feat(aa-log): add support for mqueue.

2024-11-14 23:43:56 +01:00 · 2023-12-05 20:47:32 +00:00 · 2023-12-05 20:47:32 +00:00 · 735e3529fb
commit 735e3529fb
parent 319b976beb
5 changed files with 38 additions and 3 deletions
--- a/pkg/aa/mqueue.go
+++ b/pkg/aa/mqueue.go
@ -4,19 +4,29 @@

 package aa

+import "strings"
+
 type Mqueue struct {
 	Qualifier
 	Access string
 	Type   string
 	Label  string
+	Name   string
 }

 func MqueueFromLog(log map[string]string) ApparmorRule {
+	mqueueType := "posix"
+	if strings.Contains(log["class"], "posix") {
+		mqueueType = "posix"
+	} else if strings.Contains(log["class"], "sysv") {
+		mqueueType = "sysv"
+	}
 	return &Mqueue{
 		Qualifier: NewQualifierFromLog(log),
-		Access:    maskToAccess[log["requested_mask"]],
-		Type:      log["type"],
+		Access:    maskToAccess[log["requested"]],
+		Type:      mqueueType,
 		Label:     log["label"],
+		Name:      log["name"],
 	}
 }

--- a/pkg/aa/profile.go
+++ b/pkg/aa/profile.go
@ -97,7 +97,7 @@ func (p *AppArmorProfile) AddRule(log map[string]string) {
 		case "pivotroot":
 			p.Rules = append(p.Rules, PivotRootFromLog(log))
 		}
-	case "mqueue":
+	case "posix_mqueue", "sysv_mqueue":
 		p.Rules = append(p.Rules, MqueueFromLog(log))
 	case "signal":
 		p.Rules = append(p.Rules, SignalFromLog(log))
--- a/pkg/aa/template.go
+++ b/pkg/aa/template.go
@ -35,10 +35,14 @@ var (
 		"a":            "w",
 		"ac":           "w",
 		"c":            "w",
+		"create":       "create",
 		"d":            "w",
+		"delete":       "delete",
+		"getattr":      "getattr",
 		"k":            "k",
 		"l":            "l",
 		"m":            "rm",
+		"open":         "open",
 		"r":            "r",
 		"ra":           "rw",
 		"read write":   "read write",
@ -49,6 +53,7 @@ var (
 		"rw":           "rw",
 		"send receive": "send receive",
 		"send":         "send",
+		"setattr":      "setattr",
 		"w":            "w",
 		"wc":           "w",
 		"wd":           "w",
--- a/pkg/aa/templates/profile.j2
+++ b/pkg/aa/templates/profile.j2
@ -161,6 +161,25 @@
        {{- template "comment" . -}}
    {{- end -}}

+    {{- if eq $type "Mqueue" -}}
+        {{- template "qualifier" . -}}
+        {{- "mqueue" -}}
+        {{- with .Access -}}
+            {{ " " }}{{ . }}
+        {{- end -}}
+        {{- with .Type -}}
+            {{ " type=" }}{{ . }}
+        {{- end -}}
+        {{- with .Label -}}
+            {{ " label=" }}{{ . }}
+        {{- end -}}
+        {{- with .Name -}}
+            {{ " " }}{{ . }}
+        {{- end -}}
+        {{- "," -}}
+        {{- template "comment" . -}}
+    {{- end -}}
+
    {{- if eq $type "Unix" -}}
        {{- template "qualifier" . -}}
        {{- "unix" -}}
--- a/pkg/prebuild/build.go
+++ b/pkg/prebuild/build.go
@ -28,6 +28,7 @@ var (
 	regAbi4To3 = util.ToRegexRepl([]string{ // Currently Abi3 -> Abi4
 		`abi/3.0`, `abi/4.0`,
 		`# userns,`, `userns,`,
+		`# mqueue`, `mqueue`,
 	})
 )