From a30a9fdb66319466a7c76b455524d27c75d2b05b Mon Sep 17 00:00:00 2001 From: John Johansen Date: Sat, 14 Jun 2025 13:49:02 -0700 Subject: apparmor: fix af_unix auditing to include all address information The auditing of addresses currently doesn't include the source address and mixes source and foreign/peer under the same audit name. Fix this so source is always addr, and the foreign/peer is peer_addr. Fixes: c05e705812d1 ("apparmor: add fine grained af_unix mediation") Signed-off-by: John Johansen --- security/apparmor/net.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'security/apparmor/net.c') diff --git a/security/apparmor/net.c b/security/apparmor/net.c index e6f9e11eaa6a..2da554cc3a35 100644 --- a/security/apparmor/net.c +++ b/security/apparmor/net.c @@ -99,10 +99,15 @@ static void audit_unix_sk_addr(struct audit_buffer *ab, const char *str, { const struct unix_sock *u = unix_sk(sk); - if (u && u->addr) - audit_unix_addr(ab, str, u->addr->name, u->addr->len); - else + if (u && u->addr) { + int addrlen; + struct sockaddr_un *addr = aa_sunaddr(u, &addrlen); + + audit_unix_addr(ab, str, addr, addrlen); + } else { audit_unix_addr(ab, str, NULL, 0); + + } } /* audit callback for net specific fields */ @@ -137,17 +142,16 @@ void audit_net_cb(struct audit_buffer *ab, void *va) } } if (ad->common.u.net->family == PF_UNIX) { - if ((ad->request & ~NET_PEER_MASK) && ad->net.addr) + if (ad->net.addr || !ad->common.u.net->sk) audit_unix_addr(ab, "addr", unix_addr(ad->net.addr), ad->net.addrlen); else audit_unix_sk_addr(ab, "addr", ad->common.u.net->sk); if (ad->request & NET_PEER_MASK) { - if (ad->net.addr) - audit_unix_addr(ab, "peer_addr", - unix_addr(ad->net.addr), - ad->net.addrlen); + audit_unix_addr(ab, "peer_addr", + unix_addr(ad->net.peer.addr), + ad->net.peer.addrlen); } } if (ad->peer) { -- cgit