diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.err b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.err new file mode 100644 index 000000000..e69de29bb diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.in b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.in new file mode 100644 index 000000000..4bc393d58 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.in @@ -0,0 +1 @@ +Apr 05 19:36:19 ubuntu kernel: audit: type=1400 audit(1649187379.660:255): apparmor="DENIED" operation="create" profile="/root/apparmor/tests/regression/apparmor/posix_mq_rcv" name="/queuename" pid=791 comm="posix_mq_rcv" requested="create" denied="create" class="posix_mqueue" fsuid=0 ouid=0 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.out b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.out new file mode 100644 index 000000000..4c1d8be16 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.out @@ -0,0 +1,16 @@ +START +File: testcase_mqueue_01.in +Event type: AA_RECORD_DENIED +Audit ID: 1649187379.660:255 +Operation: create +Mask: create +Denied Mask: create +fsuid: 0 +ouid: 0 +Profile: /root/apparmor/tests/regression/apparmor/posix_mq_rcv +Name: /queuename +Command: posix_mq_rcv +PID: 791 +Class: posix_mqueue +Epoch: 1649187379 +Audit subid: 255 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.profile new file mode 100644 index 000000000..f9a36a126 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.profile @@ -0,0 +1,4 @@ +/root/apparmor/tests/regression/apparmor/posix_mq_rcv { + mqueue create type=posix /queuename, + +} diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.err b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.err new file mode 100644 index 000000000..e69de29bb diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.in b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.in new file mode 100644 index 000000000..abd39024d --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.in @@ -0,0 +1,2 @@ +Apr 05 19:36:29 ubuntu kernel: audit: type=1400 audit(1649187389.828:262): apparmor="DENIED" operation="open" profile="/root/apparmor/tests/regression/apparmor/posix_mq_rcv" name="/queuename" pid=848 comm="posix_mq_rcv" requested="read create" denied="read" class="posix_mqueue" fsuid=0 ouid=0 + diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.out b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.out new file mode 100644 index 000000000..b38b68a03 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.out @@ -0,0 +1,16 @@ +START +File: testcase_mqueue_02.in +Event type: AA_RECORD_DENIED +Audit ID: 1649187389.828:262 +Operation: open +Mask: read create +Denied Mask: read +fsuid: 0 +ouid: 0 +Profile: /root/apparmor/tests/regression/apparmor/posix_mq_rcv +Name: /queuename +Command: posix_mq_rcv +PID: 848 +Class: posix_mqueue +Epoch: 1649187389 +Audit subid: 262 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.profile new file mode 100644 index 000000000..1aaeff6f2 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.profile @@ -0,0 +1,4 @@ +/root/apparmor/tests/regression/apparmor/posix_mq_rcv { + mqueue read type=posix /queuename, + +} diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.err b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.err new file mode 100644 index 000000000..e69de29bb diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.in b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.in new file mode 100644 index 000000000..538a5429f --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.in @@ -0,0 +1 @@ +Apr 05 19:36:39 ubuntu kernel: audit: type=1400 audit(1649187399.973:265): apparmor="DENIED" operation="unlink" profile="/root/apparmor/tests/regression/apparmor/posix_mq_rcv" name="/queuename" pid=897 comm="posix_mq_rcv" requested="delete" denied="delete" class="posix_mqueue" fsuid=0 ouid=0 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.out b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.out new file mode 100644 index 000000000..b21d11855 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.out @@ -0,0 +1,16 @@ +START +File: testcase_mqueue_03.in +Event type: AA_RECORD_DENIED +Audit ID: 1649187399.973:265 +Operation: unlink +Mask: delete +Denied Mask: delete +fsuid: 0 +ouid: 0 +Profile: /root/apparmor/tests/regression/apparmor/posix_mq_rcv +Name: /queuename +Command: posix_mq_rcv +PID: 897 +Class: posix_mqueue +Epoch: 1649187399 +Audit subid: 265 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.profile new file mode 100644 index 000000000..af443f5d0 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.profile @@ -0,0 +1,4 @@ +/root/apparmor/tests/regression/apparmor/posix_mq_rcv { + mqueue delete type=posix /queuename, + +} diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.err b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.err