_mask(struct audit_buffer *ab, u32 mask, const char *chrs,
 static void aa_audit_perms_cb(struct audit_buffer *ab, void *va)
 {
 	struct common_audit_data *sa = va;
+	struct apparmor_audit_data *ad = aad(sa);
-	if (aad(sa)->request) {
+	if (ad->request) {
 		audit_log_format(ab, " requested_mask=");
-		aa_audit_perm_mask(ab, aad(sa)->request, aa_file_perm_chrs,
+		aa_audit_perm_mask(ab, ad->request, aa_file_perm_chrs,
 				   PERMS_CHRS_MASK, aa_file_perm_names,
 				   PERMS_NAMES_MASK);
 	}
-	if (aad(sa)->denied) {
+	if (ad->denied) {
 		audit_log_format(ab, "denied_mask=");
-		aa_audit_perm_mask(ab, aad(sa)->denied, aa_file_perm_chrs,
+		aa_audit_perm_mask(ab, ad->denied, aa_file_perm_chrs,
 				   PERMS_CHRS_MASK, aa_file_perm_names,
 				   PERMS_NAMES_MASK);
 	}
 	audit_log_format(ab, " peer=");
-	aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer,
+	aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
 				      FLAGS_NONE, GFP_ATOMIC);
 }
@@ -350,21 +351,21 @@ void aa_profile_match_label(struct aa_profile *profile,
 /* currently unused */
 int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
 			  u32 request, int type, u32 *deny,
-			  struct common_audit_data *sa)
+			  struct apparmor_audit_data *ad)
 {
 	struct aa_ruleset *rules = list_first_entry(&profile->rules,
 						    typeof(*rules), list);
 	struct aa_perms perms;
-	aad(sa)->label = &profile->label;
+	ad->label = &profile->label;
-	aad(sa)->peer = &target->label;
+	ad->peer = &target->label;
-	aad(sa)->request = request;
+	ad->request = request;
 	aa_profile_match_label(profile, rules, &target->label, type, request,
 			       &perms);
 	aa_apply_modes_to_perms(profile, &perms);
 	*deny |= request & perms.deny;
-	return aa_check_perms(profile, &perms, request, sa, aa_audit_perms_cb);
+	return aa_check_perms(profile, &perms, request, ad, aa_audit_perms_cb);
 }
 /**
@@ -372,7 +373,7 @@ int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
 * @profile: profile being checked
 * @perms: perms computed for the request
 * @request: requested perms
- * @sa: initialized audit structure (MAY BE NULL if not auditing)
+ * @ad: initialized audit structure (MAY BE NULL if not auditing)
 * @cb: callback fn for type specific fields (MAY BE NULL)
 *
 * Returns: 0 if permission else error code
@@ -385,7 +386,7 @@ int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
 *	 with a positive value.
