diff --git a/libraries/libapparmor/include/aalogparse.h b/libraries/libapparmor/include/aalogparse.h index 4edf91c49..1eee33a68 100644 --- a/libraries/libapparmor/include/aalogparse.h +++ b/libraries/libapparmor/include/aalogparse.h @@ -154,6 +154,11 @@ typedef struct char *dbus_member; char *signal; /* signal name */ char *peer; + + /* mount et al specific bits */ + char *fs_type; + char *flags; + char *src_name; } aa_log_record; /** diff --git a/libraries/libapparmor/src/grammar.y b/libraries/libapparmor/src/grammar.y index bde5f2668..ef9111036 100644 --- a/libraries/libapparmor/src/grammar.y +++ b/libraries/libapparmor/src/grammar.y @@ -159,6 +159,9 @@ aa_record_event_type lookup_aa_event(unsigned int type) %token TOK_KEY_INTERFACE %token TOK_KEY_MEMBER %token TOK_KEY_SIGNAL +%token TOK_KEY_FSTYPE +%token TOK_KEY_FLAGS +%token TOK_KEY_SRCNAME %token TOK_SYSLOG_KERNEL %token TOK_SYSLOG_USER @@ -354,6 +357,14 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING { ret_record->dbus_member = $3; } | TOK_KEY_SIGNAL TOK_EQUALS TOK_ID { ret_record->signal = $3; } + + | TOK_KEY_FSTYPE TOK_EQUALS TOK_QUOTED_STRING + { ret_record->fs_type = $3; } + | TOK_KEY_FLAGS TOK_EQUALS TOK_QUOTED_STRING + { ret_record->flags = $3; } + | TOK_KEY_SRCNAME TOK_EQUALS TOK_QUOTED_STRING + { ret_record->src_name = $3; } + | TOK_MSG_REST { ret_record->event = AA_RECORD_INVALID; diff --git a/libraries/libapparmor/src/libaalogparse.c b/libraries/libapparmor/src/libaalogparse.c index adb320761..dcba4caf0 100644 --- a/libraries/libapparmor/src/libaalogparse.c +++ b/libraries/libapparmor/src/libaalogparse.c @@ -97,6 +97,12 @@ void free_record(aa_log_record *record) free(record->dbus_member); if (record->signal != NULL) free(record->signal ); + if (record->fs_type != NULL) + free(record->fs_type); + if (record->flags != NULL) + free(record->flags); + if (record->src_name != NULL) + free(record->src_name); free(record); } diff --git a/libraries/libapparmor/src/scanner.l b/libraries/libapparmor/src/scanner.l index c5902b95d..b5b179413 100644 --- a/libraries/libapparmor/src/scanner.l +++ b/libraries/libapparmor/src/scanner.l @@ -161,6 +161,9 @@ key_interface "interface" key_member "member" key_signal "signal" key_peer "peer" +key_fstype "fstype" +key_flags "flags" +key_srcname "srcname" audit "audit" /* network addrs */ @@ -340,6 +343,9 @@ yy_flex_debug = 0; {key_member} { return(TOK_KEY_MEMBER); } {key_signal} { BEGIN(sub_id); return(TOK_KEY_SIGNAL); } {key_peer} { BEGIN(safe_string); return(TOK_KEY_PEER); } +{key_fstype} { return(TOK_KEY_FSTYPE); } +{key_flags} { BEGIN(safe_string); return(TOK_KEY_FLAGS); } +{key_srcname} { BEGIN(safe_string); return(TOK_KEY_SRCNAME); } {syslog_kernel} { BEGIN(dmesg_timestamp); return(TOK_SYSLOG_KERNEL); } {syslog_user} { return(TOK_SYSLOG_USER); } diff --git a/libraries/libapparmor/testsuite/test_multi.c b/libraries/libapparmor/testsuite/test_multi.c index edbc29c47..c589d31ac 100644 --- a/libraries/libapparmor/testsuite/test_multi.c +++ b/libraries/libapparmor/testsuite/test_multi.c @@ -129,6 +129,10 @@ int print_results(aa_log_record *record) print_string("Signal", record->signal); + print_string("FS Type", record->fs_type); + print_string("Flags", record->flags); + print_string("Src name", record->src_name); + print_long("Epoch", record->epoch, 0); print_long("Audit subid", (long) record->audit_sub_id, 0); return(0); diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mount_01.err b/libraries/libapparmor/testsuite/test_multi/testcase_mount_01.err new file mode 100644 index 000000000..e69de29bb diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mount_01.in b/libraries/libapparmor/testsuite/test_multi/testcase_mount_01.in new file mode 100644 index 000000000..9e6319a12 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mount_01.in @@ -0,0 +1 @@ +type=AVC msg=audit(1409700640.016:547457): apparmor="DENIED" operation="mount" info="failed mntpnt match" error=-13 profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/mount" name="/tmp/sdtest.19033-29001-MPfz98/mountpoint/" pid=19085 comm="mount" fstype="ext2" srcname="/dev/loop0/" flags="rw, mand" diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mount_01.out b/libraries/libapparmor/testsuite/test_multi/testcase_mount_01.out new file mode 100644 index 000000000..821b73d79 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_mount_01.out @@ -0,0 +1,16 @@ +START +File: testcase_mount_01.in +Event type: AA_RECORD_DENIED +Audit ID: 1409700640.016:547457 +Operation: mount +Profile: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/mount +Name: /tmp/sdtest.19033-29001-MPfz98/mountpoint/ +Command: mount +Info: failed mntpnt match +ErrorCode: 13 +PID: 19085 +FS Type: ext2 +Flags: rw, mand +Src name: /dev/loop0/ +Epoch: 1409700640 +Audit subid: 547457 diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.err b/libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.err new file mode 100644 index 000000000..e69de29bb diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.in b/libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.in new file mode 100644 index 000000000..519969561 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.in @@ -0,0 +1 @@ +type=AVC msg=audit(1409700678.384:547594): apparmor="DENIED" operation="pivotroot" profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/pivot_root" name="/tmp/sdtest.21082-7446-EeefO6/new_root/" pid=21162 comm="pivot_root" srcname="/tmp/sdtest.21082-7446-EeefO6/new_root/put_old/" diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.out b/libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.out new file mode 100644 index 000000000..68f023b65 --- /dev/null +++ b/libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.out @@ -0,0 +1,12 @@ +START +File: testcase_pivotroot_01.in +Event type: AA_RECORD_DENIED +Audit ID: 1409700678.384:547594 +Operation: pivotroot +Profile: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/pivot_root +Name: /tmp/sdtest.21082-7446-EeefO6/new_root/ +Command: pivot_root +PID: 21162 +Src name: /tmp/sdtest.21082-7446-EeefO6/new_root/put_old/ +Epoch: 1409700678 +Audit subid: 547594