From 6f5986a05e80dd24efb53340ebe58c07e0bd0ff1 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Tue, 11 Jun 2024 00:08:17 +0100
Subject: [PATCH] feat(aa-log): improve rule generation on debian.

---
 pkg/aa/profile.go | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/pkg/aa/profile.go b/pkg/aa/profile.go
index 21181378..365bf1eb 100644
--- a/pkg/aa/profile.go
+++ b/pkg/aa/profile.go
@@ -190,10 +190,14 @@ var (
 				return newFileFromLog(log)
 			}
 		},
-		"exec":         newFileFromLog,
-		"file_inherit": newFileFromLog,
-		"file_perm":    newFileFromLog,
-		"open":         newFileFromLog,
+		"exec":       newFileFromLog,
+		"getattr":    newFileFromLog,
+		"mkdir":      newFileFromLog,
+		"mknod":      newFileFromLog,
+		"open":       newFileFromLog,
+		"rename_src": newFileFromLog,
+		"truncate":   newFileFromLog,
+		"unlink":     newFileFromLog,
 	}
 	newLogMountMap = map[string]func(log map[string]string) Rule{
 		"mount":     newMountFromLog,
@@ -229,10 +233,13 @@ func (p *Profile) AddRule(log map[string]string) {
 	}
 
 	if !done {
-		if strings.Contains(log["operation"], "dbus") {
+		switch {
+		case strings.HasPrefix(log["operation"], "file_"):
+			p.Rules = append(p.Rules, newFileFromLog(log))
+		case strings.Contains(log["operation"], "dbus"):
 			p.Rules = append(p.Rules, newDbusFromLog(log))
-		} else {
-			fmt.Printf("unknown log type: %s", log)
+		default:
+			fmt.Printf("unknown log type: %s", log["operation"])
 		}
 	}
 }