2
* Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
3
* NOVELL (All rights reserved)
5
* This program is free software; you can redistribute it and/or
6
* modify it under the terms of version 2 of the GNU General Public
7
* License published by the Free Software Foundation.
9
* This program is distributed in the hope that it will be useful,
10
* but WITHOUT ANY WARRANTY; without even the implied warranty of
11
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
* GNU General Public License for more details.
14
* You should have received a copy of the GNU General Public License
15
* along with this program; if not, contact Novell, Inc.
23
#include "aalogparse.h"
28
aa_log_record *ret_record;
29
void aalogparse_error(void *scanner, char const *s)
31
printf("Error: %s\n", s);
37
%lex-param{void *scanner}
38
%parse-param{void *scanner}
46
%type <t_str> old_profile;
47
%token <t_long> TOK_DIGITS
48
%token <t_str> TOK_QUOTED_STRING TOK_PATH TOK_ID TOK_NULL_COMPLAIN TOK_MODE TOK_SINGLE_QUOTED_STRING TOK_AUDIT_DIGITS
53
%token TOK_CLOSE_PAREN
56
%token TOK_TYPE_REJECT
58
%token TOK_TYPE_COMPLAIN
60
%token TOK_TYPE_STATUS
62
%token TOK_OLD_TYPE_APPARMOR
63
%token TOK_OLD_APPARMOR_REJECT
64
%token TOK_OLD_APPARMOR_PERMIT
65
%token TOK_OLD_APPARMOR_LOGPROF_HINT
66
%token TOK_OLD_UNKNOWN_HAT
68
%token TOK_OLD_UNKNOWN_PROFILE
69
%token TOK_OLD_MISSING_PROFILE
73
%token TOK_OLD_EXTENDED
74
%token TOK_OLD_ATTRIBUTE
80
%token TOK_OLD_CAPABILITY
86
%token TOK_KEY_OPERATION
89
%token TOK_KEY_DENIED_MASK
90
%token TOK_KEY_REQUESTED_MASK
91
%token TOK_KEY_ATTRIBUTE
94
%token TOK_KEY_MAGIC_TOKEN
97
%token TOK_KEY_PROFILE
100
%token TOK_KEY_FAMILY
101
%token TOK_KEY_SOCK_TYPE
102
%token TOK_KEY_PROTOCOL
106
type: TOK_KEY_TYPE TOK_EQUALS type_syntax ;
108
type_syntax: old_syntax { ret_record->version = AA_RECORD_SYNTAX_V1; }
109
| new_syntax { ret_record->version = AA_RECORD_SYNTAX_V2; }
112
old_syntax: TOK_OLD_TYPE_APPARMOR audit_msg old_msg ;
115
TOK_TYPE_REJECT audit_msg key { ret_record->event = AA_RECORD_DENIED; }
116
| TOK_TYPE_AUDIT audit_msg key { ret_record->event = AA_RECORD_AUDIT; }
117
| TOK_TYPE_COMPLAIN audit_msg key { ret_record->event = AA_RECORD_ALLOWED; }
118
| TOK_TYPE_HINT audit_msg key { ret_record->event = AA_RECORD_HINT; }
119
| TOK_TYPE_STATUS audit_msg key { ret_record->event = AA_RECORD_STATUS; }
120
| TOK_TYPE_ERROR audit_msg key { ret_record->event = AA_RECORD_ERROR; }
124
old_permit_reject_syntax old_permit_reject_syntax2
125
| TOK_OLD_APPARMOR_LOGPROF_HINT old_logprof_syntax { ret_record->event = AA_RECORD_HINT; }
128
old_permit_reject_syntax:
129
TOK_OLD_APPARMOR_REJECT { ret_record->event = AA_RECORD_DENIED; }
130
| TOK_OLD_APPARMOR_PERMIT { ret_record->event = AA_RECORD_ALLOWED; }
133
old_permit_reject_syntax2:
134
TOK_MODE TOK_OLD_ACCESS old_permit_reject_path_pipe_extended
135
TOK_OPEN_PAREN TOK_ID TOK_OPEN_PAREN TOK_ID TOK_CLOSE_PAREN
136
TOK_KEY_PROFILE old_profile TOK_OLD_ACTIVE old_profile TOK_CLOSE_PAREN
138
