mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-03 07:45:50 +00:00
Code Issues Releases Wiki Activity

Add "comm" string to the parser structure and testsuite runner. Update

Browse Source 
testsuite output to include "comm" report.
This commit is contained in:
Kees Cook
2010-07-26 09:20:02 -07:00
parent 5649f5237b
commit a92f9e67b3
10 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
libraries/libapparmor/src/aalogparse.h
View File

@@ -129,6 +129,7 @@ typedef struct
unsigned long fsuid; /* fsuid of task - if logged */ unsigned long fsuid; /* fsuid of task - if logged */
unsigned long ouid; /* ouid of task - if logged */ unsigned long ouid; /* ouid of task - if logged */
char *profile; /* The name of the profile */ char *profile; /* The name of the profile */
char *comm; /* Command that triggered msg */
char *name; char *name;
char *name2; char *name2;
char *namespace; char *namespace;

1
libraries/libapparmor/src/grammar.y
View File

@@ -432,6 +432,7 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
| TOK_KEY_OUID TOK_EQUALS TOK_DIGITS | TOK_KEY_OUID TOK_EQUALS TOK_DIGITS
{ ret_record->ouid = $3;} { ret_record->ouid = $3;}
| TOK_KEY_COMM TOK_EQUALS TOK_QUOTED_STRING | TOK_KEY_COMM TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->comm = $3;}
| TOK_KEY_APPARMOR TOK_EQUALS apparmor_event | TOK_KEY_APPARMOR TOK_EQUALS apparmor_event
; ;

2
libraries/libapparmor/src/libaalogparse.c
View File

@@ -56,6 +56,8 @@ void free_record(aa_log_record *record)
free(record->denied_mask); free(record->denied_mask);
if (record->profile != NULL) if (record->profile != NULL)
free(record->profile); free(record->profile);
if (record->comm != NULL)
free(record->comm);
if (record->name != NULL) if (record->name != NULL)
free(record->name); free(record->name);
if (record->name2 != NULL) if (record->name2 != NULL)

4
libraries/libapparmor/testsuite/test_multi.c
View File

@@ -129,6 +129,10 @@ int print_results(aa_log_record *record)
{ {
printf("Name: %s\n", record->name); printf("Name: %s\n", record->name);
} }
if (record->comm != NULL)
{
printf("Command: %s\n", record->comm);
}
if (record->name2 != NULL) if (record->name2 != NULL)
{ {
printf("Name2: %s\n", record->name2); printf("Name2: %s\n", record->name2);

1
libraries/libapparmor/testsuite/test_multi/avc_audit_01.out
View File

@@ -9,6 +9,7 @@ fsuid: 0
ouid: 1000 ouid: 1000
Profile: /usr/sbin/cupsd Profile: /usr/sbin/cupsd
Name: /home/user/.ssh/ Name: /home/user/.ssh/
Command: ls
Parent: 12332 Parent: 12332
PID: 12333 PID: 12333
Epoch: 1279948288 Epoch: 1279948288

1
libraries/libapparmor/testsuite/test_multi/avc_audit_02.out
View File

@@ -4,6 +4,7 @@ Event type: AA_RECORD_STATUS
Audit ID: 1279948227.175:27 Audit ID: 1279948227.175:27
Operation: profile_replace Operation: profile_replace
Name: /sbin/dhclient3 Name: /sbin/dhclient3
Command: apparmor_parser
PID: 12291 PID: 12291
Epoch: 1279948227 Epoch: 1279948227
Audit subid: 27 Audit subid: 27

1
libraries/libapparmor/testsuite/test_multi/avc_audit_03.out
View File

@@ -9,6 +9,7 @@ fsuid: 1000
ouid: 0 ouid: 0
Profile: /tmp/cat Profile: /tmp/cat
Name: /etc/passwd Name: /etc/passwd
Command: cat
Parent: 7014 Parent: 7014
PID: 21645 PID: 21645
Epoch: 1279968846 Epoch: 1279968846

1
libraries/libapparmor/testsuite/test_multi/avc_syslog_01.out
View File

@@ -9,6 +9,7 @@ fsuid: 0
ouid: 0 ouid: 0
Profile: /usr/sbin/cupsd Profile: /usr/sbin/cupsd
Name: /boot/ Name: /boot/
Command: ls
Parent: 19650 Parent: 19650
PID: 19651 PID: 19651
Epoch: 1279967133 Epoch: 1279967133

1
libraries/libapparmor/testsuite/test_multi/avc_syslog_02.out
View File

@@ -4,6 +4,7 @@ Event type: AA_RECORD_STATUS
Audit ID: 1279967081.455:42 Audit ID: 1279967081.455:42
Operation: profile_replace Operation: profile_replace
Name: /sbin/dhclient3 Name: /sbin/dhclient3
Command: apparmor_parser
PID: 19610 PID: 19610
Epoch: 1279967081 Epoch: 1279967081
Audit subid: 42 Audit subid: 42

1
libraries/libapparmor/testsuite/test_multi/avc_syslog_03.out
View File

@@ -9,6 +9,7 @@ fsuid: 1000
ouid: 0 ouid: 0
Profile: /tmp/cat Profile: /tmp/cat
Name: /etc/passwd Name: /etc/passwd
Command: cat
Parent: 7014 Parent: 7014
PID: 21645 PID: 21645
Epoch: 1279968846 Epoch: 1279968846