[apparmor] [patch] remove old log format code from libapparmor
John Johansen
john.johansen at canonical.com
Fri Jan 21 06:13:32 UTC 2011
On 01/20/2011 09:17 PM, Steve Beattie wrote:
> This patch removes the old log parsing code from libapparmor.
> The testcases that were in place for the old style log messages have
> had their expected output modified such that they are expected to
> return invalid results, rather than deleting the testcases outright.
>
I've only give it a quick once through read but it looks good, thanks
for doing this, now to just kill it in subdomain.pm as well
Acked-by: John Johansen <john.johansen at canonical.com>
> ---
> libraries/libapparmor/src/grammar.y | 208 ----------
> libraries/libapparmor/src/scanner.l | 98 ----
> libraries/libapparmor/testsuite/test_multi/old_style_log_01.out | 11
> libraries/libapparmor/testsuite/test_multi/old_style_log_02.out | 10
> libraries/libapparmor/testsuite/test_multi/old_style_log_03.out | 10
> libraries/libapparmor/testsuite/test_multi/old_style_log_04.out | 11
> libraries/libapparmor/testsuite/test_multi/old_style_log_05.out | 11
> libraries/libapparmor/testsuite/test_multi/old_style_log_06.out | 10
> libraries/libapparmor/testsuite/test_multi/old_style_log_07.out | 11
> libraries/libapparmor/testsuite/test_multi/old_style_log_08.out | 11
> libraries/libapparmor/testsuite/test_multi/old_style_log_09.out | 10
> libraries/libapparmor/testsuite/test_multi/old_style_log_10.out | 11
> libraries/libapparmor/testsuite/test_multi/old_style_log_11.out | 10
> libraries/libapparmor/testsuite/test_multi/old_style_log_12.out | 11
> libraries/libapparmor/testsuite/test_multi/old_style_log_13.out | 10
> libraries/libapparmor/testsuite/test_multi/old_style_log_14.out | 11
> libraries/libapparmor/testsuite/test_multi/old_style_log_15.out | 9
> libraries/libapparmor/testsuite/test_multi/old_style_log_16.out | 7
> libraries/libapparmor/testsuite/test_multi/old_style_log_17.out | 6
> libraries/libapparmor/testsuite/test_multi/old_style_log_18.out | 10
> 20 files changed, 65 insertions(+), 421 deletions(-)
>
> Index: b/libraries/libapparmor/src/grammar.y
> ===================================================================
> --- a/libraries/libapparmor/src/grammar.y
> +++ b/libraries/libapparmor/src/grammar.y
> @@ -79,10 +79,10 @@ aa_record_event_type lookup_aa_event(uns
> long t_long;
> }
>
> -%type <t_str> old_profile safe_string protocol
> +%type <t_str> safe_string protocol
> %token <t_long> TOK_DIGITS TOK_TYPE_UNKNOWN
> -%token <t_str> TOK_QUOTED_STRING TOK_PATH TOK_ID TOK_NULL_COMPLAIN TOK_MODE TOK_DMESG_STAMP
> -%token <t_str> TOK_SINGLE_QUOTED_STRING TOK_AUDIT_DIGITS TOK_DATE_MONTH TOK_DATE_TIME
> +%token <t_str> TOK_QUOTED_STRING TOK_ID TOK_MODE TOK_DMESG_STAMP
> +%token <t_str> TOK_AUDIT_DIGITS TOK_DATE_MONTH TOK_DATE_TIME
> %token <t_str> TOK_HEXSTRING TOK_TYPE_OTHER TOK_MSG_REST
>
> %token TOK_EQUALS
> @@ -105,31 +105,6 @@ aa_record_event_type lookup_aa_event(uns
> %token TOK_TYPE_AA_STATUS
> %token TOK_TYPE_AA_ERROR
> %token TOK_TYPE_LSM_AVC
> -%token TOK_OLD_TYPE_APPARMOR
> -%token TOK_OLD_APPARMOR_REJECT
> -%token TOK_OLD_APPARMOR_PERMIT
> -%token TOK_OLD_APPARMOR_AUDIT
> -%token TOK_OLD_APPARMOR_LOGPROF_HINT
> -%token TOK_OLD_UNKNOWN_HAT
> -%token TOK_OLD_ACTIVE
> -%token TOK_OLD_UNKNOWN_PROFILE
> -%token TOK_OLD_MISSING_PROFILE
> -%token TOK_OLD_CHANGING_PROFILE
> -%token TOK_OLD_ACCESS
> -%token TOK_OLD_TO
> -%token TOK_OLD_FROM
> -%token TOK_OLD_PIPE
> -%token TOK_OLD_EXTENDED
> -%token TOK_OLD_ATTRIBUTE
> -%token TOK_OLD_ON
> -%token TOK_OLD_MKDIR
> -%token TOK_OLD_RMDIR
> -%token TOK_OLD_XATTR
> -%token TOK_OLD_CHANGE
> -%token TOK_OLD_SYSCALL
> -%token TOK_OLD_LINK