ret_record->requested_mask = strdup($1);
140
ret_record->info = strdup($5);
142
ret_record->pid = atol($7);
144
ret_record->profile = strdup($10);
146
ret_record->active_hat = strdup($12);
148
ret_record->operation = strdup("access");
150
| mkdir_or_rmdir TOK_OLD_ON TOK_PATH
151
TOK_OPEN_PAREN TOK_ID TOK_OPEN_PAREN TOK_ID TOK_CLOSE_PAREN
152
TOK_KEY_PROFILE old_profile TOK_OLD_ACTIVE old_profile TOK_CLOSE_PAREN
154
ret_record->name = strdup($3);
156
ret_record->info = strdup($5);
158
ret_record->pid = atol($7);
160
ret_record->profile = strdup($10);
162
ret_record->active_hat = strdup($12);
165
| TOK_OLD_XATTR TOK_ID TOK_OLD_ON TOK_PATH
166
TOK_OPEN_PAREN TOK_ID TOK_OPEN_PAREN TOK_ID TOK_CLOSE_PAREN
167
TOK_KEY_PROFILE old_profile TOK_OLD_ACTIVE old_profile TOK_CLOSE_PAREN
169
ret_record->operation = strdup("xattr");
170
ret_record->attribute = strdup($2);
172
ret_record->name = strdup($4);
174
ret_record->info = strdup($6);
176
ret_record->pid = atol($8);
178
ret_record->profile = strdup($11);
180
ret_record->active_hat = strdup($13);
183
| TOK_KEY_ATTRIBUTE TOK_OPEN_PAREN TOK_ID TOK_CLOSE_PAREN
184
TOK_OLD_CHANGE TOK_OLD_TO TOK_PATH
185
TOK_OPEN_PAREN TOK_ID TOK_OPEN_PAREN TOK_ID TOK_CLOSE_PAREN
186
TOK_KEY_PROFILE old_profile TOK_OLD_ACTIVE old_profile TOK_CLOSE_PAREN
188
ret_record->operation = strdup("setattr");
189
ret_record->attribute = strdup($3);
191
ret_record->name = strdup($7);
193
ret_record->info = strdup($9);
195
ret_record->pid = atol($11);
197
ret_record->profile = strdup($14);
199
ret_record->active_hat = strdup($16);
202
| TOK_OLD_ACCESS TOK_OLD_TO TOK_OLD_CAPABILITY TOK_SINGLE_QUOTED_STRING
203
TOK_OPEN_PAREN TOK_ID TOK_OPEN_PAREN TOK_ID TOK_CLOSE_PAREN
204
TOK_KEY_PROFILE old_profile TOK_OLD_ACTIVE old_profile TOK_CLOSE_PAREN
206
ret_record->operation = strdup("capability");
207
ret_record->name = strdup($4);
209
ret_record->info = strdup($6);
211
ret_record->pid = atol($8);
213
ret_record->profile = strdup($11);
215
ret_record->active_hat = strdup($13);
221
TOK_OLD_MKDIR { ret_record->operation = strdup("mkdir"); }
222
| TOK_OLD_RMDIR { ret_record->operation = strdup("rmdir"); }
225
old_permit_reject_path_pipe_extended:
228
ret_record->name = strdup($2);
231
| TOK_OLD_TO TOK_OLD_PIPE /* Frankly, I don't think this is used */
233
ret_record->info = strdup("pipe");
235
| TOK_OLD_EXTENDED TOK_KEY_ATTRIBUTE /* Nor this */
237
ret_record->info = strdup("extended attribute");
241
old_logprof_syntax2 TOK_KEY_PID TOK_EQUALS TOK_DIGITS
242
TOK_KEY_PROFILE TOK_EQUALS old_profile TOK_OLD_ACTIVE TOK_EQUALS old_profile
244
ret_record->pid = $4;
245
ret_record->profile = strdup($7);
247
ret_record->active_hat = strdup($10);
250
| old_logprof_fork_syntax
254
TOK_OLD_UNKNOWN_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID
256
ret_record->operation = strdup("profile_set");
257
ret_record->info = strdup("unknown profile");
258
ret_record->name = strdup($4);
261
| TOK_OLD_MISSING_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID
263
ret_record->operation = strdup("exec");
