File apparmor-2.5.1-network-fixes of Package apparmor.import4985

From: Jeff Mahoney <jeffm@suse.com>
Subject: apparmor: Fix network event parsing
References: bnc#665483

 The upstream version of AppArmor had network mediation but it was
 removed. There's a compability patch floating around that both openSUSE
 and Ubuntu have applied to their kernels. Unfortunately, one part was
 overlooked. The socket operation event names where changed from the
 socket_ prefixed names they had when AppArmor was out-of-tree and
 utils/SubDomain.pm was never updated to understand them.

 This patch adds an operation-type table so that the code can just
 do a optype($operation) call to discover what type of operation a
 particular name refers to. It then uses this in place of the socket_
 checks to decide whether an event is a network operation.

 This allows genprof and logprof to work with networking rules again.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
 utils/SubDomain.pm |   48 ++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 46 insertions(+), 2 deletions(-)

--- a/utils/SubDomain.pm
+++ b/utils/SubDomain.pm
@@ -233,6 +233,50 @@ my %MODE_HASH = (
     N => $AA_EXEC_NT,
     );
 
+
+# Currently only used by netdomain but there's no reason it couldn't
+# be extended to support other types.
+my %operation_types = (
+
+	# Old socket names
+	"socket_create",	=> "net",
+	"socket_post_create"	=> "net",
+	"socket_bind"		=> "net",
+	"socket_connect"	=> "net",
+	"socket_listen"		=> "net",
+	"socket_accept"		=> "net",
+	"socket_sendmsg"	=> "net",
+	"socket_recvmsg"	=> "net",
+	"socket_getsockname"	=> "net",
+	"socket_getpeername"	=> "net",
+	"socket_getsockopt"	=> "net",
+	"socket_setsockopt"	=> "net",
+	"socket_shutdown"	=> "net",
+
+	# New socket names
+	"create"		=> "net",
+	"post_create"		=> "net",
+	"bind"			=> "net",
+	"connect"		=> "net",
+	"listen"		=> "net",
+	"accept"		=> "net",
+	"sendmsg"		=> "net",
+	"recvmsg"		=> "net",
+	"getsockname"		=> "net",
+	"getpeername"		=> "net",
+	"getsockopt"		=> "net",
+	"setsockopt"		=> "net",
+	"sock_shutdown"		=> "net",
+);
+
+sub optype($) {
+	my $op = shift;
+	my $type = $operation_types{$op};
+
+	return "unknown" if !defined($type);
+	return $type;
+}
+
 sub debug ($) {
     my $message = shift;
     chomp($message);
@@ -2911,7 +2955,7 @@ sub add_event_to_tree ($) {
         }
         $pid{$child} = $arrayref;
         push @{$arrayref}, [ "fork", $child, $profile, $hat ];
-    } elsif ($e->{operation} =~ m/socket_/) {
+    } elsif (optype($e->{operation}) eq "net") {
         add_to_tree( $e->{pid},
 		     $e->{parent},
                      "netdomain",
@@ -6620,7 +6664,7 @@ sub parse_event($) {
        LibAppArmor::aa_log_record::swig_magic_token_get($event);
 
     # NetDomain
-    if ( $ev{'operation'} && $ev{'operation'} =~ /socket/ ) {
+    if ( $ev{'operation'} && optype($ev{'operation'}) eq "net" ) {
         $ev{'family'}    =
             LibAppArmor::aa_log_record::swig_net_family_get($event);
         $ev{'protocol'}  =
openSUSE Build Service is sponsored by