> -%token TOK_OLD_FORK
> -%token TOK_OLD_CHILD
>
> %token TOK_KEY_APPARMOR
> %token TOK_KEY_TYPE
> @@ -147,7 +122,6 @@ aa_record_event_type lookup_aa_event(uns
> %token TOK_KEY_PID
> %token TOK_KEY_PROFILE
> %token TOK_AUDIT
> -%token TOK_KEY_IMAGE
> %token TOK_KEY_FAMILY
> %token TOK_KEY_SOCK_TYPE
> %token TOK_KEY_PROTOCOL
> @@ -172,15 +146,10 @@ log_message: audit_type
>
> audit_type: TOK_KEY_TYPE TOK_EQUALS type_syntax ;
>
> -type_syntax: old_syntax { ret_record->version = AA_RECORD_SYNTAX_V1; }
> - | new_syntax { ret_record->version = AA_RECORD_SYNTAX_V2; }
> +type_syntax: new_syntax { ret_record->version = AA_RECORD_SYNTAX_V2; }
> | other_audit
> ;
>
> -old_syntax: TOK_OLD_TYPE_APPARMOR audit_msg old_msg
> - | TOK_TYPE_UNKNOWN audit_msg old_msg
> - ;
> -
> new_syntax:
> TOK_TYPE_AA_REJECT audit_msg key_list { ret_record->event = AA_RECORD_DENIED; }
> | TOK_TYPE_AA_AUDIT audit_msg key_list { ret_record->event = AA_RECORD_AUDIT; }
> @@ -201,9 +170,7 @@ other_audit: TOK_TYPE_OTHER audit_msg TO
> ;
>
> syslog_type:
> - syslog_date TOK_ID TOK_SYSLOG_KERNEL audit_id old_msg
> - { ret_record->version = AA_RECORD_SYNTAX_V1; }
> - | syslog_date TOK_ID TOK_SYSLOG_KERNEL audit_id key_list
> + syslog_date TOK_ID TOK_SYSLOG_KERNEL audit_id key_list
> { ret_record->version = AA_RECORD_SYNTAX_V2; }
> | syslog_date TOK_ID TOK_SYSLOG_KERNEL key_type audit_id key_list
> { ret_record->version = AA_RECORD_SYNTAX_V2; }
> @@ -215,167 +182,9 @@ syslog_type:
>
> /* when audit dispatches a message it doesn't prepend the audit type string */
> audit_dispatch:
> - audit_msg old_msg { ret_record->version = AA_RECORD_SYNTAX_V1; }
> audit_msg key_list { ret_record->version = AA_RECORD_SYNTAX_V2; }
> ;
>
> -old_msg:
> - old_permit_reject_type old_permit_reject_syntax
> - | TOK_OLD_APPARMOR_LOGPROF_HINT old_logprof_syntax { ret_record->event = AA_RECORD_HINT; }
> - ;
> -
> -old_permit_reject_type:
> - TOK_OLD_APPARMOR_REJECT { ret_record->event = AA_RECORD_DENIED; }
> - | TOK_OLD_APPARMOR_PERMIT { ret_record->event = AA_RECORD_ALLOWED; }
> - | TOK_OLD_APPARMOR_AUDIT { ret_record->event = AA_RECORD_AUDIT; }
> - ;
> -
> -old_permit_reject_syntax:
> - TOK_MODE TOK_OLD_ACCESS old_permit_reject_path_pipe_extended
> - TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
> - {
> - ret_record->requested_mask = $1;
> - ret_record->operation = strdup("access");
> - }
> - | dir_action TOK_OLD_ON TOK_PATH
> - TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
> - {
> - ret_record->name = $3;
> - }
> - | TOK_OLD_XATTR TOK_ID TOK_OLD_ON TOK_PATH
> - TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
> - {
> - ret_record->operation = strdup("xattr");
> - ret_record->attribute = $2;
> - ret_record->name = $4;
> - }
> - | TOK_KEY_ATTRIBUTE TOK_OPEN_PAREN TOK_ID TOK_CLOSE_PAREN
> - TOK_OLD_CHANGE TOK_OLD_TO TOK_PATH
> - TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
> - {
> - ret_record->operation = strdup("setattr");
> - ret_record->attribute = $3;
> - ret_record->name = $7;
> - }
> - | TOK_OLD_ACCESS TOK_OLD_TO TOK_KEY_CAPABILITY TOK_SINGLE_QUOTED_STRING
> - TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
> - {
> - ret_record->operation = strdup("capability");
> - ret_record->name = $4;
> - }
> - | TOK_OLD_ACCESS TOK_OLD_TO TOK_OLD_SYSCALL TOK_SINGLE_QUOTED_STRING
> - TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
> - {
> - ret_record->operation = strdup("syscall");
> - ret_record->name = $4;
> - }
> - | TOK_OLD_LINK TOK_OLD_ACCESS TOK_OLD_FROM TOK_PATH TOK_OLD_TO TOK_PATH
> - TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
> - {
> - ret_record->requested_mask = strdup("l");
> - ret_record->name = $4;
