Add support for an old style message hint "changing_profile" which

indicates that the pid referenced is being placed in the null-complain profile.
2025-08-30 13:58:22 +00:00 · 2007-09-14 21:38:46 +00:00
parent 935e7eb32f
commit 793afcd06c
4 changed files with 34 additions and 18 deletions
--- a/changehat/libapparmor/src/grammar.y
+++ b/changehat/libapparmor/src/grammar.y
@@ -99,6 +99,7 @@ aa_record_event_type lookup_aa_event(unsigned int type)
 %token TOK_OLD_ACTIVE
 %token TOK_OLD_UNKNOWN_PROFILE
 %token TOK_OLD_MISSING_PROFILE
+%token TOK_OLD_CHANGING_PROFILE
 %token TOK_OLD_ACCESS
 %token TOK_OLD_TO
 %token TOK_OLD_PIPE
@@ -284,17 +285,20 @@ old_permit_reject_path_pipe_extended:
 		}
 	;
 old_logprof_syntax:
-		  old_logprof_syntax2 TOK_KEY_PID TOK_EQUALS TOK_DIGITS 
-			TOK_KEY_PROFILE TOK_EQUALS old_profile TOK_OLD_ACTIVE TOK_EQUALS old_profile
-			{
-				ret_record->pid = $4;
-				ret_record->profile = strdup($7);
-				free($7);
-				ret_record->active_hat = strdup($10);
-				free($10);
-			}
-		| old_logprof_fork_syntax
-		;
+	  old_logprof_syntax2 key_pid
+		TOK_KEY_PROFILE TOK_EQUALS old_profile TOK_OLD_ACTIVE TOK_EQUALS old_profile
+		{
+			ret_record->profile = strdup($5);
+			free($5);
+			ret_record->active_hat = strdup($8);
+			free($8);
+		}
+	| old_logprof_fork_syntax
+	| TOK_OLD_CHANGING_PROFILE key_pid
+		{
+			ret_record->profile = strdup("null-complain-profile");
+		}
+	;

 old_logprof_syntax2:
 	  TOK_OLD_UNKNOWN_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID
@@ -304,7 +308,7 @@ old_logprof_syntax2:
 			ret_record->name = strdup($4);
 			free($4);
 		}
-	| TOK_OLD_MISSING_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID 
+	| TOK_OLD_MISSING_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID
 		{
 			ret_record->operation = strdup("exec");
 			ret_record->info = strdup("mandatory profile missing");
@@ -314,7 +318,7 @@ old_logprof_syntax2:
 	| TOK_OLD_UNKNOWN_HAT TOK_ID
 		{
 			ret_record->operation = strdup("change_hat");
-			ret_record->name = strdup($2); 
+			ret_record->name = strdup($2);
 			free($2);
 			ret_record->info = strdup("unknown_hat");
 		}
@@ -322,12 +326,11 @@ old_logprof_syntax2:

 /* TODO: Clean this up */
 old_logprof_fork_syntax:
-	  TOK_OLD_FORK TOK_KEY_PID TOK_EQUALS TOK_DIGITS
+	  TOK_OLD_FORK key_pid
 		TOK_OLD_CHILD TOK_EQUALS TOK_DIGITS old_logprof_fork_addition
 	{
 		ret_record->operation = strdup("clone");
-		ret_record->task = $7;
-		ret_record->pid = $4;
+		ret_record->task = $5;
 	}
 	;

@@ -349,6 +352,7 @@ old_profile:
 	;

 audit_msg: TOK_KEY_MSG TOK_EQUALS audit_id
+	;

 audit_id: TOK_AUDIT TOK_OPEN_PAREN TOK_AUDIT_DIGITS TOK_PERIOD TOK_AUDIT_DIGITS TOK_COLON TOK_AUDIT_DIGITS TOK_CLOSE_PAREN TOK_COLON
 	{
@@ -387,8 +391,7 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
 	{ ret_record->magic_token = $3;}
 	| TOK_KEY_INFO TOK_EQUALS TOK_QUOTED_STRING
 	{ ret_record->info = strdup($3); free($3);}
-	| TOK_KEY_PID TOK_EQUALS TOK_DIGITS
-	{ ret_record->pid = $3;}
+	| key_pid
 	| TOK_KEY_PROFILE TOK_EQUALS TOK_QUOTED_STRING
 	{ ret_record->profile = strdup($3); free($3);}
 	| TOK_KEY_FAMILY TOK_EQUALS TOK_QUOTED_STRING
@@ -401,6 +404,8 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
 	{ ret_record->event = lookup_aa_event($3);}
 	;

+key_pid: TOK_KEY_PID TOK_EQUALS TOK_DIGITS { ret_record->pid = $3; }
+	;
 %%

 aa_log_record *
--- a/changehat/libapparmor/src/scanner.l
+++ b/changehat/libapparmor/src/scanner.l
@@ -60,6 +60,7 @@ old_apparmor_logprof	"LOGPROF-HINT"
 old_unknown_hat		"unknown_hat"
 old_unknown_profile	"unknown_profile"
 old_missing_profile	"missing_mandatory_profile"
+old_changing_profile	"changing_profile"
 old_active		"active"
 old_access		"access"
 old_to			"to"
@@ -214,6 +215,7 @@ char *string_buf_ptr = string_buf; /* assignment to quiet gcc warning */
 {old_unknown_hat}	{ BEGIN(sub_id); return(TOK_OLD_UNKNOWN_HAT); }
 {old_unknown_profile}	{ return(TOK_OLD_UNKNOWN_PROFILE); }
 {old_missing_profile}	{ return(TOK_OLD_MISSING_PROFILE); }
+{old_changing_profile}	{ return(TOK_OLD_CHANGING_PROFILE); }
 {old_active}		{ BEGIN(sub_id); return(TOK_OLD_ACTIVE); }
 {old_access}		{ return(TOK_OLD_ACCESS); }
 {old_to}		{ return(TOK_OLD_TO); }
--- a/changehat/libapparmor/testsuite/test_multi/testcase19.in
+++ b/changehat/libapparmor/testsuite/test_multi/testcase19.in
@@ -0,0 +1 @@
+type=APPARMOR msg=audit(1164007073.953:518): LOGPROF-HINT changing_profile pid=29420
--- a/changehat/libapparmor/testsuite/test_multi/testcase19.out
+++ b/changehat/libapparmor/testsuite/test_multi/testcase19.out
@@ -0,0 +1,8 @@
+START
+File: test_multi/testcase19.in
+Event type: AA_RECORD_HINT
+Audit ID: 1164007073.953:518
+Profile: null-complain-profile
+PID: 29420
+Epoch: 1164007073
+Audit subid: 518
				`@@ -0,0 +1 @@`
				`type=APPARMOR msg=audit(1164007073.953:518): LOGPROF-HINT changing_profile pid=29420`