logparser.py parse_event(): always store family, protocol and sock_type

Storing these event details depending on the operation type only makes
things more difficult because it's hard to differenciate between file
and network events.

Note that this happens at the first log parsing stage (libapparmor log
event -> temporary python array) and therefore doesn't add a serious
memory footprint. The event tree will still only contain the elements
relevant for the actual event type.

This change means that lots of testcases now get 3 more fields (all
None) when testing parse_event(), so update all affected testcases.
(test-network doesn't need a change for probably obvious reasons.)

Also rename a misnamed test in test-change_profile.


Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.10.

utils/test/test-change_profile.py

@@ -92,7 +92,7 @@ class ChangeProfileTestParseInvalid(ChangeProfileTest):
             ChangeProfileRule.parse(rawrule)
 
 class ChangeProfileTestParseFromLog(ChangeProfileTest):
-    def test_net_from_log(self):
+    def test_change_profile_from_log(self):
         parser = ReadLog('', '', '', '', '')
 
         event = 'type=AVC msg=audit(1428699242.551:386): apparmor="DENIED" operation="change_profile" profile="/foo/changeprofile" pid=3459 comm="changeprofile" target="/foo/rename"'
@@ -106,7 +106,6 @@ class ChangeProfileTestParseFromLog(ChangeProfileTest):
             'request_mask': None,
             'denied_mask': None,
             'error_code': 0,
-            #'family': 'inet',
             'magic_token': 0,
             'parent': 0,
             'profile': '/foo/changeprofile',
@@ -121,6 +120,9 @@ class ChangeProfileTestParseFromLog(ChangeProfileTest):
             'attr': None,
             'name2': '/foo/rename', # target
             'name': None,
+            'family': None,
+            'protocol': None,
+            'sock_type': None,
         })
 
         obj = ChangeProfileRule(None, ChangeProfileRule.ALL, parsed_event['name2'], log_event=parsed_event)