apparmor: fix af_unix auditing to include all address information (a30a9fdb) · Commits · git / linux-net

security/apparmor/af_unix.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -584,8 +584,8 @@ static int unix_peer_perm(const struct cred *subj_cred,
		struct aa_profile *profile;
		DEFINE_AUDIT_SK(ad, op, subj_cred, sk);

		ad.net.addr = peer_addr;
		ad.net.addrlen = peer_addrlen;
		ad.net.peer.addr = peer_addr;
		ad.net.peer.addrlen = peer_addrlen;

		return fn_for_each_confined(label, profile,
		profile_peer_perm(profile, request, sk,

+4 −0

+12 −8

Original line number	Diff line number	Diff line
		@@ -99,10 +99,15 @@ static void audit_unix_sk_addr(struct audit_buffer ab, const char str,
		{
		const struct unix_sock *u = unix_sk(sk);

		if (u && u->addr)
		audit_unix_addr(ab, str, u->addr->name, u->addr->len);
		else
		if (u && u->addr) {
		int addrlen;
		struct sockaddr_un *addr = aa_sunaddr(u, &addrlen);

		audit_unix_addr(ab, str, addr, addrlen);
		} else {
		audit_unix_addr(ab, str, NULL, 0);

		}
		}

		/* audit callback for net specific fields */
		@@ -137,17 +142,16 @@ void audit_net_cb(struct audit_buffer ab, void va)
		}
		}
		if (ad->common.u.net->family == PF_UNIX) {
		if ((ad->request & ~NET_PEER_MASK) && ad->net.addr)
		if (ad->net.addr \|\| !ad->common.u.net->sk)
		audit_unix_addr(ab, "addr",
		unix_addr(ad->net.addr),
		ad->net.addrlen);
		else
		audit_unix_sk_addr(ab, "addr", ad->common.u.net->sk);
		if (ad->request & NET_PEER_MASK) {
		if (ad->net.addr)
		audit_unix_addr(ab, "peer_addr",
		unix_addr(ad->net.addr),
		ad->net.addrlen);
		unix_addr(ad->net.peer.addr),
		ad->net.peer.addrlen);
		}
		}
		if (ad->peer) {