From 4dd76b704ef1e57b38aade78db448d59cb65bad4 Mon Sep 17 00:00:00 2001 From: Steve Beattie Date: Thu, 4 Sep 2014 09:57:32 -0700 Subject: [PATCH] libaalogparse: add signal and peer keyword support When signals and ptrace mediation were added to apparmor, the aalogparse routines were not adjusted to compensate. This patch adds support for the signal and peer keywords. Signed-off-by: Steve Beattie Acked-by: Seth Arnold --- libraries/libapparmor/include/aalogparse.h | 2 ++ libraries/libapparmor/src/grammar.y | 6 ++++++ libraries/libapparmor/src/libaalogparse.c | 4 ++++ libraries/libapparmor/src/scanner.l | 4 ++++ libraries/libapparmor/testsuite/test_multi.c | 3 +++ .../testsuite/test_multi/testcase_ptrace_01.err | 0 .../testsuite/test_multi/testcase_ptrace_01.in | 1 + .../testsuite/test_multi/testcase_ptrace_01.out | 13 +++++++++++++ .../testsuite/test_multi/testcase_signal_01.err | 0 .../testsuite/test_multi/testcase_signal_01.in | 1 + .../testsuite/test_multi/testcase_signal_01.out | 14 ++++++++++++++ .../testsuite/test_multi/testcase_signal_02.err | 0 .../testsuite/test_multi/testcase_signal_02.in | 1 + .../testsuite/test_multi/testcase_signal_02.out | 14 ++++++++++++++ 14 files changed, 63 insertions(+) create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.err create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.in create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.out create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_signal_01.err create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_signal_01.in create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_signal_01.out create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_signal_02.err create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_signal_02.in create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_signal_02.out diff --git a/libraries/libapparmor/include/aalogparse.h b/libraries/libapparmor/include/aalogparse.h index ceaa4ec29..4edf91c49 100644 --- a/libraries/libapparmor/include/aalogparse.h +++ b/libraries/libapparmor/include/aalogparse.h @@ -152,6 +152,8 @@ typedef struct char *dbus_path; char *dbus_interface; char *dbus_member; + char *signal; /* signal name */ + char *peer; } aa_log_record; /** diff --git a/libraries/libapparmor/src/grammar.y b/libraries/libapparmor/src/grammar.y index 36b36c7eb..bde5f2668 100644 --- a/libraries/libapparmor/src/grammar.y +++ b/libraries/libapparmor/src/grammar.y @@ -128,6 +128,7 @@ aa_record_event_type lookup_aa_event(unsigned int type) %token TOK_KEY_PEER_PID %token TOK_KEY_PROFILE %token TOK_KEY_PEER_PROFILE +%token TOK_KEY_PEER %token TOK_AUDIT %token TOK_KEY_FAMILY %token TOK_KEY_SOCK_TYPE @@ -157,6 +158,7 @@ aa_record_event_type lookup_aa_event(unsigned int type) %token TOK_KEY_PATH %token TOK_KEY_INTERFACE %token TOK_KEY_MEMBER +%token TOK_KEY_SIGNAL %token TOK_SYSLOG_KERNEL %token TOK_SYSLOG_USER @@ -267,6 +269,8 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING { ret_record->info = $3;} | TOK_KEY_PEER_INFO TOK_EQUALS TOK_QUOTED_STRING { ret_record->peer_info = $3;} + | TOK_KEY_PEER TOK_EQUALS TOK_QUOTED_STRING + { ret_record->peer = $3;} | key_pid | key_peer_pid | TOK_KEY_PROFILE TOK_EQUALS safe_string @@ -348,6 +352,8 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING { ret_record->dbus_interface = $3; } | TOK_KEY_MEMBER TOK_EQUALS TOK_QUOTED_STRING { ret_record->dbus_member = $3; } + | TOK_KEY_SIGNAL TOK_EQUALS TOK_ID + { ret_record->signal = $3; } | TOK_MSG_REST { ret_record->event = AA_RECORD_INVALID; diff --git a/libraries/libapparmor/src/libaalogparse.c b/libraries/libapparmor/src/libaalogparse.c index 78180f14f..adb320761 100644 --- a/libraries/libapparmor/src/libaalogparse.c +++ b/libraries/libapparmor/src/libaalogparse.c @@ -71,6 +71,8 @@ void free_record(aa_log_record *record) free(record->info); if (record->peer_info != NULL) free(record->peer_info); + if (record->peer != NULL) + free(record->peer); if (record->active_hat != NULL) free(record->active_hat); if (record->audit_id != NULL) @@ -93,6 +95,8 @@ void free_record(aa_log_record *record) free(record->dbus_interface); if (record->dbus_member != NULL) free(record->dbus_member); + if (record->signal != NULL) + free(record->signal ); free(record); } diff --git a/libraries/libapparmor/src/scanner.l b/libraries/libapparmor/src/scanner.l index 0df19dfb9..c5902b95d 100644 --- a/libraries/libapparmor/src/scanner.l +++ b/libraries/libapparmor/src/scanner.l @@ -159,6 +159,8 @@ key_dest "dest" key_path "path" key_interface "interface" key_member "member" +key_signal "signal" +key_peer "peer" audit "audit" /* network addrs */ @@ -336,6 +338,8 @@ yy_flex_debug = 0; {key_path} { return(TOK_KEY_PATH); } {key_interface} { return(TOK_KEY_INTERFACE); } {key_member} { return(TOK_KEY_MEMBER); } +{key_signal} { BEGIN(sub_id); return(TOK_KEY_SIGNAL); } +{key_peer} { BEGIN(safe_string); return(TOK_KEY_PEER); } {syslog_kernel} { BEGIN(dmesg_timestamp); return(TOK_SYSLOG_KERNEL); } {syslog_user} { return(TOK_SYSLOG_USER); } diff --git a/libraries/libapparmor/testsuite/test_multi.c b/libraries/libapparmor/testsuite/test_multi.c index 7e5fba035..edbc29c47 100644 --- a/libraries/libapparmor/testsuite/test_multi.c +++ b/libraries/libapparmor/testsuite/test_multi.c @@ -98,6 +98,7 @@ int print_results(aa_log_record *record) print_string("Profile", record->profile); print_string("Peer profile", record->peer_profile); + print_string("Peer", record->peer); print_string("Name", record->name); print_string("Command", record->comm); print_string("Name2", record->name2); @@ -126,6 +127,8 @@ int print_results(aa_log_record *record) print_string("DBus interface", record->dbus_interface); print_string("DBus member", record->dbus_member); + print_string("Signal", record->signal); + print_long("Epoch", record->epoch, 0); print_long("Audit subid", (long) record->audit_sub_id, 0); return(0); diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.err b/libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.err new file mode 100644 index 000000000..e69de29bb diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.in b/libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.in new file mode 100644 index 000000000..38fa0be28 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.in @@ -0,0 +1 @@ +type=AVC msg=audit(1409700683.304:547661): apparmor="DENIED" operation="ptrace" profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace" pid=22465 comm="ptrace" requested_mask="tracedby" denied_mask="tracedby" peer="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace" diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.out b/libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.out new file mode 100644 index 000000000..2c0b17010 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.out @@ -0,0 +1,13 @@ +START +File: testcase_ptrace_01.in +Event type: AA_RECORD_DENIED +Audit ID: 1409700683.304:547661 +Operation: ptrace +Mask: tracedby +Denied Mask: tracedby +Profile: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace +Peer: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace +Command: ptrace +PID: 22465 +Epoch: 1409700683 +Audit subid: 547661 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_signal_01.err b/libraries/libapparmor/testsuite/test_multi/testcase_signal_01.err new file mode 100644 index 000000000..e69de29bb diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_signal_01.in b/libraries/libapparmor/testsuite/test_multi/testcase_signal_01.in new file mode 100644 index 000000000..962d1fae6 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_signal_01.in @@ -0,0 +1 @@ +type=AVC msg=audit(1409438250.564:201): apparmor="DENIED" operation="signal" profile="/usr/bin/pulseaudio" pid=2531 comm="pulseaudio" requested_mask="send" denied_mask="send" signal=term peer="/usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper" diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_signal_01.out b/libraries/libapparmor/testsuite/test_multi/testcase_signal_01.out new file mode 100644 index 000000000..612d45588 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_signal_01.out @@ -0,0 +1,14 @@ +START +File: testcase_signal_01.in +Event type: AA_RECORD_DENIED +Audit ID: 1409438250.564:201 +Operation: signal +Mask: send +Denied Mask: send +Profile: /usr/bin/pulseaudio +Peer: /usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper +Command: pulseaudio +PID: 2531 +Signal: term +Epoch: 1409438250 +Audit subid: 201 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_signal_02.err b/libraries/libapparmor/testsuite/test_multi/testcase_signal_02.err new file mode 100644 index 000000000..e69de29bb diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_signal_02.in b/libraries/libapparmor/testsuite/test_multi/testcase_signal_02.in new file mode 100644 index 000000000..e8f5480f2 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_signal_02.in @@ -0,0 +1 @@ +type=AVC msg=audit(1409438250.564:201): apparmor="DENIED" operation="signal" profile="/usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper" pid=2531 comm="pulseaudio" requested_mask="receive" denied_mask="receive" signal=term peer="/usr/bin/pulseaudio" diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_signal_02.out b/libraries/libapparmor/testsuite/test_multi/testcase_signal_02.out new file mode 100644 index 000000000..14450a731 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_signal_02.out @@ -0,0 +1,14 @@ +START +File: testcase_signal_02.in +Event type: AA_RECORD_DENIED +Audit ID: 1409438250.564:201 +Operation: signal +Mask: receive +Denied Mask: receive +Profile: /usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper +Peer: /usr/bin/pulseaudio +Command: pulseaudio +PID: 2531 +Signal: term +Epoch: 1409438250 +Audit subid: 201