[apparmor] [patch] Set log_event flag in collapse_log()

Christian Boltz Thu, 10 Dec 2015 04:36:08 -0800

Hello,

collapse_log() creates temporary SignalRule etc. objects which are then
checked against the existing profile content.


These temporary objects are based on log events, therefore flag them as
such. This will ensure proper handling and escaping by the AARE class.


[ 36-collapse-log-set-log_event.diff ]

=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py        2015-12-08 19:30:43.210864711 +0100
+++ utils/apparmor/aa.py        2015-12-10 12:38:08.008844270 +0100
@@ -2509,26 +2509,26 @@
                 for cap in prelog[aamode][profile][hat]['capability'].keys():
                     # If capability not already in profile
                     # XXX remove first check when we have proper profile 
initialisation
-                    if aa[profile][hat].get('capability', False) and not 
aa[profile][hat]['capability'].is_covered(CapabilityRule(cap)):
+                    if aa[profile][hat].get('capability', False) and not 
aa[profile][hat]['capability'].is_covered(CapabilityRule(cap, log_event=True)):
                         log_dict[aamode][profile][hat]['capability'][cap] = 
True
 
                 nd = prelog[aamode][profile][hat]['netdomain']
                 for family in nd.keys():
                     for sock_type in nd[family].keys():
-                        if not is_known_rule(aa[profile][hat], 'network', 
NetworkRule(family, sock_type)):
+                        if not is_known_rule(aa[profile][hat], 'network', 
NetworkRule(family, sock_type, log_event=True)):
                             
log_dict[aamode][profile][hat]['netdomain'][family][sock_type] = True
 
                 ptrace = prelog[aamode][profile][hat]['ptrace']
                 for peer in ptrace.keys():
                     for access in ptrace[peer].keys():
-                        if not is_known_rule(aa[profile][hat], 'ptrace', 
PtraceRule(access, peer)):
+                        if not is_known_rule(aa[profile][hat], 'ptrace', 
PtraceRule(access, peer, log_event=True)):
                             
log_dict[aamode][profile][hat]['ptrace'][peer][access] = True
 
                 sig = prelog[aamode][profile][hat]['signal']
                 for peer in sig.keys():
                     for access in sig[peer].keys():
                         for signal in sig[peer][access].keys():
-                            if not is_known_rule(aa[profile][hat], 'signal', 
SignalRule(access, signal, peer)):
+                            if not is_known_rule(aa[profile][hat], 'signal', 
SignalRule(access, signal, peer, log_event=True)):
                                 
log_dict[aamode][profile][hat]['signal'][peer][access][signal] = True
 
 


Regards,

Christian Boltz
-- 
Wie meinte doch neulich ein OS/2 oder CygWin-User:
PATH=C:\backspace\return;E:\tab\newline;D:\home
W:\pakete\mypaket\configure --prefix=F:\fondlinge
[Ralf Corsepius in suse-programming]


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [patch] Set log_event flag in collapse_log()

Reply via email to