Merge from trunk rev 1475: fixSubDomain.pm to take truncate, rename_src,

rename_dest, and mkdir operations into account, as well as add
logparsing library testcases for those operations.

Bug: https://bugs.launchpad.net/apparmor/+bug/623467
Nominated-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>

libraries/libapparmor/testsuite/test_multi/testcase_syslog_mkdir.in

@@ -0,0 +1 @@
+Aug 24 10:34:43 lucid-amd64 kernel: [45334.755142] type=1503 audit(1282671283.411:2199):  operation="mkdir" pid=4786 parent=4708 profile="/usr/sbin/sshd//ubuntu" requested_mask="c::" denied_mask="c::" fsuid=1000 ouid=1000 name="/tmp/ssh-gRozJw4786/"

libraries/libapparmor/testsuite/test_multi/testcase_syslog_mkdir.out

@@ -0,0 +1,15 @@
+START
+File: test_multi/testcase_syslog_mkdir.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1282671283.411:2199
+Operation: mkdir
+Mask: c::
+Denied Mask: c::
+fsuid: 1000
+ouid: 1000
+Profile: /usr/sbin/sshd//ubuntu
+Name: /tmp/ssh-gRozJw4786/
+Parent: 4708
+PID: 4786
+Epoch: 1282671283
+Audit subid: 2199

libraries/libapparmor/testsuite/test_multi/testcase_syslog_rename_dest.in

@@ -0,0 +1 @@
+Aug 23 17:29:52 alyosha kernel: [  878.663418] type=1502 audit(1282626827.320:413): operation="rename_dest" pid=1881 parent=650 profile="/usr/sbin/sshd" requested_mask="wc::" denied_mask="wc::" fsuid=0 ouid=0 name="/var/run/motd"

libraries/libapparmor/testsuite/test_multi/testcase_syslog_rename_dest.out

@@ -0,0 +1,15 @@
+START
+File: test_multi/testcase_syslog_rename_dest.in
+Event type: AA_RECORD_ALLOWED
+Audit ID: 1282626827.320:413
+Operation: rename_dest
+Mask: wc::
+Denied Mask: wc::
+fsuid: 0
+ouid: 0
+Profile: /usr/sbin/sshd
+Name: /var/run/motd
+Parent: 650
+PID: 1881
+Epoch: 1282626827
+Audit subid: 413

libraries/libapparmor/testsuite/test_multi/testcase_syslog_rename_src.in

@@ -0,0 +1 @@
+Aug 23 17:29:48 my_host kernel: [  878.663410] type=1502 audit(1282626827.320:412): operation="rename_src" pid=1881 parent=650 profile="/usr/sbin/sshd" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/var/run/motd.new"

libraries/libapparmor/testsuite/test_multi/testcase_syslog_rename_src.out

@@ -0,0 +1,15 @@
+START
+File: test_multi/testcase_syslog_rename_src.in
+Event type: AA_RECORD_ALLOWED
+Audit ID: 1282626827.320:412
+Operation: rename_src
+Mask: r::
+Denied Mask: r::
+fsuid: 0
+ouid: 0
+Profile: /usr/sbin/sshd
+Name: /var/run/motd.new
+Parent: 650
+PID: 1881
+Epoch: 1282626827
+Audit subid: 412

libraries/libapparmor/testsuite/test_multi/testcase_syslog_truncate.in

@@ -0,0 +1 @@
+Aug 23 17:29:45 hostname kernel: [  878.662172] type=1503 audit(1282626827.320:411): operation="truncate" pid=1957 parent=1 profile="/etc/update-motd.d/91-release-upgrade" requested_mask="w::" denied_mask="w::" fsuid=0 ouid=0 name="/var/lib/update-notifier/release-upgrade-available"

libraries/libapparmor/testsuite/test_multi/testcase_syslog_truncate.out

@@ -0,0 +1,15 @@
+START
+File: test_multi/testcase_syslog_truncate.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1282626827.320:411
+Operation: truncate
+Mask: w::
+Denied Mask: w::
+fsuid: 0
+ouid: 0
+Profile: /etc/update-motd.d/91-release-upgrade
+Name: /var/lib/update-notifier/release-upgrade-available
+Parent: 1
+PID: 1957
+Epoch: 1282626827
+Audit subid: 411

utils/SubDomain.pm

@@ -2798,7 +2798,11 @@ sub add_event_to_tree ($) {
                      $e->{name},
 		     "",
                    );
-    } elsif ($e->{operation} eq "open") {
+    } elsif ($e->{operation} eq "open" ||
+             $e->{operation} eq "truncate" ||
+             $e->{operation} eq "mkdir" ||
+             $e->{operation} eq "rename_src" ||
+             $e->{operation} eq "rename_dest") {
         add_to_tree( $e->{pid},
 		     $e->{parent},
                      "path",