apparmor: fix af_unix auditing to include all address information

The auditing of addresses currently doesn't include the source address
and mixes source and foreign/peer under the same audit name. Fix this
so source is always addr, and the foreign/peer is peer_addr.

Fixes: c05e705 ("apparmor: add fine grained af_unix mediation")
Signed-off-by: John Johansen <[email protected]>

Author: jrjohansen

security/apparmor/af_unix.c

@@ -584,8 +584,8 @@ static int unix_peer_perm(const struct cred *subj_cred,
 	struct aa_profile *profile;
 	DEFINE_AUDIT_SK(ad, op, subj_cred, sk);
 
-	ad.net.addr = peer_addr;
-	ad.net.addrlen = peer_addrlen;
+	ad.net.peer.addr = peer_addr;
+	ad.net.peer.addrlen = peer_addrlen;
 
 	return fn_for_each_confined(label, profile,
 			profile_peer_perm(profile, request, sk,

security/apparmor/include/audit.h

@@ -140,6 +140,10 @@ struct apparmor_audit_data {
 					int type, protocol;
 					void *addr;
 					int addrlen;
+					struct {
+						void *addr;
+						int addrlen;
+					} peer;
 				} net;
 			};
 		};

security/apparmor/net.c

@@ -99,10 +99,15 @@ static void audit_unix_sk_addr(struct audit_buffer *ab, const char *str,
 {
 	const struct unix_sock *u = unix_sk(sk);
 
-	if (u && u->addr)
-		audit_unix_addr(ab, str, u->addr->name, u->addr->len);
-	else
+	if (u && u->addr) {
+		int addrlen;
+		struct sockaddr_un *addr = aa_sunaddr(u, &addrlen);
+
+		audit_unix_addr(ab, str, addr, addrlen);
+	} else {
 		audit_unix_addr(ab, str, NULL, 0);
+
+	}
 }
 
 /* audit callback for net specific fields */
@@ -137,17 +142,16 @@ void audit_net_cb(struct audit_buffer *ab, void *va)
 		}
 	}
 	if (ad->common.u.net->family == PF_UNIX) {
-		if ((ad->request & ~NET_PEER_MASK) && ad->net.addr)
+		if (ad->net.addr || !ad->common.u.net->sk)
 			audit_unix_addr(ab, "addr",
 					unix_addr(ad->net.addr),
 					ad->net.addrlen);
 		else
 			audit_unix_sk_addr(ab, "addr", ad->common.u.net->sk);
 		if (ad->request & NET_PEER_MASK) {
-			if (ad->net.addr)
-				audit_unix_addr(ab, "peer_addr",
-						unix_addr(ad->net.addr),
-						ad->net.addrlen);
+			audit_unix_addr(ab, "peer_addr",
+					unix_addr(ad->net.peer.addr),
+					ad->net.peer.addrlen);
 		}
 	}
 	if (ad->peer) {