mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-30 13:58:22 +00:00
Add support for an old style message hint "changing_profile" which
indicates that the pid referenced is being placed in the null-complain profile.
This commit is contained in:
Steve Beattie
@@ -99,6 +99,7 @@ aa_record_event_type lookup_aa_event(unsigned int type)
|
|||||||
%token TOK_OLD_ACTIVE
|
%token TOK_OLD_ACTIVE
|
||||||
%token TOK_OLD_UNKNOWN_PROFILE
|
%token TOK_OLD_UNKNOWN_PROFILE
|
||||||
%token TOK_OLD_MISSING_PROFILE
|
%token TOK_OLD_MISSING_PROFILE
|
||||||
|
%token TOK_OLD_CHANGING_PROFILE
|
||||||
%token TOK_OLD_ACCESS
|
%token TOK_OLD_ACCESS
|
||||||
%token TOK_OLD_TO
|
%token TOK_OLD_TO
|
||||||
%token TOK_OLD_PIPE
|
%token TOK_OLD_PIPE
|
||||||
@@ -284,17 +285,20 @@ old_permit_reject_path_pipe_extended:
|
|||||||
}
|
}
|
||||||
;
|
;
|
||||||
old_logprof_syntax:
|
old_logprof_syntax:
|
||||||
old_logprof_syntax2 TOK_KEY_PID TOK_EQUALS TOK_DIGITS
|
old_logprof_syntax2 key_pid
|
||||||
TOK_KEY_PROFILE TOK_EQUALS old_profile TOK_OLD_ACTIVE TOK_EQUALS old_profile
|
TOK_KEY_PROFILE TOK_EQUALS old_profile TOK_OLD_ACTIVE TOK_EQUALS old_profile
|
||||||
{
|
{
|
||||||
ret_record->pid = $4;
|
ret_record->profile = strdup($5);
|
||||||
ret_record->profile = strdup($7);
|
free($5);
|
||||||
free($7);
|
ret_record->active_hat = strdup($8);
|
||||||
ret_record->active_hat = strdup($10);
|
free($8);
|
||||||
free($10);
|
}
|
||||||
}
|
| old_logprof_fork_syntax
|
||||||
| old_logprof_fork_syntax
|
| TOK_OLD_CHANGING_PROFILE key_pid
|
||||||
;
|
{
|
||||||
|
ret_record->profile = strdup("null-complain-profile");
|
||||||
|
}
|
||||||
|
;
|
||||||
|
|
||||||
old_logprof_syntax2:
|
old_logprof_syntax2:
|
||||||
TOK_OLD_UNKNOWN_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID
|
TOK_OLD_UNKNOWN_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID
|
||||||
@@ -304,7 +308,7 @@ old_logprof_syntax2:
|
|||||||
ret_record->name = strdup($4);
|
ret_record->name = strdup($4);
|
||||||
free($4);
|
free($4);
|
||||||
}
|
}
|
||||||
| TOK_OLD_MISSING_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID
|
| TOK_OLD_MISSING_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID
|
||||||
{
|
{
|
||||||
ret_record->operation = strdup("exec");
|
ret_record->operation = strdup("exec");
|
||||||
ret_record->info = strdup("mandatory profile missing");
|
ret_record->info = strdup("mandatory profile missing");
|
||||||
@@ -314,7 +318,7 @@ old_logprof_syntax2:
|
|||||||
| TOK_OLD_UNKNOWN_HAT TOK_ID
|
| TOK_OLD_UNKNOWN_HAT TOK_ID
|
||||||
{
|
{
|
||||||
ret_record->operation = strdup("change_hat");
|
ret_record->operation = strdup("change_hat");
|
||||||
ret_record->name = strdup($2);
|
ret_record->name = strdup($2);
|
||||||
free($2);
|
free($2);
|
||||||
ret_record->info = strdup("unknown_hat");
|
ret_record->info = strdup("unknown_hat");
|
||||||
}
|
}
|
||||||
@@ -322,12 +326,11 @@ old_logprof_syntax2:
|
|||||||
|
|
||||||
/* TODO: Clean this up */
|
/* TODO: Clean this up */
|
||||||
old_logprof_fork_syntax:
|
old_logprof_fork_syntax:
|
||||||
TOK_OLD_FORK TOK_KEY_PID TOK_EQUALS TOK_DIGITS
|
TOK_OLD_FORK key_pid
|
||||||
TOK_OLD_CHILD TOK_EQUALS TOK_DIGITS old_logprof_fork_addition
|
TOK_OLD_CHILD TOK_EQUALS TOK_DIGITS old_logprof_fork_addition
|
||||||
{
|
{
|
||||||
ret_record->operation = strdup("clone");
|
ret_record->operation = strdup("clone");
|
||||||
ret_record->task = $7;
|
ret_record->task = $5;
|
||||||
ret_record->pid = $4;
|
|
||||||
}
|
}
|
||||||
;
|
;
|
||||||
|
|
||||||
@@ -349,6 +352,7 @@ old_profile:
|
|||||||