 */
 int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
-		   u32 request, struct common_audit_data *sa,
+		   u32 request, struct apparmor_audit_data *ad,
 		   void (*cb)(struct audit_buffer *, void *))
 {
 	int type, error;
@@ -394,7 +395,7 @@ int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
 	if (likely(!denied)) {
 		/* mask off perms that are not being force audited */
 		request &= perms->audit;
-		if (!request || !sa)
+		if (!request || !ad)
 			return 0;
 		type = AUDIT_APPARMOR_AUDIT;
@@ -413,16 +414,16 @@ int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
 			error = -ENOENT;
 		denied &= ~perms->quiet;
-		if (!sa || !denied)
+		if (!ad || !denied)
 			return error;
 	}
-	if (sa) {
+	if (ad) {
-		aad(sa)->label = &profile->label;
+		ad->label = &profile->label;
-		aad(sa)->request = request;
+		ad->request = request;
-		aad(sa)->denied = denied;
+		ad->denied = denied;
-		aad(sa)->error = error;
+		ad->error = error;
-		aa_audit_msg(type, sa, cb);
+		aa_audit_msg(type, ad, cb);
 	}
 	if (type == AUDIT_APPARMOR_ALLOWED)

--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -662,7 +662,7 @@ static int apparmor_setprocattr(const char *name, void *value,
 	char *command, *largs = NULL, *args = value;
 	size_t arg_size;
 	int error;
-	DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, AA_CLASS_NONE,
+	DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_NONE, AA_CLASS_NONE,
 			  OP_SETPROCATTR);
 	if (size == 0)
@@ -722,11 +722,11 @@ static int apparmor_setprocattr(const char *name, void *value,
 	return error;
 fail:
-	aad(&sa)->label = begin_current_label_crit_section();
+	ad.label = begin_current_label_crit_section();
-	aad(&sa)->info = name;
+	ad.info = name;
-	aad(&sa)->error = error = -EINVAL;
+	ad.error = error = -EINVAL;
-	aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL);
+	aa_audit_msg(AUDIT_APPARMOR_DENIED, &ad, NULL);
-	end_current_label_crit_section(aad(&sa)->label);
+	end_current_label_crit_section(ad.label);
 	goto out;
 }

--- a/security/apparmor/mount.c
+++ b/security/apparmor/mount.c
@@ -86,27 +86,28 @@ static void audit_mnt_flags(struct audit_buffer *ab, unsigned long flags)
 static void audit_cb(struct audit_buffer *ab, void *va)
 {
 	struct common_audit_data *sa = va;
+	struct apparmor_audit_data *ad = aad(sa);
-	if (aad(sa)->mnt.type) {
+	if (ad->mnt.type) {
 		audit_log_format(ab, " fstype=");
-		audit_log_untrustedstring(ab, aad(sa)->mnt.type);
+		audit_log_untrustedstring(ab, ad->mnt.type);
 	}
-	if (aad(sa)->mnt.src_name) {
+	if (ad->mnt.src_name) {
 		audit_log_format(ab, " srcname=");
-		audit_log_untrustedstring(ab, aad(sa)->mnt.src_name);
+		audit_log_untrustedstring(ab, ad->mnt.src_name);
 	}
-	if (aad(sa)->mnt.trans) {
+	if (ad->mnt.trans) {
 		audit_log_format(ab, " trans=");
-		audit_log_untrustedstring(ab, aad(sa)->mnt.trans);
+		audit_log_untrustedstring(ab, ad->mnt.trans);
 	}
-	if (aad(sa)->mnt.flags) {
+	if (ad->mnt.flags) {
 		audit_log_format(ab, " flags=\"");
-		audit_mnt_flags(ab, aad(sa)->mnt.flags);
+		audit_mnt_flags(ab, ad->mnt.flags);
 		audit_log_format(ab, "\"");
 	}
-	if (aad(sa)->mnt.data) {
+	if (ad->mnt.data) {
 		audit_log_format(ab, " options=");
-		audit_log_untrustedstring(ab, aad(sa)->mnt.data);
