Merge libapparmor: add scanner support for dbus method

In the [merge request that adds AppArmor support on D-Bus Broker](bus1/dbus-broker#286), the word "method" is used instead of "member" on the auditing logs. So we are adding support to parse "method" the same way as "member" on D-Bus audit logs. MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/958 Approved-by: John Johansen <[email protected]> Merged-by: John Johansen <[email protected]> (cherry picked from commit a96fa35) Signed-off-by: John Johansen <[email protected]>
ottok · Jan 25, 2023 · 698c3f3 · 698c3f3
1 parent ca6191d
commit 698c3f3
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 0 deletions.
diff --git a/libraries/libapparmor/src/scanner.l b/libraries/libapparmor/src/scanner.l
@@ -163,6 +163,7 @@ key_dest "dest"
 key_path "path"
 key_interface "interface"
 key_member "member"
+key_method "method"
 key_signal "signal"
 key_peer "peer"
 key_fstype "fstype"
@@ -350,6 +351,7 @@ yy_flex_debug = 0;
 {key_path} { return(TOK_KEY_PATH); }
 {key_interface} { return(TOK_KEY_INTERFACE); }
 {key_member} { return(TOK_KEY_MEMBER); }
+{key_method} { return(TOK_KEY_MEMBER); }
 {key_signal} { BEGIN(sub_id); return(TOK_KEY_SIGNAL); }
 {key_peer} { BEGIN(safe_string); return(TOK_KEY_PEER); }
 {key_fstype} { return(TOK_KEY_FSTYPE); }

diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.err b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.err
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.in b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.in
@@ -0,0 +1 @@
+Dec 15 17:32:17 kinetic kernel: [4835959.046111] audit: type=1107 audit(1671125537.724:209): pid=7308 uid=0 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" method="Hello" mask="send" label="/tmp/apparmor/tests/regression/apparmor/dbus_message" peer_label="unconfined" exe="/usr/local/bin/dbus-broker" sauid=0 hostname=? addr=? terminal=?'
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.out b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.out
@@ -0,0 +1,15 @@
+START
+File: testcase_dbus_11.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1671125537.724:209
+Operation: dbus_method_call
+Denied Mask: send
+Profile: /tmp/apparmor/tests/regression/apparmor/dbus_message
+Peer profile: unconfined
+Command: /usr/local/bin/dbus-broker
+DBus bus: session
+DBus path: /org/freedesktop/DBus
+DBus interface: org.freedesktop.DBus
+DBus member: Hello
+Epoch: 1671125537
+Audit subid: 209
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.profile b/libraries/libapparmor/testsuite/test_multi/testcase_dbus_11.profile
@@ -0,0 +1,4 @@
+/tmp/apparmor/tests/regression/apparmor/dbus_message {
+ dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=Hello peer=(label=unconfined),
+
+}