libaalogparse: add signal and peer keyword support

When signals and ptrace mediation were added to apparmor, the aalogparse routines were not adjusted to compensate. This patch adds support for the signal and peer keywords. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2025-03-04 08:24:42 +01:00 · 2014-09-04 09:57:32 -07:00 · 2014-09-04 09:57:32 -07:00 · 4dd76b704e
commit 4dd76b704e
parent 049cb96106
14 changed files with 63 additions and 0 deletions
--- a/libraries/libapparmor/include/aalogparse.h
+++ b/libraries/libapparmor/include/aalogparse.h
@ -152,6 +152,8 @@ typedef struct
 	char *dbus_path;
 	char *dbus_interface;
 	char *dbus_member;
+	char *signal;			/* signal name */
+	char *peer;
 } aa_log_record;

 /**
--- a/libraries/libapparmor/src/grammar.y
+++ b/libraries/libapparmor/src/grammar.y
@ -128,6 +128,7 @@ aa_record_event_type lookup_aa_event(unsigned int type)
 %token TOK_KEY_PEER_PID
 %token TOK_KEY_PROFILE
 %token TOK_KEY_PEER_PROFILE
+%token TOK_KEY_PEER
 %token TOK_AUDIT
 %token TOK_KEY_FAMILY
 %token TOK_KEY_SOCK_TYPE
@ -157,6 +158,7 @@ aa_record_event_type lookup_aa_event(unsigned int type)
 %token TOK_KEY_PATH
 %token TOK_KEY_INTERFACE
 %token TOK_KEY_MEMBER
+%token TOK_KEY_SIGNAL

 %token TOK_SYSLOG_KERNEL
 %token TOK_SYSLOG_USER
@ -267,6 +269,8 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
 	{ ret_record->info = $3;}
 	| TOK_KEY_PEER_INFO TOK_EQUALS TOK_QUOTED_STRING
 	{ ret_record->peer_info = $3;}
+	| TOK_KEY_PEER TOK_EQUALS TOK_QUOTED_STRING
+	{ ret_record->peer = $3;}
 	| key_pid
 	| key_peer_pid
 	| TOK_KEY_PROFILE TOK_EQUALS safe_string
@ -348,6 +352,8 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
 	{ ret_record->dbus_interface = $3; }
 	| TOK_KEY_MEMBER TOK_EQUALS TOK_QUOTED_STRING
 	{ ret_record->dbus_member = $3; }
+	| TOK_KEY_SIGNAL TOK_EQUALS TOK_ID
+	{ ret_record->signal = $3; }
 	| TOK_MSG_REST
 	{
 		ret_record->event = AA_RECORD_INVALID;
--- a/libraries/libapparmor/src/libaalogparse.c
+++ b/libraries/libapparmor/src/libaalogparse.c
@ -71,6 +71,8 @@ void free_record(aa_log_record *record)
 			free(record->info);
 		if (record->peer_info != NULL)
 			free(record->peer_info);
+		if (record->peer != NULL)
+			free(record->peer);
 		if (record->active_hat != NULL)
 			free(record->active_hat);
 		if (record->audit_id != NULL)
@ -93,6 +95,8 @@ void free_record(aa_log_record *record)
 			free(record->dbus_interface);
 		if (record->dbus_member != NULL)
 			free(record->dbus_member);
+		if (record->signal != NULL)
+			free(record->signal );

 		free(record);
 	}
--- a/libraries/libapparmor/src/scanner.l
+++ b/libraries/libapparmor/src/scanner.l
@ -159,6 +159,8 @@ key_dest		"dest"
 key_path		"path"
 key_interface		"interface"
 key_member		"member"
+key_signal		"signal"
+key_peer		"peer"
 audit			"audit"

 /* network addrs */
@ -336,6 +338,8 @@ yy_flex_debug = 0;
 {key_path}		{ return(TOK_KEY_PATH); }
 {key_interface}		{ return(TOK_KEY_INTERFACE); }
 {key_member}		{ return(TOK_KEY_MEMBER); }
+{key_signal}		{ BEGIN(sub_id); return(TOK_KEY_SIGNAL); }
+{key_peer}		{ BEGIN(safe_string); return(TOK_KEY_PEER); }

