felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(aa-log): parse log file to AA object to allow easy print.

Browse source
This commit is contained in:
Alexandre Pujol 2023-08-17 23:12:46 +01:00
parent 574891d445
commit d06a474b0c
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
2 changed files with 82 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

58
pkg/aa/profile.go
View file

@ -3,6 +3,14 @@
// SPDX-License-Identifier: GPL-2.0-only // SPDX-License-Identifier: GPL-2.0-only
package aa package aa
import (
"bytes"
"strings"
"golang.org/x/exp/slices"
)
// AppArmorProfiles represents a full set of apparmor profiles // AppArmorProfiles represents a full set of apparmor profiles
type AppArmorProfiles map[string]*AppArmorProfile type AppArmorProfiles map[string]*AppArmorProfile
@ -29,3 +37,53 @@ func (p *AppArmorProfile) String() string {
return res.String() return res.String()
} }
// AddRule adds a new rule to the profile from a log map
func (p *AppArmorProfile) AddRule(log map[string]string) {
noNewPrivs := false
fileInherit := false
if log["operation"] == "file_inherit" {
fileInherit = true
}
switch log["error"] {
case "-1":
noNewPrivs = true
case "-2":
if !slices.Contains(p.Flags, "mediate_deleted") {
p.Flags = append(p.Flags, "mediate_deleted")
}
case "-13":
if !slices.Contains(p.Flags, "attach_disconnected") {
p.Flags = append(p.Flags, "attach_disconnected")
}
default:
}
switch log["class"] {
case "cap":
p.Capability = append(p.Capability, NewCapability(log, noNewPrivs, fileInherit))
case "file":
p.File = append(p.File, NewFile(log, noNewPrivs, fileInherit))
case "net":
if log["family"] == "unix" {
p.Unix = append(p.Unix, NewUnix(log, noNewPrivs, fileInherit))
} else {
p.Network = append(p.Network, NewNetwork(log, noNewPrivs, fileInherit))
}
case "signal":
p.Signal = append(p.Signal, NewSignal(log, noNewPrivs, fileInherit))
case "ptrace":
p.Ptrace = append(p.Ptrace, NewPtrace(log, noNewPrivs, fileInherit))
case "unix":
p.Unix = append(p.Unix, NewUnix(log, noNewPrivs, fileInherit))
case "mount":
p.Mount = append(p.Mount, NewMount(log, noNewPrivs, fileInherit))
default:
if strings.Contains(log["operation"], "dbus") {
p.Dbus = append(p.Dbus, NewDbus(log, noNewPrivs, fileInherit))
} else if log["family"] == "unix" {
p.Unix = append(p.Unix, NewUnix(log, noNewPrivs, fileInherit))
}
}
}

24
pkg/logs/logs.go
View file

@ -11,6 +11,7 @@ import (
"regexp" "regexp"
"strings" "strings"
"github.com/roddhjav/apparmor.d/pkg/aa"
"github.com/roddhjav/apparmor.d/pkg/util" "github.com/roddhjav/apparmor.d/pkg/util"
"golang.org/x/exp/slices" "golang.org/x/exp/slices"
) )
@ -219,3 +220,26 @@ func (aaLogs AppArmorLogs) String() string {
} }
return res return res
} }
// ParseToProfiles convert the log data into a new AppArmorProfiles
func (aaLogs AppArmorLogs) ParseToProfiles() aa.AppArmorProfiles {
profiles := make(aa.AppArmorProfiles, 0)
for _, log := range aaLogs {
name := ""
if strings.Contains(log["operation"], "dbus") {
name = log["label"]
} else {
name = log["profile"]
}
if _, ok := profiles[name]; !ok {
profile := &aa.AppArmorProfile{}
profile.Name = name
profile.AddRule(log)
profiles[name] = profile
} else {
profiles[name].AddRule(log)
}
}
return profiles
}