Ignore ptrace log events without denied_mask

This fixes a crash in the tools.

Reported by peetaur on IRC.


Acked-by: John Johansen <john.johansen@canonical.com> for trunk and 2.11.

libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.in

@@ -0,0 +1 @@
+type=AVC msg=audit(1495217772.047:4471): apparmor="DENIED" operation="ptrace" profile="/usr/bin/pidgin" pid=21704 comm="pidgin" peer="unconfined"

libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.out

@@ -0,0 +1,11 @@
+START
+File: ptrace_1.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1495217772.047:4471
+Operation: ptrace
+Profile: /usr/bin/pidgin
+Peer: unconfined
+Command: pidgin
+PID: 21704
+Epoch: 1495217772
+Audit subid: 4471

libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.profile

@@ -0,0 +1,2 @@
+/usr/bin/pidgin {
+}

utils/apparmor/logparser.py

@@ -341,6 +341,9 @@ class ReadLog:
             if not e['peer']:
                 self.debug_logger.debug('ignored garbage ptrace event with empty peer')
                 return None
+            if not e['denied_mask']:
+                self.debug_logger.debug('ignored garbage ptrace event with empty denied_mask')
+                return None
 
             return(e['pid'], e['parent'], 'ptrace',
                              [profile, hat, prog, aamode, e['denied_mask'], e['peer']])