Add the aa-log helper.

root/usr/bin/aa-log

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+# Review AppArmor generated messages
+# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+#
+
+readonly LOGFILE=/var/log/audit/audit.log
+
+# Parses AppArmor logs to hide unnecessary information and remove duplicates.
+_apparmor_log() {
+    local state="$1" profile="${2}"
+    grep -a "$state" "$LOGFILE" \
+        | grep "profile=\"$profile.*\"" \
+        | grep -v laddr \
+        | sed -e 's/AVC //' \
+              -e "s/apparmor=\"$state\"/$state/" \
+              -e 's/type=msg=audit(.*): //' \
+              -e 's/pid=.* comm/comm/' \
+              -e 's/ fsuid.*//' \
+        | awk '!x[$0]++'
+
+}
+
+_apparmor_log DENIED "$@"
+_apparmor_log ALLOWED "$@"

root/usr/share/zsh/site-functions/_aa-log.zsh

@@ -0,0 +1,18 @@
+#compdef aa-log
+#autoload
+
+_aa-log () {
+	local IFS=$'\n'
+	_values -C 'profile names' ${$(__aa_profiles):-""}
+}
+
+__aa_profiles() {
+	find -L /etc/apparmor.d -type f \
+		| sed -e 's#/etc/apparmor.d/##' \
+			  -e '/abi/d' \
+			  -e '/abstractions/d' \
+			  -e '/local/d' \
+		| sort
+}
+
+_aa-log