> - ret_record->name2 = $6;
> - }
> - ;
> -
> -dir_action:
> - TOK_OLD_MKDIR { ret_record->operation = strdup("mkdir"); }
> - | TOK_OLD_RMDIR { ret_record->operation = strdup("rmdir"); }
> - ;
> -
> -old_process_state:
> - TOK_ID TOK_OPEN_PAREN TOK_ID TOK_CLOSE_PAREN old_profile_names
> - {
> - ret_record->info = $1;
> - ret_record->pid = atol($3);
> - free($3);
> - }
> - ;
> -
> -old_profile_names:
> - TOK_KEY_PROFILE old_profile TOK_OLD_ACTIVE old_profile
> - { ret_record->profile = $2;
> - ret_record->active_hat = $4;
> - }
> - ;
> -
> -old_permit_reject_path_pipe_extended:
> - TOK_OLD_TO TOK_PATH
> - {
> - ret_record->name = $2;
> - }
> - | TOK_OLD_TO TOK_OLD_PIPE /* Frankly, I don't think this is used */
> - {
> - ret_record->info = strdup("pipe");
> - }
> - | TOK_OLD_EXTENDED TOK_KEY_ATTRIBUTE /* Nor this */
> - {
> - ret_record->info = strdup("extended attribute");
> - }
> - ;
> -old_logprof_syntax:
> - old_logprof_syntax2 key_pid
> - TOK_KEY_PROFILE TOK_EQUALS old_profile TOK_OLD_ACTIVE TOK_EQUALS old_profile
> - {
> - ret_record->profile = strdup($5);
> - free($5);
> - ret_record->active_hat = strdup($8);
> - free($8);
> - }
> - | old_logprof_fork_syntax
> - | TOK_OLD_CHANGING_PROFILE key_pid
> - { ret_record->profile = strdup("null-complain-profile"); }
> - ;
> -
> -old_logprof_syntax2:
> - TOK_OLD_UNKNOWN_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID
> - {
> - ret_record->operation = strdup("profile_set");
> - ret_record->info = strdup("unknown profile");
> - ret_record->name = strdup($4);
> - free($4);
> - }
> - | TOK_OLD_MISSING_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID
> - {
> - ret_record->operation = strdup("exec");
> - ret_record->info = strdup("mandatory profile missing");
> - ret_record->name = strdup($4);
> - free($4);
> - }
> - | TOK_OLD_UNKNOWN_HAT TOK_ID
> - {
> - ret_record->operation = strdup("change_hat");
> - ret_record->name = strdup($2);
> - free($2);
> - ret_record->info = strdup("unknown_hat");
> - }
> - ;
> -
> -/* TODO: Clean this up */
> -old_logprof_fork_syntax:
> - TOK_OLD_FORK key_pid
> - TOK_OLD_CHILD TOK_EQUALS TOK_DIGITS old_logprof_fork_addition
> - {
> - ret_record->operation = strdup("clone");
> - ret_record->task = $5;
> - }
> - ;
> -
> -old_logprof_fork_addition:
> - /* Nothin */
> - | TOK_KEY_PROFILE TOK_EQUALS old_profile TOK_OLD_ACTIVE TOK_EQUALS old_profile
> - {
> - ret_record->profile = $3;
> - ret_record->active_hat = $6;
> - }
> - ;
> -
> -old_profile:
> - TOK_PATH { $$ = $1; }
> - | TOK_ID { $$ = $1; }
> - | TOK_NULL_COMPLAIN { $$ = strdup("null-complain-profile"); }
> - ;
> -
> audit_msg: TOK_KEY_MSG TOK_EQUALS audit_id
> ;
>
> @@ -441,7 +250,7 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QU
> | TOK_KEY_COMM TOK_EQUALS TOK_QUOTED_STRING
> { ret_record->comm = $3;}
> | TOK_KEY_APPARMOR TOK_EQUALS apparmor_event
> - | TOK_KEY_CAPABILITY TOK_EQUALS TOK_ID
> + | TOK_KEY_CAPABILITY TOK_EQUALS TOK_DIGITS
> { /* need to reverse map number to string, need to figure out
> * how to get auto generation of reverse mapping table into
> * autotools Makefile. For now just drop assumming capname is
> @@ -460,6 +269,11 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QU
> { /* target was always name2 in the past */
> ret_record->name2 = $3;
> }
> + | TOK_MSG_REST
> + {
> + ret_record->event = AA_RECORD_INVALID;
> + ret_record->info = $1;
> + }
> ;
>
> apparmor_event:
> Index: b/libraries/libapparmor/src/scanner.l
> ===================================================================
> --- a/libraries/libapparmor/src/scanner.l
> +++ b/libraries/libapparmor/src/scanner.l
> @@ -83,7 +83,6 @@ minus "-"
> open_paren "("
> close_paren ")"
> ID [^ \t\n\(\)="'!]
