[apparmor] [patch 3/3] libaalogparse: support missing mount keywords

Steve Beattie steve at nxnw.org
Wed Sep 3 07:40:23 UTC 2014 

This patch adds support for the mount and pivotroot related keywords,
fstype, flags, and srcname.

Signed-off-by: Steve Beattie <steve at nxnw.org>
---
 libraries/libapparmor/include/aalogparse.h                           |    5 +++
 libraries/libapparmor/src/grammar.y                                  |   11 ++++++
 libraries/libapparmor/src/libaalogparse.c                            |    6 +++
 libraries/libapparmor/src/scanner.l                                  |    6 +++
 libraries/libapparmor/testsuite/test_multi.c                         |    4 ++
 libraries/libapparmor/testsuite/test_multi/testcase_mount_01.in      |    1 
 libraries/libapparmor/testsuite/test_multi/testcase_mount_01.out     |   16 ++++++++++
 libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.in  |    1 
 libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.out |   12 +++++++
 9 files changed, 62 insertions(+)

Index: b/libraries/libapparmor/testsuite/test_multi/testcase_mount_01.in
===================================================================
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mount_01.in
@@ -0,0 +1 @@
+type=AVC msg=audit(1409700640.016:547457): apparmor="DENIED" operation="mount" info="failed mntpnt match" error=-13 profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/mount" name="/tmp/sdtest.19033-29001-MPfz98/mountpoint/" pid=19085 comm="mount" fstype="ext2" srcname="/dev/loop0/" flags="rw, mand"
Index: b/libraries/libapparmor/include/aalogparse.h
===================================================================
--- a/libraries/libapparmor/include/aalogparse.h
+++ b/libraries/libapparmor/include/aalogparse.h
@@ -154,6 +154,11 @@ typedef struct
 	char *dbus_member;
 	char *signal;			/* signal name */
 	char *peer;
+
+	/* mount et al specific bits */
+	char *fs_type;
+	char *flags;
+	char *src_name;
 } aa_log_record;
 
 /**
Index: b/libraries/libapparmor/src/grammar.y
===================================================================
--- a/libraries/libapparmor/src/grammar.y
+++ b/libraries/libapparmor/src/grammar.y
@@ -159,6 +159,9 @@ aa_record_event_type lookup_aa_event(uns
 %token TOK_KEY_INTERFACE
 %token TOK_KEY_MEMBER
 %token TOK_KEY_SIGNAL
+%token TOK_KEY_FSTYPE
+%token TOK_KEY_FLAGS
+%token TOK_KEY_SRCNAME
 
 %token TOK_SYSLOG_KERNEL
 %token TOK_SYSLOG_USER
@@ -354,6 +357,14 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QU
 	{ ret_record->dbus_member = $3; }
 	| TOK_KEY_SIGNAL TOK_EQUALS TOK_ID
 	{ ret_record->signal = $3; }
+
+	| TOK_KEY_FSTYPE TOK_EQUALS TOK_QUOTED_STRING
+	{ ret_record->fs_type = $3; }
+	| TOK_KEY_FLAGS TOK_EQUALS TOK_QUOTED_STRING
+	{ ret_record->flags = $3; }
+	| TOK_KEY_SRCNAME TOK_EQUALS TOK_QUOTED_STRING
+	{ ret_record->src_name = $3; }
+
 	| TOK_MSG_REST
 	{
 		ret_record->event = AA_RECORD_INVALID;
Index: b/libraries/libapparmor/src/scanner.l
===================================================================
--- a/libraries/libapparmor/src/scanner.l
+++ b/libraries/libapparmor/src/scanner.l
@@ -161,6 +161,9 @@ key_interface		"interface"
 key_member		"member"
 key_signal		"signal"
 key_peer		"peer"
+key_fstype		"fstype"
+key_flags		"flags"
+key_srcname		"srcname"
 audit			"audit"
 
 /* network addrs */
@@ -340,6 +343,9 @@ yy_flex_debug = 0;
 {key_member}		{ return(TOK_KEY_MEMBER); }
 {key_signal}		{ BEGIN(sub_id); return(TOK_KEY_SIGNAL); }
 {key_peer}		{ BEGIN(safe_string); return(TOK_KEY_PEER); }
+{key_fstype}		{ return(TOK_KEY_FSTYPE); }
+{key_flags}		{ BEGIN(safe_string); return(TOK_KEY_FLAGS); }
+{key_srcname}		{ BEGIN(safe_string); return(TOK_KEY_SRCNAME); }
 
 {syslog_kernel}		{ BEGIN(dmesg_timestamp); return(TOK_SYSLOG_KERNEL); }
 {syslog_user}		{ return(TOK_SYSLOG_USER); }
Index: b/libraries/libapparmor/testsuite/test_multi.c
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi.c
+++ b/libraries/libapparmor/testsuite/test_multi.c
@@ -129,6 +129,10 @@ int print_results(aa_log_record *record)
 
 		print_string("Signal", record->signal);
 
+		print_string("FS Type", record->fs_type);
+		print_string("Flags", record->flags);
+		print_string("Src name", record->src_name);
+
 		print_long("Epoch", record->epoch, 0);
 		print_long("Audit subid", (long) record->audit_sub_id, 0);
 	return(0);
Index: b/libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.in
===================================================================
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.in
@@ -0,0 +1 @@
+type=AVC msg=audit(1409700678.384:547594): apparmor="DENIED" operation="pivotroot" profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/pivot_root" name="/tmp/sdtest.21082-7446-EeefO6/new_root/" pid=21162 comm="pivot_root" srcname="/tmp/sdtest.21082-7446-EeefO6/new_root/put_old/"
Index: b/libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.out
===================================================================
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_pivotroot_01.out
@@ -0,0 +1,12 @@
+START
+File: testcase_pivotroot_01.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1409700678.384:547594
+Operation: pivotroot
+Profile: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/pivot_root
+Name: /tmp/sdtest.21082-7446-EeefO6/new_root/
+Command: pivot_root
+PID: 21162
+Src name: /tmp/sdtest.21082-7446-EeefO6/new_root/put_old/
+Epoch: 1409700678
+Audit subid: 547594
Index: b/libraries/libapparmor/src/libaalogparse.c
===================================================================
--- a/libraries/libapparmor/src/libaalogparse.c
+++ b/libraries/libapparmor/src/libaalogparse.c
@@ -97,6 +97,12 @@ void free_record(aa_log_record *record)
 			free(record->dbus_member);
 		if (record->signal != NULL)
 			free(record->signal );
+		if (record->fs_type != NULL)
+			free(record->fs_type);
+		if (record->flags != NULL)
+			free(record->flags);
+		if (record->src_name != NULL)
+			free(record->src_name);
 
 		free(record);
 	}
Index: b/libraries/libapparmor/testsuite/test_multi/testcase_mount_01.out
===================================================================
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mount_01.out
@@ -0,0 +1,16 @@
+START
+File: testcase_mount_01.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1409700640.016:547457
+Operation: mount
+Profile: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/mount
+Name: /tmp/sdtest.19033-29001-MPfz98/mountpoint/
+Command: mount
+Info: failed mntpnt match
+ErrorCode: 13
+PID: 19085
+FS Type: ext2
+Flags: rw, mand
+Src name: /dev/loop0/
+Epoch: 1409700640
+Audit subid: 547457

More information about the AppArmor mailing list