From effc5eb9aa3432e3892c5b7a82b62e80881a9442 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Fri, 2 Apr 2021 10:43:03 +0100
Subject: [PATCH] Add the aa-log helper.

---
 root/usr/bin/aa-log                           | 25 +++++++++++++++++++
 root/usr/share/zsh/site-functions/_aa-log.zsh | 18 +++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100755 root/usr/bin/aa-log
 create mode 100644 root/usr/share/zsh/site-functions/_aa-log.zsh

diff --git a/root/usr/bin/aa-log b/root/usr/bin/aa-log
new file mode 100755
index 00000000..4841fcd5
--- /dev/null
+++ b/root/usr/bin/aa-log
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+# Review AppArmor generated messages
+# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+#
+
+readonly LOGFILE=/var/log/audit/audit.log
+
+# Parses AppArmor logs to hide unnecessary information and remove duplicates.
+_apparmor_log() {
+    local state="$1" profile="${2}"
+    grep -a "$state" "$LOGFILE" \
+        | grep "profile=\"$profile.*\"" \
+        | grep -v laddr \
+        | sed -e 's/AVC //' \
+              -e "s/apparmor=\"$state\"/$state/" \
+              -e 's/type=msg=audit(.*): //' \
+              -e 's/pid=.* comm/comm/' \
+              -e 's/ fsuid.*//' \
+        | awk '!x[$0]++'
+
+}
+
+_apparmor_log DENIED "$@"
+_apparmor_log ALLOWED "$@"
diff --git a/root/usr/share/zsh/site-functions/_aa-log.zsh b/root/usr/share/zsh/site-functions/_aa-log.zsh
new file mode 100644
index 00000000..0b2c69be
--- /dev/null
+++ b/root/usr/share/zsh/site-functions/_aa-log.zsh
@@ -0,0 +1,18 @@
+#compdef aa-log
+#autoload
+
+_aa-log () {
+	local IFS=$'\n'
+	_values -C 'profile names' ${$(__aa_profiles):-""}
+}
+
+__aa_profiles() {
+	find -L /etc/apparmor.d -type f \
+		| sed -e 's#/etc/apparmor.d/##' \
+			  -e '/abi/d' \
+			  -e '/abstractions/d' \
+			  -e '/local/d' \
+		| sort
+}
+
+_aa-log