> -path "/"{ID}*
> hexstring ({hex}{hex})+
> period "\."
> mode_chars ([RrWwaLlMmkXx])|([Pp][Xx])|([Uu][Xx])|([Ii][Xx])|([Pp][Ii][Xx])
> @@ -106,35 +105,6 @@ lsm_avc_type "AVC"
> unknown_type UNKNOWN\[{digits}+\]
> other_audit_type [[:alnum:]\[\]_-]+
>
> -/* Old message tokens */
> -
> -old_apparmor_type "APPARMOR"
> -old_apparmor_reject "REJECTING"
> -old_apparmor_permit "PERMITTING"
> -old_apparmor_audit "AUDITING"
> -old_apparmor_logprof "LOGPROF-HINT"
> -old_unknown_hat "unknown_hat"
> -old_unknown_profile "unknown_profile"
> -old_missing_profile "missing_mandatory_profile"
> -old_changing_profile "changing_profile"
> -old_active "active"
> -old_access "access"
> -old_from "from"
> -old_to "to"
> -old_pipe "pipe"
> -old_extended "extended"
> -old_rmdir "rmdir"
> -old_mkdir "mkdir"
> -old_on "on"
> -old_xattr "xattr"
> -old_change "change"
> -old_syscall "syscall"
> -old_link "link"
> -old_fork "fork"
> -old_child "child"
> -
> -null_complain "null-complain-profile"
> -
> /* Key tokens */
>
> key_apparmor "apparmor"
> @@ -153,7 +123,6 @@ key_magic_token "magic_token"
> key_info "info"
> key_pid "pid"
> key_profile "profile"
> -key_image "image"
> key_family "family"
> key_sock_type "sock_type"
> key_protocol "protocol"
> @@ -177,12 +146,10 @@ dmesg_timestamp \[[[:digit:] ]{5,}\.[[:
> %x quoted_string
> %x sub_id
> %x audit_id
> -%x single_quoted_string
> %x hostname
> %x dmesg_timestamp
> %x safe_string
> %x audit_types
> -%x old_action
> %x other_audit
> %x unknown_message
>
> @@ -206,7 +173,6 @@ yy_flex_debug = 0;
> <sub_id>{
> {open_paren} { return(TOK_OPEN_PAREN); }
> {close_paren} { BEGIN(INITIAL); return(TOK_CLOSE_PAREN); }
> - "'" { string_buf_reset(); BEGIN(single_quoted_string); }
> {ws} { }
> \" { string_buf_reset(); BEGIN(quoted_string); }
> {ID}+ {
> @@ -217,19 +183,6 @@ yy_flex_debug = 0;
> {equals} { return(TOK_EQUALS); }
> }
>
> -
> -"'" { string_buf_reset(); BEGIN(single_quoted_string); }
> -<single_quoted_string>"'" { /* End of the quoted string */
> - BEGIN(INITIAL);
> - yylval->t_str = strdup(string_buf);
> - return(TOK_SINGLE_QUOTED_STRING);
> - }
> -
> -
> -<single_quoted_string>\\(.|\n) { string_buf_append(1, &yytext[1]); }
> -
> -<single_quoted_string>[^\\\n\'\"]+ { string_buf_append(yyleng, yytext); }
> -
> \" { string_buf_reset(); BEGIN(quoted_string); }
> <quoted_string>\" { /* End of the quoted string */
> BEGIN(INITIAL);
> @@ -243,7 +196,6 @@ yy_flex_debug = 0;
> <quoted_string>[^\\\n\"]+ { string_buf_append(yyleng, yytext); }
>
> <safe_string>{
> - "'" { string_buf_reset(); BEGIN(single_quoted_string); }
> \" { string_buf_reset(); BEGIN(quoted_string); }
> {hexstring} { yylval->t_str = hex_to_string(yytext); BEGIN(INITIAL); return(TOK_HEXSTRING);}
> {equals} { return(TOK_EQUALS); }
> @@ -274,7 +226,6 @@ yy_flex_debug = 0;
