merge 'path' if conditions in logparser.py / add_event_to_tree()

logparser.py / add_event_to_tree() has 5 places to handle 'path' events. This patch merges most if conditions to reduce that to 2 places. It also makes the matching a bit more strict - instead of using 'in', 'xattr' has to be an exact match and 'file_' is matched with startswith(). Also, 'getattr' is added to the list of file events. Acked-by: Steve Beattie <steve@nxnw.org> ---------- trunk only, unclear for 2.9 --------------
2025-08-30 22:05:27 +00:00 · 2015-03-07 13:26:10 +01:00
parent 411436e32b
commit 05f78ee733
1 changed files with 4 additions and 12 deletions
--- a/utils/apparmor/logparser.py
+++ b/utils/apparmor/logparser.py
@@ -263,20 +263,16 @@ class ReadLog:
            else:
                self.debug_logger.debug('add_event_to_tree: dropped exec event in %s' % e['profile'])

-        elif 'file_' in e['operation']:
-            self.add_to_tree(e['pid'], e['parent'], 'path',
-                             [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
-        elif e['operation'] in ['open', 'truncate', 'mkdir', 'mknod', 'rename_src',
-                                'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link']:
+        elif ( e['operation'].startswith('file_') or
+            e['operation'] in ['open', 'truncate', 'mkdir', 'mknod', 'rename_src',
+                                'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link',
+                                'sysctl', 'getattr', 'setattr', 'xattr'] ):
            #print(e['operation'], e['name'])
            self.add_to_tree(e['pid'], e['parent'], 'path',
                             [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
        elif e['operation'] == 'capable':
            self.add_to_tree(e['pid'], e['parent'], 'capability',
                             [profile, hat, prog, aamode, e['name'], ''])
-        elif e['operation'] == 'setattr' or 'xattr' in e['operation']:
-            self.add_to_tree(e['pid'], e['parent'], 'path',
-                             [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
        elif 'inode_' in e['operation']:
            is_domain_change = False
            if e['operation'] == 'inode_permission' and (e['denied_mask'] & AA_MAY_EXEC) and aamode == 'PERMITTING':
@@ -294,10 +290,6 @@ class ReadLog:
                self.add_to_tree(e['pid'], e['parent'], 'path',
                                 [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])

-        elif e['operation'] == 'sysctl':
-            self.add_to_tree(e['pid'], e['parent'], 'path',
-                             [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
-
        elif e['operation'] == 'clone':
            parent, child = e['pid'], e['task']
            if not parent: