[Acked] [PATCH][Raring] apparmor: Fix quieting of audit messages for network mediation

Tue Apr 9 12:30:22 UTC 2013

On Tue, Apr 09, 2013 at 04:32:48AM -0700, John Johansen wrote:
> The following changes since commit 82983bbf61f02dec860e266217f002c18a06006e:
> 
>   UBUNTU: Ubuntu-3.8.0-17.27 (2013-04-07 07:07:23 -0600)
> 
> are available in the git repository at:
> 
>   git://kernel.ubuntu.com/jj/ubuntu-raring.git lp1163259
> 
> for you to fetch changes up to 881e7c4de917c7478ba1f1d75bc5b05b88c0423b:
> 
>   UBUNTU: SAUCE: apparmor: Fix quieting of audit messages for network mediation (2013-04-09 02:05:39 -0700)
> 
> ----------------------------------------------------------------
> John Johansen (1):
>       UBUNTU: SAUCE: apparmor: Fix quieting of audit messages for network mediation
> 
>  security/apparmor/net.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> ---
> 
> From 881e7c4de917c7478ba1f1d75bc5b05b88c0423b Mon Sep 17 00:00:00 2001
> From: John Johansen <john.johansen at canonical.com>
> Date: Fri, 29 Jun 2012 17:34:00 -0700
> Subject: [PATCH] UBUNTU: SAUCE: apparmor: Fix quieting of audit messages for
>  network mediation
> 
> This fixes a bug in the apparmor networking patch that is not upstream
> because it is being replaced by a newer patch.
> 
> BugLink: http://bugs.launchpad.net/bugs/1163259
> 
> If a profile specified a quieting of network denials for a given rule by
> either the quiet or deny rule qualifiers, the resultant quiet mask for
> denied requests was applied incorrectly, resulting in two potential bugs.
> 1. The misapplied quiet mask would prevent denials from being correctly
>    tested against the kill mask/mode. Thus network access requests that
>    should have resulted in the application being killed did not.
> 
> 2. The actual quieting of the denied network request was not being applied.
>    This would result in network rejections always being logged even when
>    they had been specifically marked as quieted.
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
>  security/apparmor/net.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/security/apparmor/net.c b/security/apparmor/net.c
> index 003dd18..6e6e5c9 100644
> --- a/security/apparmor/net.c
> +++ b/security/apparmor/net.c
> @@ -88,7 +88,7 @@ static int audit_net(struct aa_profile *profile, int op, u16 family, int type,
>  	} else {
>  		u16 quiet_mask = profile->net.quiet[sa.u.net->family];
>  		u16 kill_mask = 0;
> -		u16 denied = (1 << sa.aad->net.type) & ~quiet_mask;
> +		u16 denied = (1 << sa.aad->net.type);
>  
>  		if (denied & kill_mask)
>  			audit_type = AUDIT_APPARMOR_KILL;
> -- 

The following stanzas definatly expect the bits to be unmasked as they
further mask against quiet_mask which would make no sense.  Seems to do
what is proposed.

Acked-by: Andy Whitcroft <apw at canonical.com>

-apw