> BEGIN(INITIAL);
> return(TOK_TYPE_UNKNOWN);
> }
> - {old_apparmor_type} { BEGIN(INITIAL); return(TOK_OLD_TYPE_APPARMOR); }
> {other_audit_type} { yylval->t_str = strdup(yytext);
> BEGIN(other_audit);
> return(TOK_TYPE_OTHER);
> @@ -291,42 +242,8 @@ yy_flex_debug = 0;
> return(TOK_OPEN_PAREN);
> }
> {close_paren} { return(TOK_CLOSE_PAREN); }
> -{path} { yylval->t_str = strdup(yytext); return(TOK_PATH); }
> {period} { return(TOK_PERIOD); }
>
> -{old_apparmor_reject} { BEGIN(old_action); return(TOK_OLD_APPARMOR_REJECT); }
> -{old_apparmor_permit} { BEGIN(old_action); return(TOK_OLD_APPARMOR_PERMIT); }
> -{old_apparmor_audit} { BEGIN(old_action); return(TOK_OLD_APPARMOR_AUDIT); }
> -{old_apparmor_logprof} { return(TOK_OLD_APPARMOR_LOGPROF_HINT); }
> -{old_unknown_hat} { BEGIN(sub_id); return(TOK_OLD_UNKNOWN_HAT); }
> -{old_unknown_profile} { return(TOK_OLD_UNKNOWN_PROFILE); }
> -{old_missing_profile} { return(TOK_OLD_MISSING_PROFILE); }
> -{old_changing_profile} { return(TOK_OLD_CHANGING_PROFILE); }
> -{old_active} { BEGIN(sub_id); return(TOK_OLD_ACTIVE); }
> -{old_access} { return(TOK_OLD_ACCESS); }
> -{old_to} { return(TOK_OLD_TO); }
> -{old_from} { return(TOK_OLD_FROM); }
> -{old_pipe} { return(TOK_OLD_PIPE); }
> -{old_extended} { return(TOK_OLD_EXTENDED); }
> -{old_on} { return(TOK_OLD_ON); }
> -{old_change} { return(TOK_OLD_CHANGE); }
> -{key_capability} { BEGIN(sub_id); return(TOK_KEY_CAPABILITY); }
> -{old_syscall} { return(TOK_OLD_SYSCALL); }
> -{old_fork} { return(TOK_OLD_FORK); }
> -{old_child} { return(TOK_OLD_CHILD); }
> -
> -<old_action>{
> - {ws}+ { /* eat whitespace */ }
> - {modes} { /* modes must stay out of INITIAL because of false pos matches e.g. Mar */
> - yylval->t_str = strdup(yytext); BEGIN(INITIAL); return(TOK_MODE); }
> - {old_link} { BEGIN(INITIAL); return(TOK_OLD_LINK); }
> - {old_access} { BEGIN(INITIAL); return(TOK_OLD_ACCESS); }
> - {old_mkdir} { BEGIN(INITIAL); return(TOK_OLD_MKDIR); }
> - {old_rmdir} { BEGIN(INITIAL); return(TOK_OLD_RMDIR); }
> - {old_xattr} { BEGIN(sub_id); return(TOK_OLD_XATTR); }
> - {key_attribute} { BEGIN(sub_id); return(TOK_KEY_ATTRIBUTE); }
> -}
> -
> {key_apparmor} { BEGIN(audit_types); return(TOK_KEY_APPARMOR); }
> {key_type} { BEGIN(audit_types); return(TOK_KEY_TYPE); }
> {key_msg} { return(TOK_KEY_MSG); }
> @@ -350,18 +267,7 @@ yy_flex_debug = 0;
> {key_fsuid} { return(TOK_KEY_FSUID); }
> {key_ouid} { return(TOK_KEY_OUID); }
> {key_comm} { return(TOK_KEY_COMM); }
> - /* This key_capability entry is here to document, what should be.
> - * currently the capability token is handled by the old set of rules above
> - * it should be handled here, but there is no good way to combine them
> - * that doesn't require more work than it is worth atm because of the
> - * switch to sub_id in the old scanner rules.
