[apparmor] [patch] logparser.py: merge path handling in add_event_to_tree()

Christian Boltz apparmor at cboltz.de
Sun Mar 29 19:26:06 UTC 2015 

Hello,

this patch merges path handling for 'inode_*' in add_event_to_tree() 
with the handling for other path events.

The code is slightly more strict now - 'inode_' in e['operation'] is
replaced with e['operation'].startswith('inode_').

This patch is a cleanup and also a preparation to fix
https://bugs.launchpad.net/apparmor/+bug/1426651 and
https://bugs.launchpad.net/apparmor/+bug/1243932


[ 29-logparser-add_event_to_tree-merge-path-handling.diff ]

=== modified file utils/apparmor/logparser.py
--- utils/apparmor/logparser.py 2015-03-29 19:29:39.505196683 +0200
+++ utils/apparmor/logparser.py 2015-03-29 21:12:02.717051299 +0200
@@ -263,17 +270,11 @@
             else:
                 self.debug_logger.debug('add_event_to_tree: dropped exec event in %s' % e['profile'])
 
-        elif ( e['operation'].startswith('file_') or
+        elif ( e['operation'].startswith('file_') or e['operation'].startswith('inode_') or
             e['operation'] in ['open', 'truncate', 'mkdir', 'mknod', 'chmod', 'rename_src',
                                 'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link',
                                 'sysctl', 'getattr', 'setattr', 'xattr'] ):
             #print(e['operation'], e['name'])
-            self.add_to_tree(e['pid'], e['parent'], 'path',
-                             [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
-        elif e['operation'] == 'capable':
-            self.add_to_tree(e['pid'], e['parent'], 'capability',
-                             [profile, hat, prog, aamode, e['name'], ''])
-        elif 'inode_' in e['operation']:
             is_domain_change = False
             if e['operation'] == 'inode_permission' and (e['denied_mask'] & AA_MAY_EXEC) and aamode == 'PERMITTING':
                 following = self.peek_at_next_log_entry()
@@ -290,6 +291,10 @@
                 self.add_to_tree(e['pid'], e['parent'], 'path',
                                  [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
 
+        elif e['operation'] == 'capable':
+            self.add_to_tree(e['pid'], e['parent'], 'capability',
+                             [profile, hat, prog, aamode, e['name'], ''])
+
         elif e['operation'] == 'clone':
             parent, child = e['pid'], e['task']
             if not parent:



Regards,

Christian Boltz
-- 
Man kann nicht Leuten helfen, die nicht verraten, was sie wollen.
Das ist so sexy wie zum Arzt zu gehen und nicht zu verraten, wo es
weh tut. [Peer Heinlein in mailman-de]

More information about the AppArmor mailing list