264
ret_record->info = strdup("mandatory profile missing");
265
ret_record->name = strdup($4);
268
| TOK_OLD_UNKNOWN_HAT TOK_ID
270
ret_record->operation = strdup("change_hat");
271
ret_record->name = strdup($2);
273
ret_record->info = strdup("unknown_hat");
277
/* TODO: Clean this up */
278
old_logprof_fork_syntax:
279
TOK_OLD_FORK TOK_KEY_PID TOK_EQUALS TOK_DIGITS
280
TOK_OLD_CHILD TOK_EQUALS TOK_DIGITS old_logprof_fork_addition
282
ret_record->operation = strdup("clone");
283
ret_record->task = $7;
284
ret_record->pid = $4;
288
old_logprof_fork_addition:
290
| TOK_KEY_PROFILE TOK_EQUALS old_profile TOK_OLD_ACTIVE TOK_EQUALS old_profile
292
ret_record->profile = strdup($3);
294
ret_record->active_hat = strdup($6);
307
$$ = strdup("null-complain-profile");
311
audit_msg: TOK_KEY_MSG TOK_EQUALS TOK_AUDIT TOK_OPEN_PAREN TOK_AUDIT_DIGITS TOK_PERIOD TOK_AUDIT_DIGITS TOK_COLON TOK_AUDIT_DIGITS TOK_CLOSE_PAREN TOK_COLON
313
asprintf(&ret_record->audit_id, "%s.%s:%s", $5, $7, $9);
314
ret_record->epoch = atol($5);
315
ret_record->audit_sub_id = atoi($9);
326
key_list: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
327
{ ret_record->operation = strdup($3); free($3); }
328
| TOK_KEY_NAME TOK_EQUALS TOK_QUOTED_STRING
329
{ ret_record->name = strdup($3); free($3); }
330
| TOK_KEY_NAME2 TOK_EQUALS TOK_QUOTED_STRING
331
{ ret_record->name2 = strdup($3); free($3); }
332
| TOK_KEY_DENIED_MASK TOK_EQUALS TOK_QUOTED_STRING
333
{ ret_record->denied_mask = strdup($3); free($3);}
334
| TOK_KEY_REQUESTED_MASK TOK_EQUALS TOK_QUOTED_STRING
335
{ ret_record->requested_mask = strdup($3); free($3);}
336
| TOK_KEY_ATTRIBUTE TOK_EQUALS TOK_QUOTED_STRING
337
{ ret_record->attribute = strdup($3); free($3);}
338
| TOK_KEY_TASK TOK_EQUALS TOK_QUOTED_STRING
339
{ ret_record->task = atol($3); free($3);}
340
| TOK_KEY_PARENT TOK_EQUALS TOK_QUOTED_STRING
341
{ ret_record->parent = strdup($3); free($3);}
342
| TOK_KEY_MAGIC_TOKEN TOK_EQUALS TOK_DIGITS
343
{ ret_record->magic_token = $3;}
344
| TOK_KEY_INFO TOK_EQUALS TOK_QUOTED_STRING
345
{ ret_record->info = strdup($3); free($3);}
346
| TOK_KEY_PID TOK_EQUALS TOK_DIGITS
347
{ ret_record->pid = $3;}
348
| TOK_KEY_PROFILE TOK_EQUALS TOK_QUOTED_STRING
349
{ ret_record->profile = strdup($3); free($3);}
350
| TOK_KEY_FAMILY TOK_EQUALS TOK_QUOTED_STRING
351
{ ret_record->net_family = strdup($3); free($3);}
352
| TOK_KEY_SOCK_TYPE TOK_EQUALS TOK_QUOTED_STRING
353
{ ret_record->net_sock_type = strdup($3); free($3); }
354
| TOK_KEY_PROTOCOL TOK_EQUALS TOK_QUOTED_STRING
355
{ ret_record->net_protocol = strdup($3); free($3);}
361
_parse_yacc(char *str)
364
YY_BUFFER_STATE lex_buf;
369
ret_record = (aa_log_record *) malloc(sizeof(aa_log_record));
371
_init_log_record(ret_record);
373
if (ret_record == NULL)
376
aalogparse_lex_init(&scanner);
377
lex_buf = aalogparse__scan_string(str, scanner);
378
parser_return = aalogparse_parse(scanner);
379
aalogparse__delete_buffer(lex_buf, scanner);
380
aalogparse_lex_destroy(scanner);