> - * The switch to sub_id causes the new rule set in the grammar to need to
> - * accept a TOK_ID instead of TOK_DIGITS, which it should be.
> - * once the old rules and old scanning is ripped out this scanner rule
> - * should be activated and the corresponding rule in the grammar should
> - * be updated to use TOK_DIGITS
> - * {key_capability} { return(TOK_KEY_CAPABILITY); }
> - */
> +{key_capability} { return(TOK_KEY_CAPABILITY); }
> {key_capname} { return(TOK_KEY_CAPNAME); }
> {key_offset} { return(TOK_KEY_OFFSET); }
> {key_target} { return(TOK_KEY_TARGET); }
> @@ -371,8 +277,6 @@ yy_flex_debug = 0;
> {syslog_time} { yylval->t_str = strdup(yytext); BEGIN(hostname); return(TOK_DATE_TIME); }
>
> {audit} { yy_push_state(audit_id, yyscanner); return(TOK_AUDIT); }
> -{null_complain} { return(TOK_NULL_COMPLAIN); }
> -{key_image} { BEGIN(sub_id); return(TOK_KEY_IMAGE); }
>
> . { /* ignore any non-matched input */ BEGIN(unknown_message); yyless(0); }
>
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_14.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_14.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_14.out
> @@ -1,13 +1,8 @@
> START
> File: test_multi/old_style_log_14.in
> -Event type: AA_RECORD_AUDIT
> +Event type: AA_RECORD_INVALID
> Audit ID: 1177962426.395:2107
> -Operation: access
> -Mask: mr
> -Profile: /home/steve/svn/apparmor-forge/tests/regression/subdomain/changehat_wrapper
> -Name: /lib/ld-2.4.so
> -Info: open
> -PID: 7139
> -Active hat: open
> +Operation: APPARMOR
> +Info: AUDITING mr access to /lib/ld-2.4.so (open(7139) profile /home/steve/svn/apparmor-forge/tests/regression/subdomain/changehat_wrapper active open)
> Epoch: 1177962426
> Audit subid: 2107
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_16.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_16.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_16.out
> @@ -1,9 +1,8 @@
> START
> File: test_multi/old_style_log_16.in
> -Event type: AA_RECORD_HINT
> +Event type: AA_RECORD_INVALID
> Audit ID: 1168661976.062:55
> -Operation: clone
> -Task: 38229
> -PID: 27764
> +Operation: APPARMOR
> +Info: LOGPROF-HINT fork pid=27764 child=38229
> Epoch: 1168661976
> Audit subid: 55
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_04.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_04.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_04.out
> @@ -1,13 +1,8 @@
> START
> File: test_multi/old_style_log_04.in
> -Event type: AA_RECORD_DENIED
> +Event type: AA_RECORD_INVALID
> Audit ID: 1177962395.525:1837
> -Mask: l
> -Profile: /home/steve/svn/apparmor-forge/tests/regression/subdomain/link
> -Name: /tmp/sdtest.3676-13458-it3683/target
> -Name2: /tmp/sdtest.3676-13458-it3683/src
> -Info: link
> -PID: 3823
> -Active hat: /home/steve/svn/apparmor-forge/tests/regression/subdomain/link
> +Operation: APPARMOR
> +Info: REJECTING link access from /tmp/sdtest.3676-13458-it3683/target to /tmp/sdtest.3676-13458-it3683/src (link(3823) profile /home/steve/svn/apparmor-forge/tests/regression/subdomain/link active /home/steve/svn/apparmor-forge/tests/regression/subdomain/link)
> Epoch: 1177962395
> Audit subid: 1837
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_08.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_08.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_08.out
> @@ -1,13 +1,8 @@
> START
> File: test_multi/old_style_log_08.in
> -Event type: AA_RECORD_ALLOWED
> +Event type: AA_RECORD_INVALID
> Audit ID: 1168662182.495:58
> -Operation: access
> -Mask: r
> -Profile: /home/matt/projects/change_hat_test/test_hat
> -Name: /home/matt/projects/change_hat_test/test
> -Info: test_hat
> -PID: 27871
> -Active hat: null-complain-profile
> +Operation: APPARMOR
> +Info: PERMITTING r access to /home/matt/projects/change_hat_test/test (test_hat(27871) profile /home/matt/projects/change_hat_test/test_hat active null-complain-profile)
> Epoch: 1168662182
> Audit subid: 58
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_09.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_09.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_09.out
> @@ -1,12 +1,8 @@
> START
> File: test_multi/old_style_log_09.in
> -Event type: AA_RECORD_ALLOWED
> +Event type: AA_RECORD_INVALID
> Audit ID: 1167188680.127:54
> -Operation: rmdir
> -Profile: /bin/freak-aa-out
> -Name: /path/to/something
> -Info: bash
> -PID: 23415
> -Active hat: /bin/freak-aa-out
> +Operation: APPARMOR
> +Info: PERMITTING rmdir on /path/to/something (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)
