mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

Merge log parsing fixes

Browse Source 
small fixes on log parsing

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/959
Approved-by: Jon Tourville <jon.tourville@canonical.com>
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Georgia Garcia <georgia.garcia@canonical.com>
(cherry picked from commit 4f2d2a8cab)
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
This commit is contained in:
Georgia Garcia
2022-12-16 19:41:41 +00:00
parent ad90017619
commit 70686e4990
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
utils/apparmor/aa.py
View File

@@ -2006,7 +2006,7 @@ def collapse_log():
elif access == 'eavesdrop': elif access == 'eavesdrop':
dbus_event = DbusRule(access, bus, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, log_event=True) dbus_event = DbusRule(access, bus, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, log_event=True)
else: else:
raise AppArmorBug('unexpected dbus access: %s') raise AppArmorBug('unexpected dbus access: {}'.format(access))
if not hat_exists or not is_known_rule(aa[profile][hat], 'dbus', dbus_event): if not hat_exists or not is_known_rule(aa[profile][hat], 'dbus', dbus_event):
log_dict[aamode][profile][hat]['dbus'].add(dbus_event) log_dict[aamode][profile][hat]['dbus'].add(dbus_event)

6
utils/apparmor/logparser.py
View File

@@ -342,7 +342,7 @@ class ReadLog:
elif e['operation'] == 'signal': elif e['operation'] == 'signal':
return(e['pid'], e['parent'], 'signal', return(e['pid'], e['parent'], 'signal',
[profile, hat, prog, aamode, e['denied_mask'], e['signal'], e['peer']]) [profile, hat, prog, aamode, e['denied_mask'], e['signal'], e['peer']])
elif e['operation'].startswith('dbus_'): elif e['operation'] and e['operation'].startswith('dbus_'):
return(e['pid'], e['parent'], 'dbus', return(e['pid'], e['parent'], 'dbus',
[profile, hat, prog, aamode, e['denied_mask'], e['bus'], e['path'], e['name'], e['interface'], e['member'], e['peer_profile']]) [profile, hat, prog, aamode, e['denied_mask'], e['bus'], e['path'], e['name'], e['interface'], e['member'], e['peer_profile']])
else: else:
@@ -430,7 +430,9 @@ class ReadLog:
def op_type(self, event): def op_type(self, event):
"""Returns the operation type if known, unkown otherwise""" """Returns the operation type if known, unkown otherwise"""
if ( event['operation'].startswith('file_') or event['operation'].startswith('inode_') or event['operation'] in self.OP_TYPE_FILE_OR_NET ): if event['operation'] and (event['operation'].startswith('file_') or
event['operation'].startswith('inode_') or
event['operation'] in self.OP_TYPE_FILE_OR_NET):
# file or network event? # file or network event?
if event['family'] and event['protocol'] and event['sock_type']: if event['family'] and event['protocol'] and event['sock_type']:
# 'unix' events also use keywords like 'connect', but protocol is 0 and should therefore be filtered out # 'unix' events also use keywords like 'connect', but protocol is 0 and should therefore be filtered out