+		audit_log_untrustedstring(ab, ad->mnt.data);
 	}
 }
@@ -134,7 +135,7 @@ static int audit_mount(struct aa_profile *profile, const char *op,
 		       struct aa_perms *perms, const char *info, int error)
 {
 	int audit_type = AUDIT_APPARMOR_AUTO;
-	DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, AA_CLASS_MOUNT, op);
+	DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_NONE, AA_CLASS_MOUNT, op);
 	if (likely(!error)) {
 		u32 mask = perms->audit;
@@ -165,17 +166,17 @@ static int audit_mount(struct aa_profile *profile, const char *op,
 			return error;
 	}
-	aad(&sa)->name = name;
+	ad.name = name;
-	aad(&sa)->mnt.src_name = src_name;
+	ad.mnt.src_name = src_name;
-	aad(&sa)->mnt.type = type;
+	ad.mnt.type = type;
-	aad(&sa)->mnt.trans = trans;
+	ad.mnt.trans = trans;
-	aad(&sa)->mnt.flags = flags;
+	ad.mnt.flags = flags;
 	if (data && (perms->audit & AA_AUDIT_DATA))
-		aad(&sa)->mnt.data = data;
+		ad.mnt.data = data;
-	aad(&sa)->info = info;
+	ad.info = info;
-	aad(&sa)->error = error;
+	ad.error = error;
-	return aa_audit(audit_type, profile, &sa, audit_cb);
+	return aa_audit(audit_type, profile, &ad, audit_cb);
 }
 /**

--- a/security/apparmor/net.c
+++ b/security/apparmor/net.c
@@ -71,6 +71,7 @@ static const char * const net_mask_names[] = {
 void audit_net_cb(struct audit_buffer *ab, void *va)
 {
 	struct common_audit_data *sa = va;
+	struct apparmor_audit_data *ad = aad(sa);
 	if (address_family_names[sa->u.net->family])
 		audit_log_format(ab, " family=\"%s\"",
@@ -78,35 +79,36 @@ void audit_net_cb(struct audit_buffer *ab, void *va)
 	else
 		audit_log_format(ab, " family=\"unknown(%d)\"",
 				 sa->u.net->family);
-	if (sock_type_names[aad(sa)->net.type])
+	if (sock_type_names[ad->net.type])
 		audit_log_format(ab, " sock_type=\"%s\"",
-				 sock_type_names[aad(sa)->net.type]);
+				 sock_type_names[ad->net.type]);
 	else
 		audit_log_format(ab, " sock_type=\"unknown(%d)\"",
-				 aad(sa)->net.type);
+				 ad->net.type);
-	audit_log_format(ab, " protocol=%d", aad(sa)->net.protocol);
+	audit_log_format(ab, " protocol=%d", ad->net.protocol);
-	if (aad(sa)->request & NET_PERMS_MASK) {
+	if (ad->request & NET_PERMS_MASK) {
 		audit_log_format(ab, " requested_mask=");
-		aa_audit_perm_mask(ab, aad(sa)->request, NULL, 0,
+		aa_audit_perm_mask(ab, ad->request, NULL, 0,
 				   net_mask_names, NET_PERMS_MASK);
-		if (aad(sa)->denied & NET_PERMS_MASK) {
+		if (ad->denied & NET_PERMS_MASK) {
 			audit_log_format(ab, " denied_mask=");
-			aa_audit_perm_mask(ab, aad(sa)->denied, NULL, 0,
+			aa_audit_perm_mask(ab, ad->denied, NULL, 0,
 					   net_mask_names, NET_PERMS_MASK);
 		}
 	}
-	if (aad(sa)->peer) {
+	if (ad->peer) {
 		audit_log_format(ab, " peer=");
-		aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer,
+		aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
 				FLAGS_NONE, GFP_ATOMIC);
 	}
 }
 /* Generic af perm */
-int aa_profile_af_perm(struct aa_profile *profile, struct common_audit_data *sa,
+int aa_profile_af_perm(struct aa_profile *profile,
-		       u32 request, u16 family, int type)
+		       struct apparmor_audit_data *ad, u32 request, u16 family,
+		       int type)
 {
 	struct aa_ruleset *rules = list_first_entry(&profile->rules,
