[apparmor] [patch] logparser.py: merge path handling in add_event_to_tree()

Seth Arnold seth.arnold at canonical.com
Wed Apr 1 02:46:42 UTC 2015


On Sun, Mar 29, 2015 at 09:26:06PM +0200, Christian Boltz wrote:
> Hello,
> 
> this patch merges path handling for 'inode_*' in add_event_to_tree() 
> with the handling for other path events.
> 
> The code is slightly more strict now - 'inode_' in e['operation'] is
> replaced with e['operation'].startswith('inode_').
> 
> This patch is a cleanup and also a preparation to fix
> https://bugs.launchpad.net/apparmor/+bug/1426651 and
> https://bugs.launchpad.net/apparmor/+bug/1243932
> 

Acked-by: Seth Arnold <seth.arnold at canonical.com>
Acked for both 2.9 and trunk.

Thanks

> 
> [ 29-logparser-add_event_to_tree-merge-path-handling.diff ]
> 
> === modified file utils/apparmor/logparser.py
> --- utils/apparmor/logparser.py 2015-03-29 19:29:39.505196683 +0200
> +++ utils/apparmor/logparser.py 2015-03-29 21:12:02.717051299 +0200
> @@ -263,17 +270,11 @@
>              else:
>                  self.debug_logger.debug('add_event_to_tree: dropped exec event in %s' % e['profile'])
>  
> -        elif ( e['operation'].startswith('file_') or
> +        elif ( e['operation'].startswith('file_') or e['operation'].startswith('inode_') or
>              e['operation'] in ['open', 'truncate', 'mkdir', 'mknod', 'chmod', 'rename_src',
>                                  'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link',
>                                  'sysctl', 'getattr', 'setattr', 'xattr'] ):
>              #print(e['operation'], e['name'])
> -            self.add_to_tree(e['pid'], e['parent'], 'path',
> -                             [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
> -        elif e['operation'] == 'capable':
> -            self.add_to_tree(e['pid'], e['parent'], 'capability',
> -                             [profile, hat, prog, aamode, e['name'], ''])
> -        elif 'inode_' in e['operation']:
>              is_domain_change = False
>              if e['operation'] == 'inode_permission' and (e['denied_mask'] & AA_MAY_EXEC) and aamode == 'PERMITTING':
>                  following = self.peek_at_next_log_entry()
> @@ -290,6 +291,10 @@
>                  self.add_to_tree(e['pid'], e['parent'], 'path',
>                                   [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
>  
> +        elif e['operation'] == 'capable':
> +            self.add_to_tree(e['pid'], e['parent'], 'capability',
> +                             [profile, hat, prog, aamode, e['name'], ''])
> +
>          elif e['operation'] == 'clone':
>              parent, child = e['pid'], e['task']
>              if not parent:
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150331/37359d8f/attachment.pgp>


More information about the AppArmor mailing list