Commit 4dd76b70 authored by Steve Beattie's avatar Steve Beattie

libaalogparse: add signal and peer keyword support

When signals and ptrace mediation were added to apparmor, the aalogparse
routines were not adjusted to compensate. This patch adds support for
the signal and peer keywords.
Signed-off-by: Steve Beattie's avatarSteve Beattie <steve@nxnw.org>
Acked-by: default avatarSeth Arnold <seth.arnold@canonical.com>
parent 049cb961
......@@ -152,6 +152,8 @@ typedef struct
char *dbus_path;
char *dbus_interface;
char *dbus_member;
char *signal; /* signal name */
char *peer;
} aa_log_record;
/**
......
......@@ -128,6 +128,7 @@ aa_record_event_type lookup_aa_event(unsigned int type)
%token TOK_KEY_PEER_PID
%token TOK_KEY_PROFILE
%token TOK_KEY_PEER_PROFILE
%token TOK_KEY_PEER
%token TOK_AUDIT
%token TOK_KEY_FAMILY
%token TOK_KEY_SOCK_TYPE
......@@ -157,6 +158,7 @@ aa_record_event_type lookup_aa_event(unsigned int type)
%token TOK_KEY_PATH
%token TOK_KEY_INTERFACE
%token TOK_KEY_MEMBER
%token TOK_KEY_SIGNAL
%token TOK_SYSLOG_KERNEL
%token TOK_SYSLOG_USER
......@@ -267,6 +269,8 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->info = $3;}
| TOK_KEY_PEER_INFO TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->peer_info = $3;}
| TOK_KEY_PEER TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->peer = $3;}
| key_pid
| key_peer_pid
| TOK_KEY_PROFILE TOK_EQUALS safe_string
......@@ -348,6 +352,8 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->dbus_interface = $3; }
| TOK_KEY_MEMBER TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->dbus_member = $3; }
| TOK_KEY_SIGNAL TOK_EQUALS TOK_ID
{ ret_record->signal = $3; }
| TOK_MSG_REST
{
ret_record->event = AA_RECORD_INVALID;
......
......@@ -71,6 +71,8 @@ void free_record(aa_log_record *record)
free(record->info);
if (record->peer_info != NULL)
free(record->peer_info);
if (record->peer != NULL)
free(record->peer);
if (record->active_hat != NULL)
free(record->active_hat);
if (record->audit_id != NULL)
......@@ -93,6 +95,8 @@ void free_record(aa_log_record *record)
free(record->dbus_interface);
if (record->dbus_member != NULL)
free(record->dbus_member);
if (record->signal != NULL)
free(record->signal );
free(record);
}
......
......@@ -159,6 +159,8 @@ key_dest "dest"
key_path "path"
key_interface "interface"
key_member "member"
key_signal "signal"
key_peer "peer"
audit "audit"
/* network addrs */
......@@ -336,6 +338,8 @@ yy_flex_debug = 0;
{key_path} { return(TOK_KEY_PATH); }
{key_interface} { return(TOK_KEY_INTERFACE); }
{key_member} { return(TOK_KEY_MEMBER); }
{key_signal} { BEGIN(sub_id); return(TOK_KEY_SIGNAL); }
{key_peer} { BEGIN(safe_string); return(TOK_KEY_PEER); }
{syslog_kernel} { BEGIN(dmesg_timestamp); return(TOK_SYSLOG_KERNEL); }
{syslog_user} { return(TOK_SYSLOG_USER); }
......
......@@ -98,6 +98,7 @@ int print_results(aa_log_record *record)
print_string("Profile", record->profile);
print_string("Peer profile", record->peer_profile);
print_string("Peer", record->peer);
print_string("Name", record->name);
print_string("Command", record->comm);
print_string("Name2", record->name2);
......@@ -126,6 +127,8 @@ int print_results(aa_log_record *record)
print_string("DBus interface", record->dbus_interface);
print_string("DBus member", record->dbus_member);
print_string("Signal", record->signal);
print_long("Epoch", record->epoch, 0);
print_long("Audit subid", (long) record->audit_sub_id, 0);
return(0);
......
type=AVC msg=audit(1409700683.304:547661): apparmor="DENIED" operation="ptrace" profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace" pid=22465 comm="ptrace" requested_mask="tracedby" denied_mask="tracedby" peer="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace"
START
File: testcase_ptrace_01.in
Event type: AA_RECORD_DENIED
Audit ID: 1409700683.304:547661
Operation: ptrace
Mask: tracedby
Denied Mask: tracedby
Profile: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace
Peer: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace
Command: ptrace
PID: 22465
Epoch: 1409700683
Audit subid: 547661
type=AVC msg=audit(1409438250.564:201): apparmor="DENIED" operation="signal" profile="/usr/bin/pulseaudio" pid=2531 comm="pulseaudio" requested_mask="send" denied_mask="send" signal=term peer="/usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper"
START
File: testcase_signal_01.in
Event type: AA_RECORD_DENIED
Audit ID: 1409438250.564:201
Operation: signal
Mask: send
Denied Mask: send
Profile: /usr/bin/pulseaudio
Peer: /usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper
Command: pulseaudio
PID: 2531
Signal: term
Epoch: 1409438250
Audit subid: 201
type=AVC msg=audit(1409438250.564:201): apparmor="DENIED" operation="signal" profile="/usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper" pid=2531 comm="pulseaudio" requested_mask="receive" denied_mask="receive" signal=term peer="/usr/bin/pulseaudio"
START
File: testcase_signal_02.in
Event type: AA_RECORD_DENIED
Audit ID: 1409438250.564:201
Operation: signal
Mask: receive
Denied Mask: receive
Profile: /usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper
Peer: /usr/bin/pulseaudio
Command: pulseaudio
PID: 2531
Signal: term
Epoch: 1409438250
Audit subid: 201
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment