feat(aa-log): parse log file to AA object to allow easy print.

2024-11-14 23:43:56 +01:00 · 2023-08-17 23:12:46 +01:00 · 2023-08-17 23:12:46 +01:00 · d06a474b0c
commit d06a474b0c
parent 574891d445
2 changed files with 82 additions and 0 deletions
--- a/pkg/aa/profile.go
+++ b/pkg/aa/profile.go
@ -3,6 +3,14 @@
 // SPDX-License-Identifier: GPL-2.0-only

 package aa
+
+import (
+	"bytes"
+	"strings"
+
+	"golang.org/x/exp/slices"
+)
+
 // AppArmorProfiles represents a full set of apparmor profiles
 type AppArmorProfiles map[string]*AppArmorProfile

@ -29,3 +37,53 @@ func (p *AppArmorProfile) String() string {
 	return res.String()
 }

+// AddRule adds a new rule to the profile from a log map
+func (p *AppArmorProfile) AddRule(log map[string]string) {
+	noNewPrivs := false
+	fileInherit := false
+	if log["operation"] == "file_inherit" {
+		fileInherit = true
+	}
+
+	switch log["error"] {
+	case "-1":
+		noNewPrivs = true
+	case "-2":
+		if !slices.Contains(p.Flags, "mediate_deleted") {
+			p.Flags = append(p.Flags, "mediate_deleted")
+		}
+	case "-13":
+		if !slices.Contains(p.Flags, "attach_disconnected") {
+			p.Flags = append(p.Flags, "attach_disconnected")
+		}
+	default:
+	}
+
+	switch log["class"] {
+	case "cap":
+		p.Capability = append(p.Capability, NewCapability(log, noNewPrivs, fileInherit))
+	case "file":
+		p.File = append(p.File, NewFile(log, noNewPrivs, fileInherit))
+	case "net":
+		if log["family"] == "unix" {
+			p.Unix = append(p.Unix, NewUnix(log, noNewPrivs, fileInherit))
+		} else {
+			p.Network = append(p.Network, NewNetwork(log, noNewPrivs, fileInherit))
+		}
+	case "signal":
+		p.Signal = append(p.Signal, NewSignal(log, noNewPrivs, fileInherit))
+	case "ptrace":
+		p.Ptrace = append(p.Ptrace, NewPtrace(log, noNewPrivs, fileInherit))
+	case "unix":
+		p.Unix = append(p.Unix, NewUnix(log, noNewPrivs, fileInherit))
+	case "mount":
+		p.Mount = append(p.Mount, NewMount(log, noNewPrivs, fileInherit))
+	default:
+		if strings.Contains(log["operation"], "dbus") {
+			p.Dbus = append(p.Dbus, NewDbus(log, noNewPrivs, fileInherit))
+		} else if log["family"] == "unix" {
+			p.Unix = append(p.Unix, NewUnix(log, noNewPrivs, fileInherit))
+		}
+	}
+}
+
--- a/pkg/logs/logs.go
+++ b/pkg/logs/logs.go
@ -11,6 +11,7 @@ import (
 	"regexp"
 	"strings"

+	"github.com/roddhjav/apparmor.d/pkg/aa"
 	"github.com/roddhjav/apparmor.d/pkg/util"
 	"golang.org/x/exp/slices"
 )
@ -219,3 +220,26 @@ func (aaLogs AppArmorLogs) String() string {
 	}
 	return res
 }
+
+// ParseToProfiles convert the log data into a new AppArmorProfiles
+func (aaLogs AppArmorLogs) ParseToProfiles() aa.AppArmorProfiles {
+	profiles := make(aa.AppArmorProfiles, 0)
+	for _, log := range aaLogs {
+		name := ""
+		if strings.Contains(log["operation"], "dbus") {
+			name = log["label"]
+		} else {
+			name = log["profile"]
+		}
+
+		if _, ok := profiles[name]; !ok {
+			profile := &aa.AppArmorProfile{}
+			profile.Name = name
+			profile.AddRule(log)
+			profiles[name] = profile
+		} else {
+			profiles[name].AddRule(log)
+		}
+	}
+	return profiles
+}