> Epoch: 1167188680
> Audit subid: 54
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_10.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_10.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_10.out
> @@ -1,13 +1,8 @@
> START
> File: test_multi/old_style_log_10.in
> -Event type: AA_RECORD_ALLOWED
> +Event type: AA_RECORD_INVALID
> Audit ID: 1167188680.127:54
> -Operation: setattr
> -Profile: /bin/freak-aa-out
> -Name: /else
> -Attribute: something
> -Info: bash
> -PID: 23415
> -Active hat: /bin/freak-aa-out
> +Operation: APPARMOR
> +Info: PERMITTING attribute (something) change to /else (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)
> Epoch: 1167188680
> Audit subid: 54
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_11.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_11.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_11.out
> @@ -1,12 +1,8 @@
> START
> File: test_multi/old_style_log_11.in
> -Event type: AA_RECORD_ALLOWED
> +Event type: AA_RECORD_INVALID
> Audit ID: 1167188680.127:54
> -Operation: capability
> -Profile: /bin/freak-aa-out
> -Name: cap
> -Info: bash
> -PID: 23415
> -Active hat: /bin/freak-aa-out
> +Operation: APPARMOR
> +Info: PERMITTING access to capability 'cap' (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)
> Epoch: 1167188680
> Audit subid: 54
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_13.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_13.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_13.out
> @@ -1,12 +1,8 @@
> START
> File: test_multi/old_style_log_13.in
> -Event type: AA_RECORD_DENIED
> +Event type: AA_RECORD_INVALID
> Audit ID: 1173790298.983:1669
> -Operation: syscall
> -Profile: /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_sysctl
> -Name: sysctl (write)
> -Info: syscall_sysctl
> -PID: 25423
> -Active hat: /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_sysctl
> +Operation: APPARMOR
> +Info: REJECTING access to syscall 'sysctl (write)' (syscall_sysctl(25423) profile /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_sysctl active /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_sysctl)
> Epoch: 1173790298
> Audit subid: 1669
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_01.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_01.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_01.out
> @@ -1,13 +1,8 @@
> START
> File: test_multi/old_style_log_01.in
> -Event type: AA_RECORD_DENIED
> +Event type: AA_RECORD_INVALID
> Audit ID: 1157215966.604:46
> -Operation: access
> -Mask: r
> -Profile: /usr/sbin/httpd2-prefork
> -Name: /bin/df
> -Info: sh
> -PID: 7902
> -Active hat: SYSINFO
> +Operation: APPARMOR
> +Info: REJECTING r access to /bin/df (sh(7902) profile /usr/sbin/httpd2-prefork active SYSINFO)
> Epoch: 1157215966
> Audit subid: 46
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_03.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_03.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_03.out
> @@ -1,12 +1,8 @@
> START
> File: test_multi/old_style_log_03.in
> -Event type: AA_RECORD_DENIED
> +Event type: AA_RECORD_INVALID
> Audit ID: 1173790298.651:1662
> -Operation: syscall
> -Profile: /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_ptrace
> -Name: ptrace
> -Info: syscall_ptrace
> -PID: 25210
> -Active hat: /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_ptrace
> +Operation: APPARMOR
> +Info: REJECTING access to syscall 'ptrace' (syscall_ptrace(25210) profile /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_ptrace active /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_ptrace)
> Epoch: 1173790298
> Audit subid: 1662
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_06.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_06.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_06.out
> @@ -1,12 +1,8 @@
> START
> File: test_multi/old_style_log_06.in
> -Event type: AA_RECORD_DENIED
> +Event type: AA_RECORD_INVALID
> Audit ID: 1167188680.127:54
> -Operation: mkdir
> -Profile: /bin/freak-aa-out
> -Name: /path/to/something
> -Info: bash
> -PID: 23415
> -Active hat: /bin/freak-aa-out
> +Operation: APPARMOR
> +Info: REJECTING mkdir on /path/to/something (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)
> Epoch: 1167188680
> Audit subid: 54
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_15.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_15.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_15.out
> @@ -1,11 +1,8 @@
> START
> File: test_multi/old_style_log_15.in