 						    typeof(*rules), list);
@@ -130,17 +132,17 @@ int aa_profile_af_perm(struct aa_profile *profile, struct common_audit_data *sa,
 	perms = *aa_lookup_perms(&rules->policy, state);
 	aa_apply_modes_to_perms(profile, &perms);
-	return aa_check_perms(profile, &perms, request, sa, audit_net_cb);
+	return aa_check_perms(profile, &perms, request, ad, audit_net_cb);
 }
 int aa_af_perm(struct aa_label *label, const char *op, u32 request, u16 family,
 	       int type, int protocol)
 {
 	struct aa_profile *profile;
-	DEFINE_AUDIT_NET(sa, op, NULL, family, type, protocol);
+	DEFINE_AUDIT_NET(ad, op, NULL, family, type, protocol);
 	return fn_for_each_confined(label, profile,
-			aa_profile_af_perm(profile, &sa, request, family,
+			aa_profile_af_perm(profile, &ad, request, family,
 					   type));
 }
@@ -155,10 +157,10 @@ static int aa_label_sk_perm(struct aa_label *label, const char *op, u32 request,
 	if (ctx->label != kernel_t && !unconfined(label)) {
 		struct aa_profile *profile;
-		DEFINE_AUDIT_SK(sa, op, sk);
+		DEFINE_AUDIT_SK(ad, op, sk);
 		error = fn_for_each_confined(label, profile,
-			    aa_profile_af_sk_perm(profile, &sa, request, sk));
+			    aa_profile_af_sk_perm(profile, &ad, request, sk));
 	}
 	return error;
@@ -214,7 +216,7 @@ static int apparmor_secmark_init(struct aa_secmark *secmark)
 }
 static int aa_secmark_perm(struct aa_profile *profile, u32 request, u32 secid,
-			   struct common_audit_data *sa)
+			   struct apparmor_audit_data *ad)
 {
 	int i, ret;
 	struct aa_perms perms = { };
@@ -245,17 +247,17 @@ static int aa_secmark_perm(struct aa_profile *profile, u32 request, u32 secid,
 	aa_apply_modes_to_perms(profile, &perms);
-	return aa_check_perms(profile, &perms, request, sa, audit_net_cb);
+	return aa_check_perms(profile, &perms, request, ad, audit_net_cb);
 }
 int apparmor_secmark_check(struct aa_label *label, char *op, u32 request,
 			   u32 secid, const struct sock *sk)
 {
 	struct aa_profile *profile;
-	DEFINE_AUDIT_SK(sa, op, sk);
+	DEFINE_AUDIT_SK(ad, op, sk);
 	return fn_for_each_confined(label, profile,
 				    aa_secmark_perm(profile, request, secid,
-						    &sa));
+						    &ad));
 }
 #endif
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -723,10 +723,11 @@ static int replacement_allowed(struct aa_profile *profile, int noreplace,
 static void audit_cb(struct audit_buffer *ab, void *va)
 {
 	struct common_audit_data *sa = va;
+	struct apparmor_audit_data *ad = aad(sa);
-	if (aad(sa)->iface.ns) {
+	if (ad->iface.ns) {
 		audit_log_format(ab, " ns=");
-		audit_log_untrustedstring(ab, aad(sa)->iface.ns);
+		audit_log_untrustedstring(ab, ad->iface.ns);
 	}
 }
@@ -745,15 +746,15 @@ static int audit_policy(struct aa_label *label, const char *op,
 			const char *ns_name, const char *name,
 			const char *info, int error)
 {
-	DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, AA_CLASS_NONE, op);
+	DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_NONE, AA_CLASS_NONE, op);
-	aad(&sa)->iface.ns = ns_name;
+	ad.iface.ns = ns_name;
-	aad(&sa)->name = name;
+	ad.name = name;
-	aad(&sa)->info = info;
+	ad.info = info;
-	aad(&sa)->error = error;
+	ad.error = error;
-	aad(&sa)->label = label;
+	ad.label = label;
