[apparmor] [PATCH 05/20] add ability to parser dmesg output as a log file

John Johansen john.johansen at canonical.com
Fri May 29 08:39:11 UTC 2015 

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 libraries/libapparmor/src/grammar.y                     |  5 +++++
 libraries/libapparmor/src/scanner.l                     |  1 +
 .../testsuite/test_multi/testcase_dmesg_capability.err  |  0
 .../testsuite/test_multi/testcase_dmesg_capability.in   |  1 +
 .../testsuite/test_multi/testcase_dmesg_capability.out  | 12 ++++++++++++
 .../testcase_dmesg_changehat_negative_error.err         |  0
 .../testcase_dmesg_changehat_negative_error.in          |  1 +
 .../testcase_dmesg_changehat_negative_error.out         | 11 +++++++++++
 .../test_multi/testcase_dmesg_changeprofile_01.err      |  0
 .../test_multi/testcase_dmesg_changeprofile_01.in       |  1 +
 .../test_multi/testcase_dmesg_changeprofile_01.out      | 11 +++++++++++
 .../testsuite/test_multi/testcase_dmesg_link_01.err     |  0
 .../testsuite/test_multi/testcase_dmesg_link_01.in      |  1 +
 .../testsuite/test_multi/testcase_dmesg_link_01.out     | 17 +++++++++++++++++
 .../testsuite/test_multi/testcase_dmesg_mkdir.err       |  0
 .../testsuite/test_multi/testcase_dmesg_mkdir.in        |  1 +
 .../testsuite/test_multi/testcase_dmesg_mkdir.out       | 15 +++++++++++++++
 .../testsuite/test_multi/testcase_dmesg_rename_dest.err |  0
 .../testsuite/test_multi/testcase_dmesg_rename_dest.in  |  1 +
 .../testsuite/test_multi/testcase_dmesg_rename_dest.out | 15 +++++++++++++++
 .../testsuite/test_multi/testcase_dmesg_rename_src.err  |  0
 .../testsuite/test_multi/testcase_dmesg_rename_src.in   |  1 +
 .../testsuite/test_multi/testcase_dmesg_rename_src.out  | 15 +++++++++++++++
 .../test_multi/testcase_dmesg_status_offset.err         |  0
 .../test_multi/testcase_dmesg_status_offset.in          |  1 +
 .../test_multi/testcase_dmesg_status_offset.out         | 11 +++++++++++
 .../testsuite/test_multi/testcase_dmesg_truncate.err    |  0
 .../testsuite/test_multi/testcase_dmesg_truncate.in     |  1 +
 .../testsuite/test_multi/testcase_dmesg_truncate.out    | 15 +++++++++++++++
 29 files changed, 137 insertions(+)
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.err
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.in
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.out
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.err
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.in
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.out
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.err
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.in
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.out
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.err
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.in
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.out
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.err
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.in
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.out
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.err
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.in
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.out
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.err
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.in
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.out
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.err
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.in
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.out
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.err
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.in
 create mode 100644 libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.out

diff --git a/libraries/libapparmor/src/grammar.y b/libraries/libapparmor/src/grammar.y
index 56d4328..108e54d 100644
--- a/libraries/libapparmor/src/grammar.y
+++ b/libraries/libapparmor/src/grammar.y
@@ -169,6 +169,7 @@ aa_record_event_type lookup_aa_event(unsigned int type)
 %%
 
 log_message: audit_type
+	| dmesg_type
 	| syslog_type
 	| audit_dispatch
 	;
@@ -199,6 +200,10 @@ other_audit: TOK_TYPE_OTHER audit_msg TOK_MSG_REST
 	}
 	;
 
+dmesg_type: TOK_DMESG_STAMP TOK_AUDIT TOK_COLON key_type audit_id key_list
+	{ ret_record->version = AA_RECORD_SYNTAX_V2; }
+	;
+
 syslog_type:
 	  syslog_date TOK_ID TOK_SYSLOG_KERNEL audit_id key_list
 	  { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); }
diff --git a/libraries/libapparmor/src/scanner.l b/libraries/libapparmor/src/scanner.l
index b5b1794..c78f198 100644
--- a/libraries/libapparmor/src/scanner.l
+++ b/libraries/libapparmor/src/scanner.l
@@ -355,6 +355,7 @@ yy_flex_debug = 0;
 {syslog_time}		{ yylval->t_str = strdup(yytext); BEGIN(hostname); return(TOK_TIME); }
 
