Revert "UBUNTU: SAUCE: (no-up): apparmor: fix mediation of fs unix sockets"

BugLink: http://bugs.launchpad.net/bugs/1379535

This reverts commit c5e6ac51.
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

security/apparmor/af_unix.c

@@ -31,31 +31,32 @@ static inline int unix_fs_perm(int op, u32 mask, struct aa_label *label,
 	if (unconfined(label) || !LABEL_MEDIATES(label, AA_CLASS_FILE))
 		return 0;
 
-	mask &= NET_FS_PERMS;
 	if (!u->path.dentry) {
 		struct path_cond cond = { };
 		struct file_perms perms = { };
 		struct aa_profile *profile;
 
-		/* socket path has been cleared because it is being shutdown
-		 * can only fall back to original sun_path request
+		/* socket path has been cleared because it is being shutdown */
+		/* TODO: fix flags */
+		if (!(flags & PATH_MEDIATE_DELETED))
+			return -EACCES;
+		/* Mediate at original socket location */
+		/* TODO: ns disconnected paths */
+		/* TODO: after switch to newer audit provide deleted/shutdown
+		 *       message as part of audit info
 		 */
 		return fn_for_each_confined(label, profile,
-			((flags | profile->path_flags) & PATH_MEDIATE_DELETED) ?
 				__aa_path_perm(op, profile,
-					       u->addr->name->sun_path, mask,
-					       &cond, flags, &perms) :
-				aa_audit_file(profile, &nullperms, op, mask,
-					      u->addr->name->sun_path, NULL,
-					      cond.uid, "Failed name lookup - "
-					      "deleted entry", -EACCES));
+					       u->addr->name->sun_path,
+					       mask, &cond, flags, &perms));
 	} else {
 		/* the sunpath may not be valid for this ns so use the path */
 		struct path_cond cond = { u->path.dentry->d_inode->i_uid,
 					  u->path.dentry->d_inode->i_mode
 		};
 
-		return aa_path_perm(op, label, &u->path, flags, mask, &cond);
+		return aa_path_perm(op, label, &u->path, flags, mask & NET_FS_PERMS,
+				    &cond);
 	}
 
 	return 0;