ACK: [PATCH][VIVID][WILY][XENIAL] UBUNTU: SAUCE: (no-up): apparmor: fix for failed mediation of socket that is being shutdown
Brad Figg
brad.figg at canonical.com
Tue Jan 26 16:34:56 UTC 2016
On Mon, Jan 25, 2016 at 06:10:11PM -0600, Tyler Hicks wrote:
> From: John Johansen <john.johansen at canonical.com>
>
> BugLink: http://bugs.launchpad.net/bugs/1446906
>
> This is a horrendous HACK, that is a temporary fix until typesplitting
> can land.
>
> Store off the path reference on connection to make up for the path
> being wiped out on socket shutdown.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> Reviewed-by: Tyler Hicks <tyhicks at canonical.com>
> ---
> security/apparmor/af_unix.c | 4 ++++
> security/apparmor/include/net.h | 2 ++
> security/apparmor/lsm.c | 20 ++++++++++++++++++++
> 3 files changed, 26 insertions(+)
>
> diff --git a/security/apparmor/af_unix.c b/security/apparmor/af_unix.c
> index 62e7fd1..1da5ee6 100644
> --- a/security/apparmor/af_unix.c
> +++ b/security/apparmor/af_unix.c
> @@ -40,6 +40,10 @@ static inline int unix_fs_perm(int op, u32 mask, struct aa_label *label,
> /* socket path has been cleared because it is being shutdown
> * can only fall back to original sun_path request
> */
> + struct aa_sk_cxt *cxt = SK_CXT(&u->sk);
> + if (cxt->path.dentry)
> + return aa_path_perm(op, label, &cxt->path, flags, mask,
> + &cond);
> return fn_for_each_confined(label, profile,
> ((flags | profile->path_flags) & PATH_MEDIATE_DELETED) ?
> __aa_path_perm(op, profile,
> diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h
> index 4a5fae5..1aedbf6 100644
> --- a/security/apparmor/include/net.h
> +++ b/security/apparmor/include/net.h
> @@ -16,6 +16,7 @@
> #define __AA_NET_H
>
> #include <net/sock.h>
> +#include <linux/path.h>
>
> #include "apparmorfs.h"
> #include "label.h"
> @@ -52,6 +53,7 @@
> struct aa_sk_cxt {
> struct aa_label *label;
> struct aa_label *peer;
> + struct path path;
> };
>
> #define SK_CXT(X) (X)->sk_security
> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> index 87f470c..f8a1a6d 100644
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -754,6 +754,7 @@ static void apparmor_sk_free_security(struct sock *sk)
> SK_CXT(sk) = NULL;
> aa_put_label(cxt->label);
> aa_put_label(cxt->peer);
> + path_put(&cxt->path);
> kfree(cxt);
> }
>
> @@ -768,6 +769,17 @@ static void apparmor_sk_clone_security(const struct sock *sk,
>
> new->label = aa_get_label(cxt->label);
> new->peer = aa_get_label(cxt->peer);
> + new->path = cxt->path;
> + path_get(&new->path);
> +}
> +
> +static struct path *UNIX_FS_CONN_PATH(struct sock *sk, struct sock *newsk)
> +{
> + if (sk->sk_family == PF_UNIX && UNIX_FS(sk))
> + return &unix_sk(sk)->path;
> + else if (newsk->sk_family == PF_UNIX && UNIX_FS(newsk))
> + return &unix_sk(newsk)->path;
> + return NULL;
> }
>
> /**
> @@ -782,6 +794,7 @@ static int apparmor_unix_stream_connect(struct sock *sk, struct sock *peer_sk,
> struct aa_sk_cxt *peer_cxt = SK_CXT(peer_sk);
> struct aa_sk_cxt *new_cxt = SK_CXT(newsk);
> struct aa_label *label;
> + struct path *path;
> int error;
>
> label = aa_begin_current_label();
> @@ -817,6 +830,13 @@ static int apparmor_unix_stream_connect(struct sock *sk, struct sock *peer_sk,
> new_cxt->peer = aa_get_label(sk_cxt->label);
> sk_cxt->peer = aa_get_label(peer_cxt->label);
>
> + path = UNIX_FS_CONN_PATH(sk, peer_sk);
> + if (path) {
> + new_cxt->path = *path;
> + sk_cxt->path = *path;
> + path_get(path);
> + path_get(path);
> + }
> return 0;
> }
>
> --
> 2.5.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Positive testing
--
Brad Figg brad.figg at canonical.com http://www.canonical.com
More information about the kernel-team
mailing list