[apparmor] [patch] merge 'path' if conditions in logparser.py / add_event_to_tree()
Steve Beattie
steve at nxnw.org
Sat Feb 28 07:46:58 UTC 2015
On Mon, Feb 23, 2015 at 09:58:53PM +0100, Christian Boltz wrote:
> logparser.py / add_event_to_tree() has 5 places to handle 'path' events.
> This patch merges most if conditions to reduce that to 2 places.
>
> This patch is just a cleanup without any behaviour change, therefore
> trunk is probably enough (but I won't object if someone acks it for 2.9 ;-)
>
> Sidenote: I don't like things like
> if 'file_' in e['operation']
> too much. Can/should we make this
> if e['operation'].startswith('file_')
>
> (same question for 'xattr' and 'inode_' ;-)
Yes I would prefer the more strict startswith match for looser
matches like the above, though as near as I can tell from looking at
the log tests, xattr should be a keyword and was only generated by
the v1 log format which is dead. You ought to be able to put 'xattr'
in the list of operations you test against safely.
Also, 'getattr' is another operation that needs to be supported I
think. If we fix that, then the patch should probably go into 2.9.
> [ logparser-merge-path-handling.diff ]
>
> === modified file 'utils/apparmor/logparser.py'
> --- utils/apparmor/logparser.py 2015-01-17 10:04:12 +0000
> +++ utils/apparmor/logparser.py 2015-02-23 20:41:18 +0000
> @@ -257,20 +258,16 @@
> else:
> self.debug_logger.debug('add_event_to_tree: dropped exec event in %s' % e['profile'])
>
> - elif 'file_' in e['operation']:
> - self.add_to_tree(e['pid'], e['parent'], 'path',
> - [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
> - elif e['operation'] in ['open', 'truncate', 'mkdir', 'mknod', 'rename_src',
> - 'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link']:
> + elif ( 'file_' in e['operation'] or 'xattr' in e['operation'] or
> + e['operation'] in ['open', 'truncate', 'mkdir', 'mknod', 'rename_src',
> + 'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link',
> + 'sysctl', 'setattr'] ):
> #print(e['operation'], e['name'])
> self.add_to_tree(e['pid'], e['parent'], 'path',
> [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
> elif e['operation'] == 'capable':
> self.add_to_tree(e['pid'], e['parent'], 'capability',
> [profile, hat, prog, aamode, e['name'], ''])
> - elif e['operation'] == 'setattr' or 'xattr' in e['operation']:
> - self.add_to_tree(e['pid'], e['parent'], 'path',
> - [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
> elif 'inode_' in e['operation']:
> is_domain_change = False
> if e['operation'] == 'inode_permission' and (e['denied_mask'] & AA_MAY_EXEC) and aamode == 'PERMITTING':
> @@ -288,10 +285,6 @@
> self.add_to_tree(e['pid'], e['parent'], 'path',
> [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
>
> - elif e['operation'] == 'sysctl':
> - self.add_to_tree(e['pid'], e['parent'], 'path',
> - [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
> -
> elif e['operation'] == 'clone':
> parent, child = e['pid'], e['task']
> if not parent:
>
>
> Regards,
>
> Christian Boltz
> --
> On a more positive note, bug#755845 keeps me very fit running to and fro
> the datacentre because I keep forgetting to mount /dev/pts myself.
> [Per Jessen in opensuse-factory]
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150227/9ef7f427/attachment.pgp>
More information about the AppArmor
mailing list