mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

parse_event_for_tree(): Move exec events to loghash

Browse source 
The 'hat' and 'prog' variables are no longer needed, drop them.

Also no longer include denied_mask in the event - operation='exec' means
an exec event, no need to additionally hand over 'x' permissions.

Note: This commit introduces a "brain split", which means exec handling
is temporarily broken. Later commits will fix this.
This commit is contained in:
Christian Boltz 2019-05-03 23:17:16 +02:00
parent 62adc8547c
commit 7297e2f6a8
Failed to generate hash of commit
1 changed files with 8 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
utils/apparmor/logparser.py
View file

@ -19,8 +19,6 @@ import time
import LibAppArmor import LibAppArmor
from apparmor.common import AppArmorException, AppArmorBug, hasher, open_file_read, DebugLogger from apparmor.common import AppArmorException, AppArmorBug, hasher, open_file_read, DebugLogger
from apparmor.aamode import log_str_to_mode
# setup module translations # setup module translations
from apparmor.translations import init_translation from apparmor.translations import init_translation
_ = init_translation() _ = init_translation()
@ -66,6 +64,7 @@ class ReadLog:
'capability': {}, # flat, no hasher needed 'capability': {}, # flat, no hasher needed
'change_hat': {}, # flat, no hasher needed 'change_hat': {}, # flat, no hasher needed
'dbus': hasher(), 'dbus': hasher(),
'exec': hasher(),
'network': hasher(), 'network': hasher(),
'path': hasher(), 'path': hasher(),
'ptrace': hasher(), 'ptrace': hasher(),
@ -204,32 +203,21 @@ class ReadLog:
e['profile'] = 'null-complain-profile' e['profile'] = 'null-complain-profile'
profile = e['profile'] profile = e['profile']
hat = None
if '//' in e['profile']: if '//' in e['profile']:
profile, hat = e['profile'].split('//')[:2] profile, hat = e['profile'].split('//')[:2]
if not hat:
hat = profile
# prog is no longer passed around consistently
prog = 'HINT'
if profile != 'null-complain-profile' and not self.profile_exists(profile): if profile != 'null-complain-profile' and not self.profile_exists(profile):
return None return None
if e['operation'] == 'exec': if e['operation'] == 'exec':
# convert rmask and dmask to mode arrays if not e['name']:
e['denied_mask'], e['name2'] = log_str_to_mode(e['profile'], e['denied_mask'], e['name2']) raise AppArmorException('exec without executed binary')
e['request_mask'], e['name2'] = log_str_to_mode(e['profile'], e['request_mask'], e['name2'])
if e.get('info', False) and e['info'] == 'mandatory profile missing': if not e['name2']:
return(e['pid'], e['parent'], 'exec', raise AppArmorException('exec without target profile')
[profile, hat, aamode, 'PERMITTING', e['denied_mask'], e['name'], e['name2']])
elif (e.get('name2', False) and '//null-' in e['name2']) or e.get('name', False): self.hashlog[aamode][full_profile]['exec'][e['name']][e['name2']] = True
return(e['pid'], e['parent'], 'exec', return None
[profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
else:
self.debug_logger.debug('parse_event_for_tree: dropped exec event in %s' % e['profile'])
elif self.op_type(e) == 'file': elif self.op_type(e) == 'file':
# Map c (create) and d (delete) to w (logging is more detailed than the profile language) # Map c (create) and d (delete) to w (logging is more detailed than the profile language)