> -Event type: AA_RECORD_HINT
> +Event type: AA_RECORD_INVALID
> Audit ID: 1168661976.062:55
> -Operation: clone
> -Profile: /home/matt/projects/change_hat_test/test_hat
> -Task: 38229
> -PID: 27764
> -Active hat: /home/matt/projects/change_hat_test/test_hat
> +Operation: APPARMOR
> +Info: LOGPROF-HINT fork pid=27764 child=38229 profile=/home/matt/projects/change_hat_test/test_hat active=/home/matt/projects/change_hat_test/test_hat
> Epoch: 1168661976
> Audit subid: 55
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_18.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_18.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_18.out
> @@ -1,12 +1,8 @@
> START
> File: test_multi/old_style_log_18.in
> -Event type: AA_RECORD_HINT
> +Event type: AA_RECORD_INVALID
> Audit ID: 1168661976.062:55
> -Operation: change_hat
> -Profile: /home/matt/projects/change_hat_test/test_hat
> -Name: TESTHAT
> -Info: unknown_hat
> -PID: 27764
> -Active hat: /home/matt/projects/change_hat_test/test_hat
> +Operation: APPARMOR
> +Info: LOGPROF-HINT unknown_hat TESTHAT pid=27764 profile=/home/matt/projects/change_hat_test/test_hat active=/home/matt/projects/change_hat_test/test_hat
> Epoch: 1168661976
> Audit subid: 55
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_02.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_02.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_02.out
> @@ -1,13 +1,7 @@
> START
> File: test_multi/old_style_log_02.in
> -Event type: AA_RECORD_DENIED
> +Event type: AA_RECORD_INVALID
> Audit ID: 1167188680.127:54
> -Operation: access
> -Mask: r
> -Profile: /bin/freak-aa-out
> -Name: /bin/freak-aa-out
> -Info: bash
> -PID: 23415
> -Active hat: /bin/freak-aa-out
> +Info: REJECTING r access to /bin/freak-aa-out (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)
> Epoch: 1167188680
> Audit subid: 54
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_05.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_05.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_05.out
> @@ -1,13 +1,8 @@
> START
> File: test_multi/old_style_log_05.in
> -Event type: AA_RECORD_DENIED
> +Event type: AA_RECORD_INVALID
> Audit ID: 1167188680.127:54
> -Operation: access
> -Mask: r
> -Profile: /bin/freak-aa-out
> -Name: /bin/freak-aa-out
> -Info: bash
> -PID: 23415
> -Active hat: /bin/freak-aa-out
> +Operation: APPARMOR
> +Info: REJECTING r access to /bin/freak-aa-out (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)
> Epoch: 1167188680
> Audit subid: 54
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_07.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_07.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_07.out
> @@ -1,13 +1,8 @@
> START
> File: test_multi/old_style_log_07.in
> -Event type: AA_RECORD_DENIED
> +Event type: AA_RECORD_INVALID
> Audit ID: 1167188680.127:54
> -Operation: xattr
> -Profile: /bin/freak-aa-out
> -Name: /path/to/something
> -Attribute: set
> -Info: bash
> -PID: 23415
> -Active hat: /bin/freak-aa-out
> +Operation: APPARMOR
> +Info: REJECTING xattr set on /path/to/something (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)
> Epoch: 1167188680
> Audit subid: 54
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_12.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_12.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_12.out
> @@ -1,13 +1,8 @@
> START
> File: test_multi/old_style_log_12.in
> -Event type: AA_RECORD_ALLOWED
> +Event type: AA_RECORD_INVALID
> Audit ID: 1201615421.935:4837
> -Mask: l
> -Profile: null-complain-profile
> -Name: /home/jj/.fonts.cache-2.LCK
> -Name2: /home/jj/.fonts.cache-2.TMP-IyT7AP
> -Info: firefox-bin
> -PID: 16844
> -Active hat: null-complain-profile
> +Operation: APPARMOR
> +Info: PERMITTING link access from /home/jj/.fonts.cache-2.LCK to /home/jj/.fonts.cache-2.TMP-IyT7AP (firefox-bin(16844) profile null-complain-profile active null-complain-profile)
> Epoch: 1201615421
> Audit subid: 4837
> Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_17.out
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi/old_style_log_17.out
> +++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_17.out
> @@ -1,8 +1,8 @@
> START
> File: test_multi/old_style_log_17.in
> -Event type: AA_RECORD_HINT
> +Event type: AA_RECORD_INVALID
> Audit ID: 1164007073.953:518
> -Profile: null-complain-profile
> -PID: 29420
> +Operation: APPARMOR
> +Info: LOGPROF-HINT changing_profile pid=29420
> Epoch: 1164007073
> Audit subid: 518
>
>
More information about the AppArmor
mailing list