From 24486551882aeb602a2e4a22732c0e893b13621f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maxime=20B=C3=A9lair?= <maxime.belair@canonical.com>
Date: Thu, 24 Jul 2025 13:28:40 +0200
Subject: [PATCH] logparser: add support for change_onexec logs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add support for change_onexec logs by converting it to change_profile.
Fix associated test.

Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>
---
 .../testsuite/test_multi/change_onexec_lp1648143.profile        | 2 ++
 utils/apparmor/logparser.py                                     | 2 +-
 utils/test/test-libapparmor-test_multi.py                       | 1 -
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/libraries/libapparmor/testsuite/test_multi/change_onexec_lp1648143.profile b/libraries/libapparmor/testsuite/test_multi/change_onexec_lp1648143.profile
index 7848bac5e..a65eeda1e 100644
--- a/libraries/libapparmor/testsuite/test_multi/change_onexec_lp1648143.profile
+++ b/libraries/libapparmor/testsuite/test_multi/change_onexec_lp1648143.profile
@@ -1,2 +1,4 @@
 profile unconfined {
+  change_profile -> system_tor,
+
 }
diff --git a/utils/apparmor/logparser.py b/utils/apparmor/logparser.py
index adc061860..0de2069bc 100644
--- a/utils/apparmor/logparser.py
+++ b/utils/apparmor/logparser.py
@@ -359,7 +359,7 @@ class ReadLog:
             self.hashlog[aamode][full_profile]['change_hat'][e['name2']] = True
             return
 
-        elif e['operation'] == 'change_profile':
+        elif e['operation'] == 'change_profile' or e['operation'] == 'change_onexec':
             ChangeProfileRule.hashlog_from_event(self.hashlog[aamode][full_profile]['change_profile'], e)
             return
 
diff --git a/utils/test/test-libapparmor-test_multi.py b/utils/test/test-libapparmor-test_multi.py
index ff41ebcfd..6e72dbb13 100644
--- a/utils/test/test-libapparmor-test_multi.py
+++ b/utils/test/test-libapparmor-test_multi.py
@@ -166,7 +166,6 @@ log_to_profile_skip = [
 
 # tests that cause an empty log
 log_to_profile_known_empty_log = [
-    'change_onexec_lp1648143',  # change_onexec not supported in logparser.py yet (and the log is about "no new privs" error)
     'ptrace_garbage_lp1689667_1',  # no denied= in log
     'ptrace_no_denied_mask',  # no denied= in log
     'unconfined-change_hat',  # unconfined trying to change_hat, which isn't allowed