mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

libaalogparse: support missing mount keywords

Browse Source 
This patch adds support for the mount and pivotroot related keywords,
fstype, flags, and srcname.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
Steve Beattie 2014-09-04 10:10:56 -07:00
parent 4dd76b704e
commit d99222b1b9
11 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libraries/libapparmor/include/aalogparse.h
View File

@ -154,6 +154,11 @@ typedef struct
char *dbus_member; char *dbus_member;
char *signal; /* signal name */ char *signal; /* signal name */
char *peer; char *peer;
/* mount et al specific bits */
char *fs_type;
char *flags;
char *src_name;
} aa_log_record; } aa_log_record;
/** /**

11
libraries/libapparmor/src/grammar.y
View File

@ -159,6 +159,9 @@ aa_record_event_type lookup_aa_event(unsigned int type)
%token TOK_KEY_INTERFACE %token TOK_KEY_INTERFACE
%token TOK_KEY_MEMBER %token TOK_KEY_MEMBER
%token TOK_KEY_SIGNAL %token TOK_KEY_SIGNAL
%token TOK_KEY_FSTYPE
%token TOK_KEY_FLAGS
%token TOK_KEY_SRCNAME
%token TOK_SYSLOG_KERNEL %token TOK_SYSLOG_KERNEL
%token TOK_SYSLOG_USER %token TOK_SYSLOG_USER
@ -354,6 +357,14 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->dbus_member = $3; } { ret_record->dbus_member = $3; }
| TOK_KEY_SIGNAL TOK_EQUALS TOK_ID | TOK_KEY_SIGNAL TOK_EQUALS TOK_ID
{ ret_record->signal = $3; } { ret_record->signal = $3; }
| TOK_KEY_FSTYPE TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->fs_type = $3; }
| TOK_KEY_FLAGS TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->flags = $3; }
| TOK_KEY_SRCNAME TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->src_name = $3; }
| TOK_MSG_REST | TOK_MSG_REST
{ {
ret_record->event = AA_RECORD_INVALID; ret_record->event = AA_RECORD_INVALID;

6
libraries/libapparmor/src/libaalogparse.c
View File

@ -97,6 +97,12 @@ void free_record(aa_log_record *record)
free(record->dbus_member); free(record->dbus_member);
if (record->signal != NULL) if (record->signal != NULL)
free(record->signal ); free(record->signal );
if (record->fs_type != NULL)
free(record->fs_type);
if (record->flags != NULL)
free(record->flags);
if (record->src_name != NULL)
free(record->src_name);
free(record); free(record);
} }

6
libraries/libapparmor/src/scanner.l
View File

@ -161,6 +161,9 @@ key_interface "interface"
key_member "member" key_member "member"
key_signal "signal" key_signal "signal"
key_peer "peer" key_peer "peer"
key_fstype "fstype"
key_flags "flags"
key_srcname "srcname"
audit "audit" audit "audit"
/* network addrs */ /* network addrs */
@ -340,6 +343,9 @@ yy_flex_debug = 0;
{key_member} { return(TOK_KEY_MEMBER); } {key_member} { return(TOK_KEY_MEMBER); }
{key_signal} { BEGIN(sub_id); return(TOK_KEY_SIGNAL); } {key_signal} { BEGIN(sub_id); return(TOK_KEY_SIGNAL); }
{key_peer} { BEGIN(safe_string); return(TOK_KEY_PEER); } {key_peer} { BEGIN(safe_string); return(TOK_KEY_PEER); }
{key_fstype} { return(TOK_KEY_FSTYPE); }
{key_flags} { BEGIN(safe_string); return(TOK_KEY_FLAGS); }
{key_srcname} { BEGIN(safe_string); return(TOK_KEY_SRCNAME); }
{syslog_kernel} { BEGIN(dmesg_timestamp); return(TOK_SYSLOG_KERNEL); } {syslog_kernel} { BEGIN(dmesg_timestamp); return(TOK_SYSLOG_KERNEL); }
{syslog_user} { return(TOK_SYSLOG_USER); } {syslog_user} { return(TOK_SYSLOG_USER); }

4
libraries/libapparmor/testsuite/test_multi.c
View File

@ -129,6 +129,10 @@ int print_results(aa_log_record *record)
print_string("Signal", record->signal); print_string("Signal", record->signal);
print_string("FS Type", record->fs_type);
print_string("Flags", record->flags);
print_string("Src name", record->src_name);
print_long("Epoch", record->epoch, 0); print_long("Epoch", record->epoch, 0);
print_long("Audit subid", (long) record->audit_sub_id, 0); print_long("Audit subid", (long) record->audit_sub_id, 0);
return(0); return(0);

0
libraries/libapparmor/testsuite/test_multi/testcase_mount_01.err Normal file
View File

1
libraries/libapparmor/testsuite/test_multi/testcase_mount_01.in Normal file
View File

@ -0,0 +1 @@
type=AVC msg=audit(1409700640.016:547457): apparmor="DENIED" operation="mount" info="failed mntpnt match" error=-13 profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/mount" name="/tmp/sdtest.19033-29001-MPfz98/mountpoint/" pid=19085 comm="mount" fstype="ext2" srcname="/dev/loop0/" flags="rw, mand"

16
libraries/libapparmor/testsuite/test_multi/testcase_mount_01.out Normal file
View File

@ -0,0 +1,16 @@
START
File: testcase_mount_01.in
Event type: AA_RECORD_DENIED
Audit ID: 1409700640.016:547457
Operation: mount
Profile: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/mount
Name: /tmp/sdtest.19033-29001-MPfz98/mountpoint/
Command: mount
Info: failed mntpnt match
ErrorCode: 13
PID: 19085
FS Type: ext2
Flags: rw, mand
Src name: /dev/loop0/
Epoch: 1409700640
Audit subid: 547457

0
libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.err Normal file
View File

1
libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.in Normal file
View File

@ -0,0 +1 @@
type=AVC msg=audit(1409700678.384:547594): apparmor="DENIED" operation="pivotroot" profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/pivot_root" name="/tmp/sdtest.21082-7446-EeefO6/new_root/" pid=21162 comm="pivot_root" srcname="/tmp/sdtest.21082-7446-EeefO6/new_root/put_old/"

12
libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.out Normal file
View File

@ -0,0 +1,12 @@
START
File: testcase_pivotroot_01.in
Event type: AA_RECORD_DENIED
Audit ID: 1409700678.384:547594
Operation: pivotroot
Profile: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/pivot_root
Name: /tmp/sdtest.21082-7446-EeefO6/new_root/
Command: pivot_root
PID: 21162
Src name: /tmp/sdtest.21082-7446-EeefO6/new_root/put_old/
Epoch: 1409700678
Audit subid: 547594