-
Christian Boltz authored
Sometimes network events come with an operation keyword looking like file_perm which makes them look like file events. Instead of ignoring these events (which was a hotfix to avoid crashes), improve the type detection. In detail, this means: - replace OPERATION_TYPES (which was basically a list of network event keywords) with OP_TYPE_FILE_OR_NET (which is a list of keywords for file and network events) - change op_type() parameters to expect the whole event, not only the operation keyword, and rebuild the type detection based on the event details - as a side effect, this simplifies the detection for file event operations in parse_event_for_tree() - remove workaround code from parse_event_for_tree() Also add 4 new testcases with log messages that were ignored before. References: a) various bugreports about crashes caused by unexpected operation keywords: https://bugs.launchpad.net/apparmor/+bug/1466812 https://bugs.launchpad.net/apparmor/+bug/1509030 https://bugs.launchpad.net/apparmor/+bug/1540562 https://bugs.launchpad.net/apparmor/+bug/1577051 https://bugs.launchpad.net/apparmor/+bug/1582374 b) the summary bug for this patch https://bugs.launchpad.net/apparmor/+bug/1613061 Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.10. Note: in 2.10, the test_multi/*.profile files are unexpected and not checked because this part of the tests is trunk-only, therefore I don't include them.
e5daa5fa