diff options
| -rw-r--r-- | security/apparmor/af_unix.c | 4 | ||||
| -rw-r--r-- | security/apparmor/include/audit.h | 4 | ||||
| -rw-r--r-- | security/apparmor/net.c | 20 |
3 files changed, 18 insertions, 10 deletions
diff --git a/security/apparmor/af_unix.c b/security/apparmor/af_unix.c index 53ccf9becdf7..03d44fa19d12 100644 --- a/security/apparmor/af_unix.c +++ b/security/apparmor/af_unix.c @@ -584,8 +584,8 @@ static int unix_peer_perm(const struct cred *subj_cred, struct aa_profile *profile; DEFINE_AUDIT_SK(ad, op, subj_cred, sk); - ad.net.addr = peer_addr; - ad.net.addrlen = peer_addrlen; + ad.net.peer.addr = peer_addr; + ad.net.peer.addrlen = peer_addrlen; return fn_for_each_confined(label, profile, profile_peer_perm(profile, request, sk, diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index 365bc67dd150..1a71a94ea19c 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -140,6 +140,10 @@ struct apparmor_audit_data { int type, protocol; void *addr; int addrlen; + struct { + void *addr; + int addrlen; + } peer; } net; }; }; diff --git a/security/apparmor/net.c b/security/apparmor/net.c index e6f9e11eaa6a..2da554cc3a35 100644 --- a/security/apparmor/net.c +++ b/security/apparmor/net.c @@ -99,10 +99,15 @@ static void audit_unix_sk_addr(struct audit_buffer *ab, const char *str, { const struct unix_sock *u = unix_sk(sk); - if (u && u->addr) - audit_unix_addr(ab, str, u->addr->name, u->addr->len); - else + if (u && u->addr) { + int addrlen; + struct sockaddr_un *addr = aa_sunaddr(u, &addrlen); + + audit_unix_addr(ab, str, addr, addrlen); + } else { audit_unix_addr(ab, str, NULL, 0); + + } } /* audit callback for net specific fields */ @@ -137,17 +142,16 @@ void audit_net_cb(struct audit_buffer *ab, void *va) } } if (ad->common.u.net->family == PF_UNIX) { - if ((ad->request & ~NET_PEER_MASK) && ad->net.addr) + if (ad->net.addr || !ad->common.u.net->sk) audit_unix_addr(ab, "addr", unix_addr(ad->net.addr), ad->net.addrlen); else audit_unix_sk_addr(ab, "addr", ad->common.u.net->sk); if (ad->request & NET_PEER_MASK) { - if (ad->net.addr) - audit_unix_addr(ab, "peer_addr", - unix_addr(ad->net.addr), - ad->net.addrlen); + audit_unix_addr(ab, "peer_addr", + unix_addr(ad->net.peer.addr), + ad->net.peer.addrlen); } } if (ad->peer) { |