 {syslog_kernel}		{ BEGIN(dmesg_timestamp); return(TOK_SYSLOG_KERNEL); }
 {syslog_user}		{ return(TOK_SYSLOG_USER); }
--- a/libraries/libapparmor/testsuite/test_multi.c
+++ b/libraries/libapparmor/testsuite/test_multi.c
@ -98,6 +98,7 @@ int print_results(aa_log_record *record)

 		print_string("Profile", record->profile);
 		print_string("Peer profile", record->peer_profile);
+		print_string("Peer", record->peer);
 		print_string("Name", record->name);
 		print_string("Command", record->comm);
 		print_string("Name2", record->name2);
@ -126,6 +127,8 @@ int print_results(aa_log_record *record)
 		print_string("DBus interface", record->dbus_interface);
 		print_string("DBus member", record->dbus_member);

+		print_string("Signal", record->signal);
+
 		print_long("Epoch", record->epoch, 0);
 		print_long("Audit subid", (long) record->audit_sub_id, 0);
 	return(0);
--- a/libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.err
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.err
--- a/libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.in
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.in
@ -0,0 +1 @@
+type=AVC msg=audit(1409700683.304:547661): apparmor="DENIED" operation="ptrace" profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace" pid=22465 comm="ptrace" requested_mask="tracedby" denied_mask="tracedby" peer="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace"
--- a/libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.out
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_ptrace_01.out
@ -0,0 +1,13 @@
+START
+File: testcase_ptrace_01.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1409700683.304:547661
+Operation: ptrace
+Mask: tracedby
+Denied Mask: tracedby
+Profile: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace
+Peer: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace
+Command: ptrace
+PID: 22465
+Epoch: 1409700683
+Audit subid: 547661
--- a/libraries/libapparmor/testsuite/test_multi/testcase_signal_01.err
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_signal_01.err
--- a/libraries/libapparmor/testsuite/test_multi/testcase_signal_01.in
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_signal_01.in
@ -0,0 +1 @@
+type=AVC msg=audit(1409438250.564:201): apparmor="DENIED" operation="signal" profile="/usr/bin/pulseaudio" pid=2531 comm="pulseaudio" requested_mask="send" denied_mask="send" signal=term peer="/usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper"
--- a/libraries/libapparmor/testsuite/test_multi/testcase_signal_01.out
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_signal_01.out
@ -0,0 +1,14 @@
+START
+File: testcase_signal_01.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1409438250.564:201
+Operation: signal
+Mask: send
+Denied Mask: send
+Profile: /usr/bin/pulseaudio
+Peer: /usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper
+Command: pulseaudio
+PID: 2531
+Signal: term
+Epoch: 1409438250
+Audit subid: 201
--- a/libraries/libapparmor/testsuite/test_multi/testcase_signal_02.err
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_signal_02.err
--- a/libraries/libapparmor/testsuite/test_multi/testcase_signal_02.in
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_signal_02.in
@ -0,0 +1 @@
+type=AVC msg=audit(1409438250.564:201): apparmor="DENIED" operation="signal" profile="/usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper" pid=2531 comm="pulseaudio" requested_mask="receive" denied_mask="receive" signal=term peer="/usr/bin/pulseaudio"
--- a/libraries/libapparmor/testsuite/test_multi/testcase_signal_02.out
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_signal_02.out
@ -0,0 +1,14 @@
+START
+File: testcase_signal_02.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1409438250.564:201
+Operation: signal
+Mask: receive
+Denied Mask: receive
+Profile: /usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper
+Peer: /usr/bin/pulseaudio
+Command: pulseaudio
+PID: 2531
+Signal: term
+Epoch: 1409438250
+Audit subid: 201
				`@ -0,0 +1 @@`
				`type=AVC msg=audit(1409700683.304:547661): apparmor="DENIED" operation="ptrace" profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace" pid=22465 comm="ptrace" requested_mask="tracedby" denied_mask="tracedby" peer="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace"`
				`@ -0,0 +1 @@`
				`type=AVC msg=audit(1409438250.564:201): apparmor="DENIED" operation="signal" profile="/usr/bin/pulseaudio" pid=2531 comm="pulseaudio" requested_mask="send" denied_mask="send" signal=term peer="/usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper"`