Handling stdin was totally broken (= no output) with the current log
format because aa-decode expected name= to be the last entry in the
log line.
This patch for stdin handling
- fixes the pattern to match the current log format (name= is NOT the
last part in the log entry)
- uses bash replacement to avoid some sed calls (which also means the
script now needs an explicit "#!/bin/bash")
- prints decoded filenames in double instead of single quotes to be
consistent with filenames that were not encoded
- also prints lines that do not contain an encoded filename (instead of
grepping them away)
- replace tr calls by perl's uc() (also for non-stdin mode)
- also handle encoded profile names (introduced by Steve)
- don't fail if a file or profile name contains a '
In other words: you can pipe your audit.log through aa-decode, and the
only difference to the raw audit.log is that filenames are decoded.
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
For now just look at 'name=...' which is usually the last in the log entry,
so validate input against this and output based on it.
TODO: better handle other cases too
