apparmor: fix documentation mismatches in val_mask_to_str and socket functions

This patch fixes kernel-doc warnings:
1. val_mask_to_str:
- Added missing descriptions for `size` and `table` parameters.
- Removed outdated str_size and chrs references.
2. Socket Functions:
- Makes non-null requirements clear for socket/address args.
- Standardizes return values per kernel conventions.
- Adds Unix domain socket protocol details.

These changes silence doc validation warnings and improve accuracy for
AppArmor LSM docs.

Signed-off-by: Peng Jiang <jiang.peng9@zte.com.cn>
Signed-off-by: John Johansen <john.johansen@canonical.com>

2 files changed, 23 insertions, 3 deletions

diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index 7d43f6a62404..82dbb97ad406 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -85,7 +85,7 @@ int aa_parse_debug_params(const char *str)
  * val_mask_to_str - convert a perm mask to its short string
  * @str: character buffer to store string in (at least 10 characters)
  * @size: size of the @str buffer
- * @table: NUL-terminated character buffer of permission characters
+ * @table: NUL-terminated character buffer of permission characters (NOT NULL)
  * @mask: permission mask to convert
  */
 static int val_mask_to_str(char *str, size_t size,
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 09fe237e5324..97f0f25a3cfa 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1186,6 +1186,10 @@ static void unix_connect_peers(struct aa_sk_ctx *sk_ctx,
  * @peer_sk: sk that is accepting the connection
  * @newsk: new sk created for this connection
  * peer is locked when this hook is called
+ *
+ * Return:
+ *   0 if connection is permitted
+ *   error code on denial or failure
  */
 static int apparmor_unix_stream_connect(struct sock *sk, struct sock *peer_sk,
 					struct sock *newsk)
@@ -1221,8 +1225,16 @@ static int apparmor_unix_stream_connect(struct sock *sk, struct sock *peer_sk,
  * @sock: socket sending the message
  * @peer: socket message is being send to
  *
+ * Performs bidirectional permission checks for Unix domain socket communication:
+ * 1. Verifies sender has AA_MAY_SEND to target socket
+ * 2. Verifies receiver has AA_MAY_RECEIVE from source socket
+ *
  * sock and peer are locked when this hook is called
  * called by: dgram_connect peer setup but path not copied to newsk
+ *
+ * Return:
+ *   0 if transmission is permitted
+ *   error code on denial or failure
  */
 static int apparmor_unix_may_send(struct socket *sock, struct socket *peer)
 {
@@ -1339,9 +1351,17 @@ static int apparmor_socket_socketpair(struct socket *socka,
 
 /**
  * apparmor_socket_bind - check perms before bind addr to socket
- * @sock: socket to bind the address to
- * @address: address that is being bound
+ * @sock: socket to bind the address to (must be non-NULL)
+ * @address: address that is being bound (must be non-NULL)
  * @addrlen: length of @address
+ *
+ * Performs security checks before allowing a socket to bind to an address.
+ * Handles Unix domain sockets specially through aa_unix_bind_perm().
+ * For other socket families, uses generic permission check via aa_sk_perm().
+ *
+ * Return:
+ *   0 if binding is permitted
+ *   error code on denial or invalid parameters
  */
 static int apparmor_socket_bind(struct socket *sock,
 				struct sockaddr *address, int addrlen)