[apparmor] [patch] logparser.py: merge path handling in add_event_to_tree()
Seth Arnold
seth.arnold at canonical.com
Wed Apr 1 02:46:42 UTC 2015
On Sun, Mar 29, 2015 at 09:26:06PM +0200, Christian Boltz wrote:
> Hello,
>
> this patch merges path handling for 'inode_*' in add_event_to_tree()
> with the handling for other path events.
>
> The code is slightly more strict now - 'inode_' in e['operation'] is
> replaced with e['operation'].startswith('inode_').
>
> This patch is a cleanup and also a preparation to fix
> https://bugs.launchpad.net/apparmor/+bug/1426651 and
> https://bugs.launchpad.net/apparmor/+bug/1243932
>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Acked for both 2.9 and trunk.
Thanks
>
> [ 29-logparser-add_event_to_tree-merge-path-handling.diff ]
>
> === modified file utils/apparmor/logparser.py
> --- utils/apparmor/logparser.py 2015-03-29 19:29:39.505196683 +0200
> +++ utils/apparmor/logparser.py 2015-03-29 21:12:02.717051299 +0200
> @@ -263,17 +270,11 @@
> else:
> self.debug_logger.debug('add_event_to_tree: dropped exec event in %s' % e['profile'])
>
> - elif ( e['operation'].startswith('file_') or
> + elif ( e['operation'].startswith('file_') or e['operation'].startswith('inode_') or
> e['operation'] in ['open', 'truncate', 'mkdir', 'mknod', 'chmod', 'rename_src',
> 'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link',
> 'sysctl', 'getattr', 'setattr', 'xattr'] ):
> #print(e['operation'], e['name'])
> - self.add_to_tree(e['pid'], e['parent'], 'path',
> - [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
> - elif e['operation'] == 'capable':
> - self.add_to_tree(e['pid'], e['parent'], 'capability',
> - [profile, hat, prog, aamode, e['name'], ''])
> - elif 'inode_' in e['operation']:
> is_domain_change = False
> if e['operation'] == 'inode_permission' and (e['denied_mask'] & AA_MAY_EXEC) and aamode == 'PERMITTING':
> following = self.peek_at_next_log_entry()
> @@ -290,6 +291,10 @@
> self.add_to_tree(e['pid'], e['parent'], 'path',
> [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
>
> + elif e['operation'] == 'capable':
> + self.add_to_tree(e['pid'], e['parent'], 'capability',
> + [profile, hat, prog, aamode, e['name'], ''])
> +
> elif e['operation'] == 'clone':
> parent, child = e['pid'], e['task']
> if not parent:
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150331/37359d8f/attachment.pgp>
More information about the AppArmor
mailing list