-	aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, audit_cb);
+	aa_audit_msg(AUDIT_APPARMOR_STATUS, &ad, audit_cb);
 	return error;
 }

--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -34,17 +34,18 @@
 static void audit_cb(struct audit_buffer *ab, void *va)
 {
 	struct common_audit_data *sa = va;
+	struct apparmor_audit_data *ad = aad(sa);
-	if (aad(sa)->iface.ns) {
+	if (ad->iface.ns) {
 		audit_log_format(ab, " ns=");
-		audit_log_untrustedstring(ab, aad(sa)->iface.ns);
+		audit_log_untrustedstring(ab, ad->iface.ns);
 	}
-	if (aad(sa)->name) {
+	if (ad->name) {
 		audit_log_format(ab, " name=");
-		audit_log_untrustedstring(ab, aad(sa)->name);
+		audit_log_untrustedstring(ab, ad->name);
 	}
-	if (aad(sa)->iface.pos)
+	if (ad->iface.pos)
-		audit_log_format(ab, " offset=%ld", aad(sa)->iface.pos);
+		audit_log_format(ab, " offset=%ld", ad->iface.pos);
 }
 /**
@@ -63,18 +64,18 @@ static int audit_iface(struct aa_profile *new, const char *ns_name,
 		       int error)
 {
 	struct aa_profile *profile = labels_profile(aa_current_raw_label());
-	DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, AA_CLASS_NONE, NULL);
+	DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_NONE, AA_CLASS_NONE, NULL);
 	if (e)
-		aad(&sa)->iface.pos = e->pos - e->start;
+		ad.iface.pos = e->pos - e->start;
-	aad(&sa)->iface.ns = ns_name;
+	ad.iface.ns = ns_name;
 	if (new)
-		aad(&sa)->name = new->base.hname;
+		ad.name = new->base.hname;
 	else
-		aad(&sa)->name = name;
+		ad.name = name;
-	aad(&sa)->info = info;
+	ad.info = info;
-	aad(&sa)->error = error;
+	ad.error = error;
-	return aa_audit(AUDIT_APPARMOR_STATUS, profile, &sa, audit_cb);
+	return aa_audit(AUDIT_APPARMOR_STATUS, profile, &ad, audit_cb);
 }
 void __aa_loaddata_update(struct aa_loaddata *data, long revision)

--- a/security/apparmor/resource.c
+++ b/security/apparmor/resource.c
@@ -30,12 +30,13 @@ struct aa_sfs_entry aa_sfs_entry_rlimit[] = {
 static void audit_cb(struct audit_buffer *ab, void *va)
 {
 	struct common_audit_data *sa = va;
+	struct apparmor_audit_data *ad = aad(sa);
 	audit_log_format(ab, " rlimit=%s value=%lu",
-			 rlim_names[aad(sa)->rlim.rlim], aad(sa)->rlim.max);
+			 rlim_names[ad->rlim.rlim], ad->rlim.max);
-	if (aad(sa)->peer) {
+	if (ad->peer) {
 		audit_log_format(ab, " peer=");
-		aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer,
+		aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
 				FLAGS_NONE, GFP_ATOMIC);
 	}
 }
@@ -49,22 +50,22 @@ static void audit_cb(struct audit_buffer *ab, void *va)
 * @info: info being auditing
 * @error: error value
 *
- * Returns: 0 or sa->error else other error code on failure
+ * Returns: 0 or ad->error else other error code on failure
 */
 static int audit_resource(struct aa_profile *profile, unsigned int resource,
 			  unsigned long value, struct aa_label *peer,
 			  const char *info, int error)
 {
-	DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, AA_CLASS_RLIMITS,
+	DEFINE_AUDIT_DATA(ad, LSM_AUDIT_DATA_NONE, AA_CLASS_RLIMITS,
 			  OP_SETRLIMIT);
-	aad(&sa)->rlim.rlim = resource;
+	ad.rlim.rlim = resource;
-	aad(&sa)->rlim.max = value;
+	ad.rlim.max = value;
-	aad(&sa)->peer = peer;
+	ad.peer = peer;
-	aad(&sa)->info = info;
+	ad.info = info;
-	aad(&sa)->error = error;
