mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-02 15:25:27 +00:00
Code Issues Releases Wiki Activity

Merge libapparmor: add scanner support for dbus method

Browse Source 
In the [merge request that adds AppArmor support on D-Bus Broker](https://github.com/bus1/dbus-broker/pull/286), the word "method" is used instead of "member" on the auditing logs.
So we are adding support to parse "method" the same way as "member" on D-Bus audit logs.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/958
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen
2023-01-24 21:41:07 +00:00
parent bb30df7843 f91be85361
commit a96fa35bd5
5 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libraries/libapparmor/src/scanner.l
View File

@@ -165,6 +165,7 @@ key_dest "dest"
key_path "path" key_path "path"
key_interface "interface" key_interface "interface"
key_member "member" key_member "member"
key_method "method"
key_signal "signal" key_signal "signal"
key_peer "peer" key_peer "peer"
key_fstype "fstype" key_fstype "fstype"
@@ -355,6 +356,7 @@ yy_flex_debug = 0;
{key_path} { return(TOK_KEY_PATH); } {key_path} { return(TOK_KEY_PATH); }
{key_interface} { return(TOK_KEY_INTERFACE); } {key_interface} { return(TOK_KEY_INTERFACE); }
{key_member} { return(TOK_KEY_MEMBER); } {key_member} { return(TOK_KEY_MEMBER); }
{key_method} { return(TOK_KEY_MEMBER); }
{key_signal} { BEGIN(sub_id); return(TOK_KEY_SIGNAL); } {key_signal} { BEGIN(sub_id); return(TOK_KEY_SIGNAL); }
{key_peer} { BEGIN(safe_string); return(TOK_KEY_PEER); } {key_peer} { BEGIN(safe_string); return(TOK_KEY_PEER); }
{key_fstype} { return(TOK_KEY_FSTYPE); } {key_fstype} { return(TOK_KEY_FSTYPE); }

0
libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.err Normal file
View File

1
libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.in Normal file
View File

@@ -0,0 +1 @@
Dec 15 17:32:17 kinetic kernel: [4835959.046111] audit: type=1107 audit(1671125537.724:209): pid=7308 uid=0 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" method="Hello" mask="send" label="/tmp/apparmor/tests/regression/apparmor/dbus_message" peer_label="unconfined" exe="/usr/local/bin/dbus-broker" sauid=0 hostname=? addr=? terminal=?'

15
libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.out Normal file
View File

@@ -0,0 +1,15 @@
START
File: testcase_dbus_11.in
Event type: AA_RECORD_DENIED
Audit ID: 1671125537.724:209
Operation: dbus_method_call
Denied Mask: send
Profile: /tmp/apparmor/tests/regression/apparmor/dbus_message
Peer profile: unconfined
Command: /usr/local/bin/dbus-broker
DBus bus: session
DBus path: /org/freedesktop/DBus
DBus interface: org.freedesktop.DBus
DBus member: Hello
Epoch: 1671125537
Audit subid: 209

4
libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.profile Normal file
View File

@@ -0,0 +1,4 @@
/tmp/apparmor/tests/regression/apparmor/dbus_message {
dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=Hello peer=(label=unconfined),
}