[SRU][Q][PATCH 0/2] fix network mediation issues

[Georgia Garcia]

BugLink: https://bugs.launchpad.net/bugs/2142860

SRU Justification:

[Impact]

During a rebase the code to wire in the fine grained inet mediation
for sock_file_perm got dropped. This breaks network mediation if
v8/v9 fine grained inet mediation is used, which was the case for
the policy that was updated to use abi 5.0 added in apparmor 5.0.0~alpha2

[Fix]

Cherry-pick resolute:linux commits:
5240899d3fb2e01b88ecceb2c53921dd64b74c75
7cb6769a2d96ab3b6da8ca401936a22745523bad

[Test Plan]

There are two test cases:

1. using flatpak:
$ sudo apt install flatpak
$ flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
$ flatpak install flathub com.brave.Browser
$ flatpak run com.brave.Browser

When the browser opens, make sure it can open any website
(https://ubuntu.com/ for example)

2. using sbuild with unshare backend

$ sudo apt install sbuild mmdebstrap uidmap

Create a file called .sbuildrc in your home directory with the
following contents:

$mailto = 'foo at bar.com';
$maintainer_name='Foo Bar <foo at bar.com>';
#$build_dep_resolver="apt";
$chroot_mode = "unshare";
1;

Edit /etc/apt/sources.list.d/ubuntu.sources adding deb-src to Types:

Types: deb deb-src

$ sudo apt update
$ apt source apparmor
$ cd apparmor-5.0.0~beta1/
$ sbuild -d resolute

Make sure you don't see any "Connection failed" messages during the
step "I: Setting up apt archive..." and that build completes
successfully.

[Where problems could occur]

The regression can be considered as low since both fixes have been
applied to the resolute kernel.

John Johansen (2):
  UBUNTU: SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet
    mediation sock_file_perm
  UBUNTU: SAUCE: apparmor5.0.0 [53/57]: apparmor: fix af_unix local addr
    mediation binding

 security/apparmor/af_inet.c | 2 +-
 security/apparmor/audit.c   | 2 +-
 security/apparmor/net.c     | 9 ++++++++-
 3 files changed, 10 insertions(+), 3 deletions(-)

-- 
2.43.0