+	ad.error = error;
-	return aa_audit(AUDIT_APPARMOR_AUTO, profile, &sa, audit_cb);
+	return aa_audit(AUDIT_APPARMOR_AUTO, profile, &ad, audit_cb);
 }
 /**

--- a/security/apparmor/task.c
+++ b/security/apparmor/task.c
@@ -205,18 +205,19 @@ static const char *audit_ptrace_mask(u32 mask)
 static void audit_ptrace_cb(struct audit_buffer *ab, void *va)
 {
 	struct common_audit_data *sa = va;
+	struct apparmor_audit_data *ad = aad(sa);
-	if (aad(sa)->request & AA_PTRACE_PERM_MASK) {
+	if (ad->request & AA_PTRACE_PERM_MASK) {
 		audit_log_format(ab, " requested_mask=\"%s\"",
-				 audit_ptrace_mask(aad(sa)->request));
+				 audit_ptrace_mask(ad->request));
-		if (aad(sa)->denied & AA_PTRACE_PERM_MASK) {
+		if (ad->denied & AA_PTRACE_PERM_MASK) {
 			audit_log_format(ab, " denied_mask=\"%s\"",
-					 audit_ptrace_mask(aad(sa)->denied));
+					 audit_ptrace_mask(ad->denied));
 		}
 	}
 	audit_log_format(ab, " peer=");
-	aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer,
+	aa_label_xaudit(ab, labels_ns(ad->label), ad->peer,
 			FLAGS_NONE, GFP_ATOMIC);
 }
@@ -224,51 +225,51 @@ static void audit_ptrace_cb(struct audit_buffer *ab, void *va)
 /* TODO: conditionals */
 static int profile_ptrace_perm(struct aa_profile *profile,
 			     struct aa_label *peer, u32 request,
-			     struct common_audit_data *sa)
+			     struct apparmor_audit_data *ad)
 {
 	struct aa_ruleset *rules = list_first_entry(&profile->rules,
 						    typeof(*rules), list);
 	struct aa_perms perms = { };
-	aad(sa)->peer = peer;
+	ad->peer = peer;
 	aa_profile_match_label(profile, rules, peer, AA_CLASS_PTRACE, request,
 			       &perms);
 	aa_apply_modes_to_perms(profile, &perms);
-	return aa_check_perms(profile, &perms, request, sa, audit_ptrace_cb);
+	return aa_check_perms(profile, &perms, request, ad, audit_ptrace_cb);
 }
 static int profile_tracee_perm(struct aa_profile *tracee,
 			       struct aa_label *tracer, u32 request,
-			       struct common_audit_data *sa)
+			       struct apparmor_audit_data *ad)
 {
 	if (profile_unconfined(tracee) || unconfined(tracer) ||
 	    !ANY_RULE_MEDIATES(&tracee->rules, AA_CLASS_PTRACE))
 		return 0;
-	return profile_ptrace_perm(tracee, tracer, request, sa);
+	return profile_ptrace_perm(tracee, tracer, request, ad);
 }
 static int profile_tracer_perm(struct aa_profile *tracer,
 			       struct aa_label *tracee, u32 request,
-			       struct common_audit_data *sa)
+			       struct apparmor_audit_data *ad)
 {
 	if (profile_unconfined(tracer))
 		return 0;
 	if (ANY_RULE_MEDIATES(&tracer->rules, AA_CLASS_PTRACE))
-		return profile_ptrace_perm(tracer, tracee, request, sa);
+		return profile_ptrace_perm(tracer, tracee, request, ad);
 	/* profile uses the old style capability check for ptrace */
 	if (&tracer->label == tracee)
 		return 0;
-	aad(sa)->label = &tracer->label;
+	ad->label = &tracer->label;
-	aad(sa)->peer = tracee;
+	ad->peer = tracee;
-	aad(sa)->request = 0;
+	ad->request = 0;
-	aad(sa)->error = aa_capable(&tracer->label, CAP_SYS_PTRACE,
+	ad->error = aa_capable(&tracer->label, CAP_SYS_PTRACE,
 				    CAP_OPT_NONE);
-	return aa_audit(AUDIT_APPARMOR_AUTO, tracer, sa, audit_ptrace_cb);
+	return aa_audit(AUDIT_APPARMOR_AUTO, tracer, ad, audit_ptrace_cb);
 }
 /**