[PATCH 2/6] landlock: Implement LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET

[Tingmao Wang]

On 12/28/25 16:37, Justin Suess wrote:
> On 12/28/25 07:45, Tingmao Wang wrote:
>> [...]
>> diff --git a/security/landlock/task.c b/security/landlock/task.c
>> index 6dfcc1860d6e..9fbb0ada440b 100644
>> --- a/security/landlock/task.c
>> +++ b/security/landlock/task.c
>> @@ -233,57 +233,84 @@ static bool domain_is_scoped(const struct landlock_ruleset *const client,
>>  	return false;
>>  }
>>  
>> +/**
>> + * sock_is_scoped - Check if socket connect or send should be restricted
>> + *    based on scope controls.
>> + *
>> + * @other: The server socket.
>> + * @domain: The client domain.
>> + * @scope: The relevant scope bit to check (i.e. pathname or abstract).
>> + *
>> + * Returns: True if connect should be restricted, false otherwise.
>> + */
>>  static bool sock_is_scoped(struct sock *const other,
>> -			   const struct landlock_ruleset *const domain)
>> +			   const struct landlock_ruleset *const domain,
>> +			   access_mask_t scope)
>>  {
>>  	const struct landlock_ruleset *dom_other;
>>  
>>  	/* The credentials will not change. */
>>  	lockdep_assert_held(&unix_sk(other)->lock);
>>  	dom_other = landlock_cred(other->sk_socket->file->f_cred)->domain;
>> -	return domain_is_scoped(domain, dom_other,
>> -				LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET);
>> +	return domain_is_scoped(domain, dom_other, scope);
>>  }
>>  
>> -static bool is_abstract_socket(struct sock *const sock)
>> +static bool sock_addr_is_abstract(const struct unix_address *const addr)
> 
> Nit: From the name sock_addr_is_abstract, it's unclear without reading
> the parameter that this function only works with unix sockets, when
> socket is an overloaded term that can refer to other kinds of sockets
> (e.g tcp/udp/raw).
> 
> Maybe is_unix_sock_addr_abstract? or unix_sock_addr_is_abstract?

I guess sock_addr_is_abstract is indeed a bit of a weird name, but it
helps that this function is static to this file and also very short.
Maybe is_unix_addr_abstract?