AppArmor mediation improvements

jdstrand: ipc mediation work carried over from https://blueprints.launchpad.net/ubuntu/+spec/appdev-s-appisolation-signals-ipc-ptrace

2014-05-13> per jjohansen, fine-grained networking and environment filtering (see https://blueprints.launchpad.net/ubuntu/+spec/security-r-app-envfiltering) are currently scheduled for 15.04 on the AppArmor roadmap, however these could be taken up by tyhicks and sbeattie, respectively.

Work items for ubuntu-14.05:
[jjohansen] backport signal/ptrace mediation to phablet kernels: DONE

Work items for ubuntu-14.06:
[jjohansen] deliver signal/ptrace meditation on phablet images: DONE
[jjohansen] ext. mediation, alt ns unix domain socket, labeling - kernel - deps labeling: DONE
[jjohansen] ext. mediation, alt ns unix domain socket, policy language - parser: DONE
[jjohansen] ext. mediation, alt ns unix domain socket - parser tests: DONE
[sbeattie] ext. mediation, alt ns unix domain socket - regressiont tests: DONE
[jjohansen] ext. mediation, netlink, address matching - kernel: DONE
[jjohansen] ext. mediation, netlink, profile language - parser: DONE
[jjohansen] ext. mediation, netlink - parser tests: POSTPONED
[jjohansen] ext. mediation, netlink - regression tests: POSTPONED
[sbeattie] ext. mediation, anonymous ipc (pipes, sock pairs, ..) mediate - kernel: DONE
[jjohansen] ext. mediation, anonymous ipc rules (sock pairs, ..) - parser: DONE
[jjohansen] ext. mediation, anonymous ipc rules (sock pairs, ..) - parser tests: DONE
[sbeattie] ext. mediation, anonymous ipc rules (sock pairs, ..) - regression tests: DONE
[tyhicks] fd passing and inheritance - regression tests (essential): DONE

Work items for ubuntu-14.07:
[jjohansen] fix bug #1329833 (precompiled policy shipped with an image is not working): DONE

Work items for ubuntu-14.10:
[jjohansen] fd passing and inheritance - revalidate files at ipc (essential): DONE
[jdstrand] verify policy for dbus, upstart and other abstract sockets: DONE
[sbeattie] ext. mediation, signal - update aa-logparser (???) (1): DONE
[sbeattie] ext. mediation, alt ns unix domain socket - update aa-logparse, including tests (???) (1): DONE
[jjohansen] ext. mediation, alt ns unix domain socket - documentation/man pages (0.5): DONE
[sbeattie] ext. mediation, netlink - update aa-logparser, including tests (???) (1): DONE
[jjohansen] ext. mediation, netlink - documentation/man pages (???) (0.5): DONE
[sbeattie] ext. mediation, ipc rules - update aa-logparser, including tests (???) (1): DONE
[jjohansen] ext. mediation, anonymous ipc (sock pairs, ..) - RFC/discussion (???) (1): DONE
[sbeattie] ext. mediation, anonymous ipc rules (sock pairs, ..) - update aa-logparser, including tests (???) (1): DONE
[sbeattie] ext. mediation, ptrace - aa-logparser, including tests (???) (1): DONE
[jdstrand] ext. mediation, anonymoys ipc rules (pipes, sock pairs, ..) - documentation/man pages: DONE

Work items for later:
[jjohansen] ext. mediation, signal, use sids for interrupts - kernel (???) (2): POSTPONED
[sbeattie] ext. mediation, alt ns unix domain socket - userspace tools (???) (2): POSTPONED
[sbeattie] ext. mediation, alt ns unix domain socket - userspace tools unit tests (???) (1): POSTPONED
[jjohansen] ext. mediation, netlink - userspace tools (???) (2): POSTPONED
[sbeattie] ext. mediation, netlink - userspace tools unit tests (???) (1): POSTPONED
[jjohansen] ext. mediation, anonymous ipc (sock pairs, ..) - upstream (???) (1): POSTPONED
[jjohansen] ext. mediation, anonymous ipc rules (pipes, sock pairs, ..) - userspace tools (???) (2): POSTPONED
[jjohansen] ext. mediation, anonymous ipc rules (pipes, sock pairs, ..) - userspace tools unit tests (???) (1): POSTPONED
[jjohansen] fine grained network mediation ipv4: POSTPONED
[jjohansen] fine grained network mediation ipv6: POSTPONED
[jjohansen] improved environment filtering: POSTPONED