new file mode 100644 index 000000000..e69de29bb diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.in b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.in new file mode 100644 index 000000000..ce2aa35aa --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.in @@ -0,0 +1 @@ +Jun 02 16:58:20 ubuntu kernel: audit: type=1400 audit(1654189100.680:1011): apparmor="DENIED" operation="sysv_mqueue" profile="/root/apparmor/tests/regression/apparmor/sysv_mq_rcv" name="123" pid=13574 comm="sysv_mq_rcv" requested="create" denied="create" class="sysv_mqueue" fsuid=0 ouid=0 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.out b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.out new file mode 100644 index 000000000..3ea1ed8de --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.out @@ -0,0 +1,16 @@ +START +File: testcase_mqueue_04.in +Event type: AA_RECORD_DENIED +Audit ID: 1654189100.680:1011 +Operation: sysv_mqueue +Mask: create +Denied Mask: create +fsuid: 0 +ouid: 0 +Profile: /root/apparmor/tests/regression/apparmor/sysv_mq_rcv +Name: 123 +Command: sysv_mq_rcv +PID: 13574 +Class: sysv_mqueue +Epoch: 1654189100 +Audit subid: 1011 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.profile new file mode 100644 index 000000000..44f5f21fe --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.profile @@ -0,0 +1,4 @@ +/root/apparmor/tests/regression/apparmor/sysv_mq_rcv { + mqueue create type=sysv 123, + +} diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.err b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.err new file mode 100644 index 000000000..e69de29bb diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.in b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.in new file mode 100644 index 000000000..8b36aa91b --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.in @@ -0,0 +1 @@ +Jun 02 17:15:45 ubuntu kernel: audit: type=1400 audit(1654190145.439:1135): apparmor="DENIED" operation="sysv_mqueue" profile="/root/apparmor/tests/regression/apparmor/sysv_mq_snd" name="123" pid=15849 comm="sysv_mq_snd" requested="open" denied="open" class="sysv_mqueue" diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.out b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.out new file mode 100644 index 000000000..fc7c58e8d --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.out @@ -0,0 +1,14 @@ +START +File: testcase_mqueue_05.in +Event type: AA_RECORD_DENIED +Audit ID: 1654190145.439:1135 +Operation: sysv_mqueue +Mask: open +Denied Mask: open +Profile: /root/apparmor/tests/regression/apparmor/sysv_mq_snd +Name: 123 +Command: sysv_mq_snd +PID: 15849 +Class: sysv_mqueue +Epoch: 1654190145 +Audit subid: 1135 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.profile new file mode 100644 index 000000000..f04e07e46 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.profile @@ -0,0 +1,4 @@ +/root/apparmor/tests/regression/apparmor/sysv_mq_snd { + mqueue open type=sysv 123, + +} diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.err b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.err new file mode 100644 index 000000000..e69de29bb diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.in b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.in new file mode 100644 index 000000000..b8f741333 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.in @@ -0,0 +1 @@ +Jun 02 17:15:37 ubuntu kernel: audit: type=1400 audit(1654190137.559:1122): apparmor="DENIED" operation="sysv_mqueue" profile="/root/apparmor/tests/regression/apparmor/sysv_mq_rcv" name="123" pid=15632 comm="sysv_mq_rcv" requested="read" denied="read" class="sysv_mqueue" fsuid=0 ouid=0 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.out b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.out new file mode 100644 index 000000000..cb348a874 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.out @@ -0,0 +1,16 @@ +START +File: testcase_mqueue_06.in +Event type: AA_RECORD_DENIED +Audit ID: 1654190137.559:1122 +Operation: sysv_mqueue +Mask: read +Denied Mask: read +fsuid: 0 +ouid: 0 +Profile: /root/apparmor/tests/regression/apparmor/sysv_mq_rcv +Name: 123 +Command: sysv_mq_rcv +PID: 15632 +Class: sysv_mqueue +Epoch: 1654190137 +Audit subid: 1122 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.profile new file mode 100644 index 000000000..3ab389d66 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.profile @@ -0,0 +1,4 @@ +/root/apparmor/tests/regression/apparmor/sysv_mq_rcv { + mqueue read type=sysv 123, + +} diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.err b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.err new file mode 100644 index 000000000..e69de29bb diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.in b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.in new file mode 100644 index 000000000..15e22e7ea --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.in @@ -0,0 +1 @@ +Jun 02 17:15:51 ubuntu kernel: audit: type=1400 audit(1654190151.003:1145): apparmor="DENIED" operation="sysv_mqueue" profile="/root/apparmor/tests/regression/apparmor/sysv_mq_rcv" name="123" pid=15973 comm="sysv_mq_rcv" requested="delete" denied="delete" class="sysv_mqueue" fsuid=1001 ouid=1001 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.out b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.out new file mode 100644 index 000000000..739ae8eca --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.out @@ -0,0 +1,16 @@ +START +File: testcase_mqueue_07.in +Event type: AA_RECORD_DENIED +Audit ID: 1654190151.003:1145 +Operation: sysv_mqueue +Mask: delete +Denied Mask: delete +fsuid: 1001 +ouid: 1001 +Profile: /root/apparmor/tests/regression/apparmor/sysv_mq_rcv +Name: 123 +Command: sysv_mq_rcv +PID: 15973 +Class: sysv_mqueue +Epoch: 1654190151 +Audit subid: 1145 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.profile new file mode 100644 index 000000000..bb4965179 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.profile @@ -0,0 +1,4 @@ +/root/apparmor/tests/regression/apparmor/sysv_mq_rcv { + mqueue delete type=sysv 123, + +} diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.err b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.err new file mode 100644 index 000000000..e69de29bb diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.in b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.in new file mode 100644 index 000000000..dd46a703c --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.in @@ -0,0 +1 @@ +Jun 02 17:15:55 ubuntu kernel: audit: type=1400 audit(1654190155.699:1155): apparmor="DENIED" operation="sysv_mqueue" profile="/root/apparmor/tests/regression/apparmor/sysv_mq_snd" name="123" pid=16148 comm="sysv_mq_snd" requested="write" denied="write" class="sysv_mqueue" fsuid=1001 ouid=1001 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.out b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.out new file mode 100644 index 000000000..b6a1fa40a --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.out @@ -0,0 +1,16 @@ +START +File: testcase_mqueue_08.in +Event type: AA_RECORD_DENIED +Audit ID: 1654190155.699:1155 +Operation: sysv_mqueue +Mask: write +Denied Mask: write +fsuid: 1001 +ouid: 1001 +Profile: /root/apparmor/tests/regression/apparmor/sysv_mq_snd +Name: 123 +Command: sysv_mq_snd +PID: 16148 +Class: sysv_mqueue +Epoch: 1654190155 +Audit subid: 1155 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.profile new file mode 100644 index 000000000..9b220cff3 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.profile @@ -0,0 +1,4 @@ +/root/apparmor/tests/regression/apparmor/sysv_mq_snd { + mqueue write type=sysv 123, + +} diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py index d5d9254ce..71d7ea795 100644 --- a/utils/apparmor/aa.py +++ b/utils/apparmor/aa.py @@ -51,6 +51,7 @@ from apparmor.rule.network import NetworkRule from apparmor.rule.ptrace import PtraceRule from apparmor.rule.signal import SignalRule from apparmor.rule.userns import UserNamespaceRule +from apparmor.rule.mqueue import MessageQueueRule from apparmor.translations import init_translation _ = init_translation() @@ -1728,6 +1729,14 @@ def collapse_log(hashlog, ignore_null_profiles=True): if not hat_exists or not is_known_rule(aa[profile][hat], 'userns', userns_event): log_dict[aamode][full_profile]['userns'].add(userns_event) + mqueue = hashlog[aamode][full_profile]['mqueue'] + for access in mqueue.keys(): + for mqueue_type in mqueue[access]: + for mqueue_name in mqueue[access][mqueue_type]: + mqueue_event = MessageQueueRule(access, mqueue_type, MessageQueueRule.ALL, mqueue_name, log_event=True) + if not hat_exists or not is_known_rule(aa[profile][hat], 'mqueue', mqueue_event): + log_dict[aamode][full_profile]['mqueue'].add(mqueue_event) + return log_dict diff --git a/utils/apparmor/logparser.py b/utils/apparmor/logparser.py index b7a706257..8ab276d93 100644 --- a/utils/apparmor/logparser.py +++ b/utils/apparmor/logparser.py @@ -58,6 +58,7 @@ class ReadLog: 'ptrace': hasher(), 'signal': hasher(), 'userns': hasher(), + 'mqueue': hasher(), } def prefetch_next_log_entry(self): @@ -188,7 +189,12 @@ class ReadLog: elif e['class'] and e['class'] == 'namespace': if e['denied_mask'].startswith('userns'): self.hashlog[aamode][full_profile]['userns'][e['denied_mask'].removeprefix('userns_')] = True - return None + return + + elif e['class'] and e['class'].endswith('mqueue'): + mqueue_type = e['class'].partition('_')[0] + self.hashlog[aamode][full_profile]['mqueue'][e['denied_mask']][mqueue_type][e['name']] = True + return elif self.op_type(e) == 'file': # Map c (create) and d (delete) to w (logging is more detailed than the profile language)