[SRU][Q][PATCH 1/2] UBUNTU: SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet mediation sock_file_perm
Georgia Garcia
georgia.garcia at canonical.com
Thu Apr 2 18:49:22 UTC 2026
From: John Johansen <john.johansen at canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2142860
During a rebase the code to wire in the fine grained inet mediation
for sock_file_perm got dropped. This breaks network mediation if
v8/v9 fine grained inet mediation is used.
Restore the dropped code
Fixes: ace129477b6b ("UBUNTU: SAUCE: apparmor5.0.0 [14/38]: apparmor: net: add fine grained ipv4/ipv6 mediation")
Signed-off-by: John Johansen <john.johansen at canonical.com>
(cherry picked from commit 5240899d3fb2e01b88ecceb2c53921dd64b74c75 resolute:linux)
Signed-off-by: Georgia Garcia <georgia.garcia at canonical.com>
---
security/apparmor/net.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/security/apparmor/net.c b/security/apparmor/net.c
index 71905b57e417..05bc5df5881b 100644
--- a/security/apparmor/net.c
+++ b/security/apparmor/net.c
@@ -356,8 +356,15 @@ int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label,
AA_BUG(!sock);
AA_BUG(!sock->sk);
- if (sock->sk->sk_family == PF_UNIX)
+ switch (sock->sk->sk_family) {
+ case PF_UNIX:
return aa_unix_file_perm(subj_cred, label, op, request, file);
+ break;
+ case PF_INET:
+ case PF_INET6:
+ return aa_inet_file_perm(subj_cred, label, op, request, sock);
+ break;
+ }
return aa_label_sk_perm(subj_cred, label, op, request, sock->sk);
}
--
2.43.0
More information about the kernel-team
mailing list