a535402f17
Accepted submit request 59064 from user jeff_mahoney OBS-URL: https://build.opensuse.org/request/show/59064 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=5
95 lines
2.9 KiB
Plaintext
95 lines
2.9 KiB
Plaintext
From: Jeff Mahoney <jeffm@suse.com>
|
|
Subject: apparmor: Fix network event parsing
|
|
References: bnc#665483
|
|
|
|
The upstream version of AppArmor had network mediation but it was
|
|
removed. There's a compability patch floating around that both openSUSE
|
|
and Ubuntu have applied to their kernels. Unfortunately, one part was
|
|
overlooked. The socket operation event names where changed from the
|
|
socket_ prefixed names they had when AppArmor was out-of-tree and
|
|
utils/SubDomain.pm was never updated to understand them.
|
|
|
|
This patch adds an operation-type table so that the code can just
|
|
do a optype($operation) call to discover what type of operation a
|
|
particular name refers to. It then uses this in place of the socket_
|
|
checks to decide whether an event is a network operation.
|
|
|
|
This allows genprof and logprof to work with networking rules again.
|
|
|
|
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
|
|
---
|
|
utils/SubDomain.pm | 48 ++++++++++++++++++++++++++++++++++++++++++++++--
|
|
1 file changed, 46 insertions(+), 2 deletions(-)
|
|
|
|
--- a/utils/SubDomain.pm
|
|
+++ b/utils/SubDomain.pm
|
|
@@ -233,6 +233,50 @@ my %MODE_HASH = (
|
|
N => $AA_EXEC_NT,
|
|
);
|
|
|
|
+
|
|
+# Currently only used by netdomain but there's no reason it couldn't
|
|
+# be extended to support other types.
|
|
+my %operation_types = (
|
|
+
|
|
+ # Old socket names
|
|
+ "socket_create", => "net",
|
|
+ "socket_post_create" => "net",
|
|
+ "socket_bind" => "net",
|
|
+ "socket_connect" => "net",
|
|
+ "socket_listen" => "net",
|
|
+ "socket_accept" => "net",
|
|
+ "socket_sendmsg" => "net",
|
|
+ "socket_recvmsg" => "net",
|
|
+ "socket_getsockname" => "net",
|
|
+ "socket_getpeername" => "net",
|
|
+ "socket_getsockopt" => "net",
|
|
+ "socket_setsockopt" => "net",
|
|
+ "socket_shutdown" => "net",
|
|
+
|
|
+ # New socket names
|
|
+ "create" => "net",
|
|
+ "post_create" => "net",
|
|
+ "bind" => "net",
|
|
+ "connect" => "net",
|
|
+ "listen" => "net",
|
|
+ "accept" => "net",
|
|
+ "sendmsg" => "net",
|
|
+ "recvmsg" => "net",
|
|
+ "getsockname" => "net",
|
|
+ "getpeername" => "net",
|
|
+ "getsockopt" => "net",
|
|
+ "setsockopt" => "net",
|
|
+ "sock_shutdown" => "net",
|
|
+);
|
|
+
|
|
+sub optype($) {
|
|
+ my $op = shift;
|
|
+ my $type = $operation_types{$op};
|
|
+
|
|
+ return "unknown" if !defined($type);
|
|
+ return $type;
|
|
+}
|
|
+
|
|
sub debug ($) {
|
|
my $message = shift;
|
|
chomp($message);
|
|
@@ -2911,7 +2955,7 @@ sub add_event_to_tree ($) {
|
|
}
|
|
$pid{$child} = $arrayref;
|
|
push @{$arrayref}, [ "fork", $child, $profile, $hat ];
|
|
- } elsif ($e->{operation} =~ m/socket_/) {
|
|
+ } elsif (optype($e->{operation}) eq "net") {
|
|
add_to_tree( $e->{pid},
|
|
$e->{parent},
|
|
"netdomain",
|
|
@@ -6620,7 +6664,7 @@ sub parse_event($) {
|
|
LibAppArmor::aa_log_record::swig_magic_token_get($event);
|
|
|
|
# NetDomain
|
|
- if ( $ev{'operation'} && $ev{'operation'} =~ /socket/ ) {
|
|
+ if ( $ev{'operation'} && optype($ev{'operation'}) eq "net" ) {
|
|
$ev{'family'} =
|
|
LibAppArmor::aa_log_record::swig_net_family_get($event);
|
|
$ev{'protocol'} =
|