feat(aa-log): more log cleanup.

pkg/logs/loggers.go

@@ -50,6 +50,7 @@ func GetApparmorLogs(file io.Reader, profile string) []string {
 	}
 
 	// Clean & remove doublon in logs
+	res = util.DecodeHexInString(res)
 	for _, aa := range regCleanLogs {
 		res = aa.Regex.ReplaceAllLiteralString(res, aa.Repl)
 	}

pkg/logs/loggers_test.go

@@ -23,7 +23,6 @@ func TestGetJournalctlLogs(t *testing.T) {
 			want: AppArmorLogs{
 				{
 					"apparmor":   "ALLOWED",
-					"profile":    "",
 					"label":      "gsd-xsettings",
 					"operation":  "dbus_method_call",
 					"name":       ":*",

pkg/logs/logs.go

@@ -59,13 +59,14 @@ var (
 		`@{PROC}/@{pid}/task/[0-9]*/`, `@{PROC}/@{pid}/task/@{tid}/`,
 		`/sys/`, `@{sys}/`,
 		`@{PROC}@{sys}/`, `@{PROC}/sys/`,
-		`pci[0-9][0-9][0-9][0-9]:[0-9][0-9]`, `@{pci_bus}`,
-		`@{pci_bus}/([0-9][0-9][0-9][0-9]:[0-9][0-9]:[0-9a-f][0-9a-f]\.[0-9]/)+`, `@{pci}/`,
+		`pci[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]:[0-9a-fA-F][0-9a-fA-F]`, `@{pci_bus}`,
 
 		// Some system glob
 		`:1.[0-9]*`, `:*`, // dbus peer name
 		`@{bin}/(|ba|da)sh`, `@{bin}/{,ba,da}sh`, // collect all shell
 		`@{lib}/modules/[^/]+\/`, `@{lib}/modules/*/`, // strip kernel version numbers from kernel module accesses
+		`[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]`, `@{uuid}`,
+		`[0-9][0-9][0-9][0-9][0-9][0-9]+`, `@{int}`,
 
 		// Remove basic rules from abstractions/base
 		`(?m)^.*/etc/[^/]+so.*$`, ``,
@@ -114,14 +115,6 @@ func NewApparmorLogs(file io.Reader, profile string) AppArmorLogs {
 				aa[kv[0]] = strings.Trim(kv[1], `"`)
 			}
 		}
-		aa["profile"] = util.DecodeHex(aa["profile"])
-		toDecode := []string{"name", "comm"}
-		for _, name := range toDecode {
-			if value, ok := aa[name]; ok {
-				aa[name] = util.DecodeHex(value)
-			}
-		}
-
 		aaLogs = append(aaLogs, aa)
 	}
 

pkg/logs/logs_test.go

@@ -47,7 +47,6 @@ var (
 	refPowerProfiles = AppArmorLogs{
 		{
 			"apparmor":   "ALLOWED",
-			"profile":    "",
 			"label":      "power-profiles-daemon",
 			"operation":  "dbus_method_call",
 			"name":       "org.freedesktop.DBus",
@@ -83,7 +82,7 @@ func TestAppArmorEvents(t *testing.T) {
 					"apparmor":       "ALLOWED",
 					"profile":        "@{bin}/httpd2-prefork//vhost_foo",
 					"operation":      "rename_dest",
-					"name":           "/home/www/foo.bar.in/httpdocs/apparmor/images/test/image 1.jpg",
+					"name":           "@{HOME}/foo.bar.in/httpdocs/apparmor/images/test/image 1.jpg",
 					"comm":           "httpd2-prefork",
 					"requested_mask": "wc",
 					"denied_mask":    "wc",
@@ -136,7 +135,6 @@ func TestAppArmorEvents(t *testing.T) {
 			want: AppArmorLogs{
 				{
 					"apparmor":   "ALLOWED",
-					"profile":    "",
 					"label":      "snapd",
 					"operation":  "dbus_method_call",
 					"name":       "org.freedesktop.PolicyKit1",
@@ -163,7 +161,6 @@ func TestAppArmorEvents(t *testing.T) {
 			want: AppArmorLogs{
 				{
 					"apparmor":  "ALLOWED",
-					"profile":   "",
 					"label":     "xdg-document-portal",
 					"operation": "dbus_bind",
 					"name":      "org.freedesktop.portal.Documents",