mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
This patch modifies the logparsing portion of libapparmor to reverse map
ip protocol numbers to their names (e.g. 6 -> "tcp").
This commit is contained in:
John Johansen
parent
932df992e1
commit
a0cafba8c5
9 changed files with 63 additions and 7 deletions
|
|
@ -4,6 +4,7 @@ AM_INIT_AUTOMAKE(libapparmor1, 2.2)
|
|||
|
||||
AM_PROG_LEX
|
||||
AC_PROG_YACC
|
||||
AC_PROG_SED
|
||||
|
||||
AC_PATH_PROG([SWIG], [swig])
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
INCLUDES = $(all_includes)
|
||||
|
||||
BUILT_SOURCES = grammar.h scanner.h
|
||||
BUILT_SOURCES = grammar.h scanner.h af_protos.h
|
||||
AM_LFLAGS = -v
|
||||
AM_YFLAGS = -d -p aalogparse_
|
||||
AM_CFLAGS = @CFLAGS@ -D_GNU_SOURCE -Wall
|
||||
|
|
@ -9,6 +9,9 @@ scanner.h: scanner.l
|
|||
|
||||
scanner.c: scanner.l
|
||||
|
||||
af_protos.h: /usr/include/netinet/in.h
|
||||
LC_ALL=C sed -n -e "/IPPROTO_MAX/d" -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" $< > $@
|
||||
|
||||
changehatdir = $(includedir)/sys
|
||||
changehat_HEADERS = apparmor.h
|
||||
|
||||
|
|
@ -16,7 +19,7 @@ aalogparsedir = $(includedir)/aalogparse
|
|||
aalogparse_HEADERS = aalogparse.h
|
||||
|
||||
lib_LTLIBRARIES = libapparmor.la libimmunix.la
|
||||
noinst_HEADERS = grammar.h parser.h scanner.h
|
||||
noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h
|
||||
|
||||
libapparmor_la_SOURCES = grammar.y libaalogparse.c change_hat.c scanner.c
|
||||
libapparmor_la_LDFLAGS = -version-info 1:2:0 -XCClinker -dynamic \
|
||||
|
|
|
|||
|
|
@ -410,10 +410,7 @@ safe_string: TOK_QUOTED_STRING
|
|||
protocol: TOK_QUOTED_STRING
|
||||
| TOK_DIGITS
|
||||
{ /* FIXME: this should probably convert back to a string proto name */
|
||||
char *ret = NULL;
|
||||
if (asprintf(&ret, "%ld", $1) < 0)
|
||||
yyerror(NULL, "Unable to allocate protocol string");
|
||||
$$ = ret;
|
||||
$$ = ipproto_to_string($1);
|
||||
}
|
||||
;
|
||||
%%
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@
|
|||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <netinet/in.h>
|
||||
#include "aalogparse.h"
|
||||
#include "parser.h"
|
||||
|
||||
|
|
@ -137,3 +138,36 @@ char *hex_to_string(char *hexstring)
|
|||
out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
struct ipproto_pairs {
|
||||
unsigned int protocol;
|
||||
char *protocol_name;
|
||||
};
|
||||
|
||||
#define AA_GEN_PROTO_ENT(name, IP) {name, IP},
|
||||
|
||||
static struct ipproto_pairs ipproto_mappings[] = {
|
||||
#include "af_protos.h"
|
||||
/* terminate */
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
/* convert an ip protocol number to a string */
|
||||
char *ipproto_to_string(unsigned int proto)
|
||||
{
|
||||
char *ret = NULL;
|
||||
struct ipproto_pairs *current = ipproto_mappings;
|
||||
|
||||
while (current->protocol != proto && current->protocol_name != NULL) {
|
||||
current++;
|
||||
}
|
||||
|
||||
if (current->protocol_name) {
|
||||
ret = strdup(current->protocol_name);
|
||||
} else {
|
||||
asprintf(&ret, "unknown(%u)", proto);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@
|
|||
extern void _init_log_record(aa_log_record *record);
|
||||
extern aa_log_record *_parse_yacc(char *str);
|
||||
extern char *hex_to_string(char *str);
|
||||
extern char *ipproto_to_string(unsigned int proto);
|
||||
|
||||
/* FIXME: this ought to be pulled from <linux/audit.h> but there's no
|
||||
* guarantee these will exist there. */
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ int main(void)
|
|||
int rc = 0;
|
||||
char *retstr = NULL;
|
||||
|
||||
/* hex_to_string() tests */
|
||||
retstr = hex_to_string(NULL);
|
||||
MY_TEST(!retstr, "basic NULL test");
|
||||
|
||||
|
|
@ -29,6 +30,12 @@ int main(void)
|
|||
retstr = hex_to_string("");
|
||||
MY_TEST(strcmp(retstr, "") == 0, "empty string");
|
||||
|
||||
/* ipproto_to_string() tests */
|
||||
retstr = ipproto_to_string((unsigned) 99999);
|
||||
MY_TEST(strcmp(retstr, "unknown(99999)") == 0, "invalid protocol test");
|
||||
|
||||
retstr = ipproto_to_string((unsigned) 6);
|
||||
MY_TEST(strcmp(retstr, "tcp") == 0, "protocol=tcp");
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,6 @@ Profile: /home/steve/aa-regression-tests/changehat_wrapper//net_raw
|
|||
PID: 16196
|
||||
Network family: packet
|
||||
Socket type: raw
|
||||
Protocol: 768
|
||||
Protocol: unknown(768)
|
||||
Epoch: 1190503205
|
||||
Audit subid: 27088
|
||||
|
|
|
|||
1
changehat/libapparmor/testsuite/test_multi/testcase33.in
Normal file
1
changehat/libapparmor/testsuite/test_multi/testcase33.in
Normal file
|
|
@ -0,0 +1 @@
|
|||
type=APPARMOR_DENIED msg=audit(1190503205.837:27088): type=1503 operation="socket_create" family="packet" sock_type="raw" protocol=6 pid=16196 profile="/home/steve/aa-regression-tests/changehat_wrapper//net_raw"
|
||||
12
changehat/libapparmor/testsuite/test_multi/testcase33.out
Normal file
12
changehat/libapparmor/testsuite/test_multi/testcase33.out
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
START
|
||||
File: test_multi/testcase33.in
|
||||
Event type: AA_RECORD_DENIED
|
||||
Audit ID: 1190503205.837:27088
|
||||
Operation: socket_create
|
||||
Profile: /home/steve/aa-regression-tests/changehat_wrapper//net_raw
|
||||
PID: 16196
|
||||
Network family: packet
|
||||
Socket type: raw
|
||||
Protocol: tcp
|
||||
Epoch: 1190503205
|
||||
Audit subid: 27088
|
||||
Loading…
Add table
Reference in a new issue