[apparmor] [patch] [26/38] Avoid crash in aa-logprof on events for non-existing profiles

Christian Boltz apparmor at cboltz.de
Fri Aug 12 21:02:11 UTC 2016 

Hello,

if the audit.log contains an event for a non-existing profile (this can
happen when running with a foreign log or if the user manually deleted a
profile or hat), propose_file_rules() crashes because rule_obj is None
instead of a profile_storage() struct.

This patch adds a check that skips events for non-existing profiles and
hats.

Note: I'm quite sure this happens only for file events (because the
other rule types don't have something similar to propose_file_rules(),
therefore no backport to older versions is needed.


[ 26-avoid-logprof-crash-on-nonexisting-profiles.diff ]

--- utils/apparmor/aa.py	2016-05-26 20:37:44.768619083 +0200
+++ utils/apparmor/aa.py	2016-05-26 21:59:57.918885644 +0200
@@ -1558,6 +1558,14 @@
                 hats = [profile] + hats
 
             for hat in hats:
+
+                if not aa[profile].get(hat).get('file'):
+                    # Ignore log events for a non-existing profile or child profile. Such events can occour
+                    # after deleting a profile or hat manually, or when processing a foreign log.
+                    # (Checking for 'file' is a simplified way to check if it's a profile_storage() struct.)
+                    debug_logger.debug("Ignoring events for non-existing profile %s" % combine_name(profile, hat))
+                    continue
+
                 for ruletype in ruletypes:
                     for rule_obj in log_dict[aamode][profile][hat][ruletype].rules:
                         # XXX aa-mergeprof also has this code - if you change it, keep aa-mergeprof in sync!



Regards,

Christian Boltz
-- 
Das hätte man auch kürzer sagen können:
| "Please don't use evolution anymore. It's not intended as a
|  mailingprogramm, we're just riding around a little bit on our
|  C-Compilers to find out how to break the rules."
Yes, sir. Nice outlooks.      [Ratti in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160812/dca7a325/attachment.pgp>

More information about the AppArmor mailing list