 {audit}			{ yy_push_state(audit_id, yyscanner); return(TOK_AUDIT); }
+{dmesg_timestamp}	{ yylval->t_str = strdup(yytext); return(TOK_DMESG_STAMP); }
 
 .			{ /* ignore any non-matched input */ BEGIN(unknown_message); yyless(0); }
 
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.err b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.err
new file mode 100644
index 0000000..e69de29
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.in b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.in
new file mode 100644
index 0000000..7cd948d
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.in
@@ -0,0 +1 @@
+[ 1612.746129] audit: type=1400 audit(1284061910.975:672): apparmor="DENIED" operation="capable" parent=2663 profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/syscall_setpriority" pid=7292 comm="syscall_setprio" capability=23  capname="sys_nice"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.out b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.out
new file mode 100644
index 0000000..612308c
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.out
@@ -0,0 +1,12 @@
+START
+File: testcase_dmesg_capability.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1284061910.975:672
+Operation: capable
+Profile: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/syscall_setpriority
+Name: sys_nice
+Command: syscall_setprio
+Parent: 2663
+PID: 7292
+Epoch: 1284061910
+Audit subid: 672
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.err b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.err
new file mode 100644
index 0000000..e69de29
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.in b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.in
new file mode 100644
index 0000000..5927788
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.in
@@ -0,0 +1 @@
+[ 1597.774866] audit: type=1400 audit(1284061896.005:28): apparmor="DENIED" operation="change_hat" info="unconfined" error=-1 pid=2698 comm="syscall_ptrace"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.out b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.out
new file mode 100644
index 0000000..64cd625
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.out
@@ -0,0 +1,11 @@
+START
+File: testcase_dmesg_changehat_negative_error.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1284061896.005:28
+Operation: change_hat
+Command: syscall_ptrace
+Info: unconfined
+ErrorCode: 1
+PID: 2698
+Epoch: 1284061896
+Audit subid: 28
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.err b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.err
new file mode 100644
index 0000000..e69de29
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.in b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.in
new file mode 100644
index 0000000..089d756
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.in
@@ -0,0 +1 @@
+[   97.492562] audit: type=1400 audit(1431116353.523:77): apparmor="DENIED" operation="change_profile" profile="/tests/regression/apparmor/changeprofile" pid=3459 comm="changeprofile" target="/tests/regression/apparmor/rename"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.out b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.out
new file mode 100644
index 0000000..32ebb3c
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.out
@@ -0,0 +1,11 @@
+START
+File: testcase_dmesg_changeprofile_01.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1431116353.523:77
+Operation: change_profile
+Profile: /tests/regression/apparmor/changeprofile
+Command: changeprofile
+Name2: /tests/regression/apparmor/rename
+PID: 3459
+Epoch: 1431116353
+Audit subid: 77
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.err b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.err
new file mode 100644
index 0000000..e69de29
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.in b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.in
new file mode 100644
index 0000000..fba0c31
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.in
@@ -0,0 +1 @@
+[ 2010.738449] audit: type=1400 audit(1284062308.965:276251): apparmor="DENIED" operation="link" parent=19088 profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/link" name="/tmp/sdtest.19088-12382-HWH57d/linkfile" pid=19142 comm="link" requested_mask="l" denied_mask="l" fsuid=0 ouid=0 target="/tmp/sdtest.19088-12382-HWH57d/target"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.out b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.out
new file mode 100644
index 0000000..c1b335b
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.out
@@ -0,0 +1,17 @@
+START
+File: testcase_dmesg_link_01.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1284062308.965:276251
+Operation: link
+Mask: l
+Denied Mask: l
+fsuid: 0
+ouid: 0
+Profile: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/link
+Name: /tmp/sdtest.19088-12382-HWH57d/linkfile
+Command: link
+Name2: /tmp/sdtest.19088-12382-HWH57d/target
+Parent: 19088
+PID: 19142
+Epoch: 1284062308
+Audit subid: 276251
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.err b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.err
new file mode 100644
index 0000000..e69de29
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.in b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.in
new file mode 100644
index 0000000..aa0bf19
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.in
@@ -0,0 +1 @@
+[45334.755142] audit: type=1503 audit(1282671283.411:2199):  operation="mkdir" pid=4786 parent=4708 profile="/usr/sbin/sshd//ubuntu" requested_mask="c::" denied_mask="c::" fsuid=1000 ouid=1000 name="/tmp/ssh-gRozJw4786/"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.out b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.out
new file mode 100644
index 0000000..4e362d8
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.out
@@ -0,0 +1,15 @@
+START
+File: testcase_dmesg_mkdir.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1282671283.411:2199
+Operation: mkdir
+Mask: c::
+Denied Mask: c::
+fsuid: 1000
+ouid: 1000
+Profile: /usr/sbin/sshd//ubuntu
+Name: /tmp/ssh-gRozJw4786/
+Parent: 4708
+PID: 4786
+Epoch: 1282671283
+Audit subid: 2199
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.err b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.err
new file mode 100644
index 0000000..e69de29
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.in b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.in
new file mode 100644
index 0000000..2c5d6c8
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.in
@@ -0,0 +1 @@
+[  878.663418] audit: type=1502 audit(1282626827.320:413): operation="rename_dest" pid=1881 parent=650 profile="/usr/sbin/sshd" requested_mask="wc::" denied_mask="wc::" fsuid=0 ouid=0 name="/var/run/motd"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.out b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.out
new file mode 100644
index 0000000..9036423
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.out
@@ -0,0 +1,15 @@
+START
+File: testcase_dmesg_rename_dest.in
+Event type: AA_RECORD_ALLOWED
+Audit ID: 1282626827.320:413
+Operation: rename_dest
+Mask: wc::
+Denied Mask: wc::
+fsuid: 0
+ouid: 0
+Profile: /usr/sbin/sshd
+Name: /var/run/motd
+Parent: 650
+PID: 1881
+Epoch: 1282626827
+Audit subid: 413
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.err b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.err
new file mode 100644
index 0000000..e69de29
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.in b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.in
new file mode 100644
index 0000000..135531b
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.in
@@ -0,0 +1 @@
+[  878.663410] audit: type=1502 audit(1282626827.320:412): operation="rename_src" pid=1881 parent=650 profile="/usr/sbin/sshd" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/var/run/motd.new"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.out b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.out
new file mode 100644
index 0000000..6c89300
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.out
@@ -0,0 +1,15 @@
+START
+File: testcase_dmesg_rename_src.in
+Event type: AA_RECORD_ALLOWED
+Audit ID: 1282626827.320:412
+Operation: rename_src
+Mask: r::
+Denied Mask: r::
+fsuid: 0
+ouid: 0
+Profile: /usr/sbin/sshd
+Name: /var/run/motd.new
+Parent: 650
+PID: 1881
+Epoch: 1282626827
+Audit subid: 412
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.err b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.err
new file mode 100644
index 0000000..e69de29
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.in b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.in
new file mode 100644
index 0000000..5b4dd12
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.in
@@ -0,0 +1 @@
+[ 2143.902340] audit: type=1400 audit(1283989336.064:272335): apparmor="STATUS" info="failed to unpack profile" error=-71 pid=4958 comm="apparmor_parser" name="/home/jj/master/tests/regression/apparmor/net_raw" offset=159
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.out b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.out
new file mode 100644
index 0000000..b12d58c
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.out
@@ -0,0 +1,11 @@
+START
+File: testcase_dmesg_status_offset.in
+Event type: AA_RECORD_STATUS
+Audit ID: 1283989336.064:272335
+Name: /home/jj/master/tests/regression/apparmor/net_raw
+Command: apparmor_parser
+Info: failed to unpack profile
+ErrorCode: 71
+PID: 4958
+Epoch: 1283989336
+Audit subid: 272335
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.err b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.err
new file mode 100644
index 0000000..e69de29
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.in b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.in
new file mode 100644
index 0000000..86b2770
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.in
@@ -0,0 +1 @@
+[  878.662172] audit: type=1503 audit(1282626827.320:411): operation="truncate" pid=1957 parent=1 profile="/etc/update-motd.d/91-release-upgrade" requested_mask="w::" denied_mask="w::" fsuid=0 ouid=0 name="/var/lib/update-notifier/release-upgrade-available"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.out b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.out
new file mode 100644
index 0000000..fbc1bb4
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.out
@@ -0,0 +1,15 @@
+START
+File: testcase_dmesg_truncate.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1282626827.320:411
+Operation: truncate
+Mask: w::
+Denied Mask: w::
+fsuid: 0
+ouid: 0
+Profile: /etc/update-motd.d/91-release-upgrade
+Name: /var/lib/update-notifier/release-upgrade-available
+Parent: 1
+PID: 1957
+Epoch: 1282626827
+Audit subid: 411
-- 
2.1.4

More information about the AppArmor mailing list