;
|
;
|
||||||
|
|
||||||
audit_msg: TOK_KEY_MSG TOK_EQUALS audit_id
|
audit_msg: TOK_KEY_MSG TOK_EQUALS audit_id
|
||||||
|
;
|
||||||
|
|
||||||
audit_id: TOK_AUDIT TOK_OPEN_PAREN TOK_AUDIT_DIGITS TOK_PERIOD TOK_AUDIT_DIGITS TOK_COLON TOK_AUDIT_DIGITS TOK_CLOSE_PAREN TOK_COLON
|
audit_id: TOK_AUDIT TOK_OPEN_PAREN TOK_AUDIT_DIGITS TOK_PERIOD TOK_AUDIT_DIGITS TOK_COLON TOK_AUDIT_DIGITS TOK_CLOSE_PAREN TOK_COLON
|
||||||
{
|
{
|
||||||
@@ -387,8 +391,7 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
|
|||||||
{ ret_record->magic_token = $3;}
|
{ ret_record->magic_token = $3;}
|
||||||
| TOK_KEY_INFO TOK_EQUALS TOK_QUOTED_STRING
|
| TOK_KEY_INFO TOK_EQUALS TOK_QUOTED_STRING
|
||||||
{ ret_record->info = strdup($3); free($3);}
|
{ ret_record->info = strdup($3); free($3);}
|
||||||
| TOK_KEY_PID TOK_EQUALS TOK_DIGITS
|
| key_pid
|
||||||
{ ret_record->pid = $3;}
|
|
||||||
| TOK_KEY_PROFILE TOK_EQUALS TOK_QUOTED_STRING
|
| TOK_KEY_PROFILE TOK_EQUALS TOK_QUOTED_STRING
|
||||||
{ ret_record->profile = strdup($3); free($3);}
|
{ ret_record->profile = strdup($3); free($3);}
|
||||||
| TOK_KEY_FAMILY TOK_EQUALS TOK_QUOTED_STRING
|
| TOK_KEY_FAMILY TOK_EQUALS TOK_QUOTED_STRING
|
||||||
@@ -401,6 +404,8 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
|
|||||||
{ ret_record->event = lookup_aa_event($3);}
|
{ ret_record->event = lookup_aa_event($3);}
|
||||||
;
|
;
|
||||||
|
|
||||||
|
key_pid: TOK_KEY_PID TOK_EQUALS TOK_DIGITS { ret_record->pid = $3; }
|
||||||
|
;
|
||||||
%%
|
%%
|
||||||
|
|
||||||
aa_log_record *
|
aa_log_record *
|
||||||
|
|||||||
@@ -60,6 +60,7 @@ old_apparmor_logprof "LOGPROF-HINT"
|
|||||||
old_unknown_hat "unknown_hat"
|
old_unknown_hat "unknown_hat"
|
||||||
old_unknown_profile "unknown_profile"
|
old_unknown_profile "unknown_profile"
|
||||||
old_missing_profile "missing_mandatory_profile"
|
old_missing_profile "missing_mandatory_profile"
|
||||||
|
old_changing_profile "changing_profile"
|
||||||
old_active "active"
|
old_active "active"
|
||||||
old_access "access"
|
old_access "access"
|
||||||
old_to "to"
|
old_to "to"
|
||||||
@@ -214,6 +215,7 @@ char *string_buf_ptr = string_buf; /* assignment to quiet gcc warning */
|
|||||||
{old_unknown_hat} { BEGIN(sub_id); return(TOK_OLD_UNKNOWN_HAT); }
|
{old_unknown_hat} { BEGIN(sub_id); return(TOK_OLD_UNKNOWN_HAT); }
|
||||||
{old_unknown_profile} { return(TOK_OLD_UNKNOWN_PROFILE); }
|
{old_unknown_profile} { return(TOK_OLD_UNKNOWN_PROFILE); }
|
||||||
{old_missing_profile} { return(TOK_OLD_MISSING_PROFILE); }
|
{old_missing_profile} { return(TOK_OLD_MISSING_PROFILE); }
|
||||||
|
{old_changing_profile} { return(TOK_OLD_CHANGING_PROFILE); }
|
||||||
{old_active} { BEGIN(sub_id); return(TOK_OLD_ACTIVE); }
|
{old_active} { BEGIN(sub_id); return(TOK_OLD_ACTIVE); }
|
||||||
{old_access} { return(TOK_OLD_ACCESS); }
|
{old_access} { return(TOK_OLD_ACCESS); }
|
||||||
{old_to} { return(TOK_OLD_TO); }
|
{old_to} { return(TOK_OLD_TO); }
|
||||||
|
|||||||
1
changehat/libapparmor/testsuite/test_multi/testcase19.in
Normal file
1
changehat/libapparmor/testsuite/test_multi/testcase19.in
Normal file
@@ -0,0 +1 @@
|
|||||||
|
type=APPARMOR msg=audit(1164007073.953:518): LOGPROF-HINT changing_profile pid=29420
|
||||||
@@ -0,0 +1,8 @@
|
|||||||
|
START
|
||||||
|
File: test_multi/testcase19.in
|
||||||
|
Event type: AA_RECORD_HINT
|
||||||
|
Audit ID: 1164007073.953:518
|
||||||
|
Profile: null-complain-profile
|
||||||
|
PID: 29420
|
||||||
|
Epoch: 1164007073
|
||||||
|
Audit subid: 518
|
||||||
Reference in New Issue
Block a user