mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-01 23:05:11 +00:00
Code Issues Releases Wiki Activity

merge 'path' if conditions in logparser.py / add_event_to_tree()

Browse Source 
logparser.py / add_event_to_tree() has 5 places to handle 'path' events.
This patch merges most if conditions to reduce that to 2 places.

It also makes the matching a bit more strict - instead of using 'in',
'xattr' has to be an exact match and 'file_' is matched with startswith().

Also, 'getattr' is added to the list of file events.


Acked-by: Steve Beattie <steve@nxnw.org>


---------- trunk only, unclear for 2.9 --------------
This commit is contained in:
Christian Boltz
2015-03-07 13:26:10 +01:00
parent 411436e32b
commit 05f78ee733
1 changed files with 4 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
utils/apparmor/logparser.py
View File

@@ -263,20 +263,16 @@ class ReadLog:
else: else:
self.debug_logger.debug('add_event_to_tree: dropped exec event in %s' % e['profile']) self.debug_logger.debug('add_event_to_tree: dropped exec event in %s' % e['profile'])
elif 'file_' in e['operation']: elif ( e['operation'].startswith('file_') or
self.add_to_tree(e['pid'], e['parent'], 'path', e['operation'] in ['open', 'truncate', 'mkdir', 'mknod', 'rename_src',
[profile, hat, prog, aamode, e['denied_mask'], e['name'], '']) 'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link',
elif e['operation'] in ['open', 'truncate', 'mkdir', 'mknod', 'rename_src', 'sysctl', 'getattr', 'setattr', 'xattr'] ):
'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link']:
#print(e['operation'], e['name']) #print(e['operation'], e['name'])
self.add_to_tree(e['pid'], e['parent'], 'path', self.add_to_tree(e['pid'], e['parent'], 'path',
[profile, hat, prog, aamode, e['denied_mask'], e['name'], '']) [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
elif e['operation'] == 'capable': elif e['operation'] == 'capable':
self.add_to_tree(e['pid'], e['parent'], 'capability', self.add_to_tree(e['pid'], e['parent'], 'capability',
[profile, hat, prog, aamode, e['name'], '']) [profile, hat, prog, aamode, e['name'], ''])
elif e['operation'] == 'setattr' or 'xattr' in e['operation']:
self.add_to_tree(e['pid'], e['parent'], 'path',
[profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
elif 'inode_' in e['operation']: elif 'inode_' in e['operation']:
is_domain_change = False is_domain_change = False
if e['operation'] == 'inode_permission' and (e['denied_mask'] & AA_MAY_EXEC) and aamode == 'PERMITTING': if e['operation'] == 'inode_permission' and (e['denied_mask'] & AA_MAY_EXEC) and aamode == 'PERMITTING':
@@ -294,10 +290,6 @@ class ReadLog:
self.add_to_tree(e['pid'], e['parent'], 'path', self.add_to_tree(e['pid'], e['parent'], 'path',
[profile, hat, prog, aamode, e['denied_mask'], e['name'], '']) [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
elif e['operation'] == 'sysctl':
self.add_to_tree(e['pid'], e['parent'], 'path',
[profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
elif e['operation'] == 'clone': elif e['operation'] == 'clone':
parent, child = e['pid'], e['task'] parent, child = e['pid'], e['task']
if not parent: if not parent: