Message ID | 54F822FE.6080005@canonical.com |
---|---|
State | New |
Headers | show |
On Thu, Mar 05, 2015 at 01:33:50AM -0800, John Johansen wrote: > Fix for out of tree AppArmor 3 patches. > > BugLink: http://bugs.launchpad.net/bugs/1408833 > > Fix 2 issues around the mediation of file base unix domain sockets. > * Add auditing of deleted/shutdown file based unix domains sockets so > that the denials can be correctly evalated. > * fix the permission request mask so that it is correct for the > deleted/shutdown socket case. > > Signed-off-by: John Johansen <john.johansen@canonical.com> > > diff --git a/security/apparmor/af_unix.c b/security/apparmor/af_unix.c > index 73bd94d..62e7fd1 100644 > --- a/security/apparmor/af_unix.c > +++ b/security/apparmor/af_unix.c > @@ -31,32 +31,31 @@ static inline int unix_fs_perm(int op, u32 mask, struct aa_label *label, > if (unconfined(label) || !LABEL_MEDIATES(label, AA_CLASS_FILE)) > return 0; > > + mask &= NET_FS_PERMS; > if (!u->path.dentry) { > struct path_cond cond = { }; > struct file_perms perms = { }; > struct aa_profile *profile; > > - /* socket path has been cleared because it is being shutdown */ > - /* TODO: fix flags */ > - if (!(flags & PATH_MEDIATE_DELETED)) > - return -EACCES; > - /* Mediate at original socket location */ > - /* TODO: ns disconnected paths */ > - /* TODO: after switch to newer audit provide deleted/shutdown > - * message as part of audit info > + /* socket path has been cleared because it is being shutdown > + * can only fall back to original sun_path request > */ > return fn_for_each_confined(label, profile, > + ((flags | profile->path_flags) & PATH_MEDIATE_DELETED) ? > __aa_path_perm(op, profile, > - u->addr->name->sun_path, > - mask, &cond, flags, &perms)); > + u->addr->name->sun_path, mask, > + &cond, flags, &perms) : > + aa_audit_file(profile, &nullperms, op, mask, > + u->addr->name->sun_path, NULL, > + cond.uid, "Failed name lookup - " > + "deleted entry", -EACCES)); > } else { > /* the sunpath may not be valid for this ns so use the path */ > struct path_cond cond = { u->path.dentry->d_inode->i_uid, > u->path.dentry->d_inode->i_mode > }; > > - return aa_path_perm(op, label, &u->path, flags, mask & NET_FS_PERMS, > - &cond); > + return aa_path_perm(op, label, &u->path, flags, mask, &cond); > } > > return 0; > Looks to do what is claimed. Acked-by: Andy Whitcroft <apw@canonical.com> -apw
Appears to do what it claims, but more importantly has some successful testing.
Applied to Vivid. Ack'ing for Utopic: Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com> On Thu, 2015-03-05 at 01:33 -0800, John Johansen wrote: > Fix for out of tree AppArmor 3 patches. > > BugLink: http://bugs.launchpad.net/bugs/1408833 > > Fix 2 issues around the mediation of file base unix domain sockets. > * Add auditing of deleted/shutdown file based unix domains sockets so > that the denials can be correctly evalated. > * fix the permission request mask so that it is correct for the > deleted/shutdown socket case. > > Signed-off-by: John Johansen <john.johansen@canonical.com> > > diff --git a/security/apparmor/af_unix.c b/security/apparmor/af_unix.c > index 73bd94d..62e7fd1 100644 > --- a/security/apparmor/af_unix.c > +++ b/security/apparmor/af_unix.c > @@ -31,32 +31,31 @@ static inline int unix_fs_perm(int op, u32 mask, struct aa_label *label, > if (unconfined(label) || !LABEL_MEDIATES(label, AA_CLASS_FILE)) > return 0; > > + mask &= NET_FS_PERMS; > if (!u->path.dentry) { > struct path_cond cond = { }; > struct file_perms perms = { }; > struct aa_profile *profile; > > - /* socket path has been cleared because it is being shutdown */ > - /* TODO: fix flags */ > - if (!(flags & PATH_MEDIATE_DELETED)) > - return -EACCES; > - /* Mediate at original socket location */ > - /* TODO: ns disconnected paths */ > - /* TODO: after switch to newer audit provide deleted/shutdown > - * message as part of audit info > + /* socket path has been cleared because it is being shutdown > + * can only fall back to original sun_path request > */ > return fn_for_each_confined(label, profile, > + ((flags | profile->path_flags) & PATH_MEDIATE_DELETED) ? > __aa_path_perm(op, profile, > - u->addr->name->sun_path, > - mask, &cond, flags, &perms)); > + u->addr->name->sun_path, mask, > + &cond, flags, &perms) : > + aa_audit_file(profile, &nullperms, op, mask, > + u->addr->name->sun_path, NULL, > + cond.uid, "Failed name lookup - " > + "deleted entry", -EACCES)); > } else { > /* the sunpath may not be valid for this ns so use the path */ > struct path_cond cond = { u->path.dentry->d_inode->i_uid, > u->path.dentry->d_inode->i_mode > }; > > - return aa_path_perm(op, label, &u->path, flags, mask & NET_FS_PERMS, > - &cond); > + return aa_path_perm(op, label, &u->path, flags, mask, &cond); > } > > return 0; >
Applied to utopic. -apw
Applied to utopic. -apw
diff --git a/security/apparmor/af_unix.c b/security/apparmor/af_unix.c index 73bd94d..62e7fd1 100644 --- a/security/apparmor/af_unix.c +++ b/security/apparmor/af_unix.c @@ -31,32 +31,31 @@ static inline int unix_fs_perm(int op, u32 mask, struct aa_label *label, if (unconfined(label) || !LABEL_MEDIATES(label, AA_CLASS_FILE)) return 0; + mask &= NET_FS_PERMS; if (!u->path.dentry) { struct path_cond cond = { }; struct file_perms perms = { }; struct aa_profile *profile; - /* socket path has been cleared because it is being shutdown */ - /* TODO: fix flags */ - if (!(flags & PATH_MEDIATE_DELETED)) - return -EACCES; - /* Mediate at original socket location */ - /* TODO: ns disconnected paths */ - /* TODO: after switch to newer audit provide deleted/shutdown - * message as part of audit info + /* socket path has been cleared because it is being shutdown + * can only fall back to original sun_path request */ return fn_for_each_confined(label, profile, + ((flags | profile->path_flags) & PATH_MEDIATE_DELETED) ? __aa_path_perm(op, profile, - u->addr->name->sun_path, - mask, &cond, flags, &perms)); + u->addr->name->sun_path, mask, + &cond, flags, &perms) : + aa_audit_file(profile, &nullperms, op, mask, + u->addr->name->sun_path, NULL, + cond.uid, "Failed name lookup - " + "deleted entry", -EACCES)); } else { /* the sunpath may not be valid for this ns so use the path */ struct path_cond cond = { u->path.dentry->d_inode->i_uid, u->path.dentry->d_inode->i_mode }; - return aa_path_perm(op, label, &u->path, flags, mask & NET_FS_PERMS, - &cond); + return aa_path_perm(op, label, &u->path, flags, mask, &cond); } return 0;
Fix for out of tree AppArmor 3 patches. BugLink: http://bugs.launchpad.net/bugs/1408833 Fix 2 issues around the mediation of file base unix domain sockets. * Add auditing of deleted/shutdown file based unix domains sockets so that the denials can be correctly evalated. * fix the permission request mask so that it is correct for the deleted/shutdown socket case. Signed-off-by: John Johansen <john.johansen@canonical.com>