parser: add support for autobind sockets

af_unix allows for sockets to be bound to a name that is autogenerated. Currently this type of binding is only supported by a very generic rule. unix (bind) type=dgram, but this allows both sockets with specified names and anonymous sockets. Extend unix rule syntax to support specifying just an auto bind socket by specifying addr=auto eg. unix (bind) addr=auto, It is important to note that addr=auto only works for the bind permission as once the socket is bound to an autogenerated address, the addr with have a valid unique value that can be matched against with a regular addr=@name expression Fixes: https://bugs.launchpad.net/apparmor/+bug/1867216 MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/521 Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-09-02 07:15:18 +00:00 · 2020-09-10 13:51:59 -07:00
parent c9d01a325d
commit 0a52cf81e3
17 changed files with 290 additions and 6 deletions
--- a/utils/test/test-parser-simple-tests.py
+++ b/utils/test/test-parser-simple-tests.py
@@ -168,6 +168,10 @@ exception_not_raised = [
    'unix/bad_regex_04.sd',
    'unix/bad_shutdown_1.sd',
    'unix/bad_shutdown_2.sd',
+    'unix/bad_peer_2.sd',
+    'unix/bad_attr_5.sd',
+    'unix/bad_opt_5.sd',
+    'unix/bad_shutdown_3.sd',
    'vars/boolean/boolean_bad_2.sd',
    'vars/boolean/boolean_bad_3.sd',
    'vars/boolean/boolean_bad_4.sd',