libapparmor: add scanner support for dbus method

Add support to parse "method" the same way as "member" on D-Bus audit logs. Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2025-03-04 00:14:44 +01:00 · 2022-12-15 14:57:04 -03:00 · 2022-12-15 14:57:04 -03:00 · f91be85361
commit f91be85361
parent 6f84aa2092
5 changed files with 22 additions and 0 deletions
--- a/libraries/libapparmor/src/scanner.l
+++ b/libraries/libapparmor/src/scanner.l
@ -165,6 +165,7 @@ key_dest		"dest"
 key_path		"path"
 key_interface		"interface"
 key_member		"member"
+key_method		"method"
 key_signal		"signal"
 key_peer		"peer"
 key_fstype		"fstype"
@ -355,6 +356,7 @@ yy_flex_debug = 0;
 {key_path}		{ return(TOK_KEY_PATH); }
 {key_interface}		{ return(TOK_KEY_INTERFACE); }
 {key_member}		{ return(TOK_KEY_MEMBER); }
+{key_method}		{ return(TOK_KEY_MEMBER); }
 {key_signal}		{ BEGIN(sub_id); return(TOK_KEY_SIGNAL); }
 {key_peer}		{ BEGIN(safe_string); return(TOK_KEY_PEER); }
 {key_fstype}		{ return(TOK_KEY_FSTYPE); }
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.err
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.err
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.in
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.in
@ -0,0 +1 @@
+Dec 15 17:32:17 kinetic kernel: [4835959.046111] audit: type=1107 audit(1671125537.724:209): pid=7308 uid=0 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" method="Hello" mask="send" label="/tmp/apparmor/tests/regression/apparmor/dbus_message" peer_label="unconfined" exe="/usr/local/bin/dbus-broker" sauid=0 hostname=? addr=? terminal=?'
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.out
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.out
@ -0,0 +1,15 @@
+START
+File: testcase_dbus_11.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1671125537.724:209
+Operation: dbus_method_call
+Denied Mask: send
+Profile: /tmp/apparmor/tests/regression/apparmor/dbus_message
+Peer profile: unconfined
+Command: /usr/local/bin/dbus-broker
+DBus bus: session
+DBus path: /org/freedesktop/DBus
+DBus interface: org.freedesktop.DBus
+DBus member: Hello
+Epoch: 1671125537
+Audit subid: 209
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.profile
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.profile
@ -0,0 +1,4 @@
+/tmp/apparmor/tests/regression/apparmor/dbus_message {
+  dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=Hello peer=(label=unconfined),
+
+}
				`@ -0,0 +1 @@`
				`Dec 15 17:32:17 kinetic kernel: [4835959.046111] audit: type=1107 audit(1671125537.724:209): pid=7308 uid=0 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" method="Hello" mask="send" label="/tmp/apparmor/tests/regression/apparmor/dbus_message" peer_label="unconfined" exe="/usr/local/bin/dbus-broker" sauid=0 hostname=? addr=? terminal=?'`