1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# Copyright 2018 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
resource fd_apparmor_current[fd]
openat$apparmor_task_current(fd const[AT_FDCWD], file ptr[in, string["/proc/self/attr/current"]], flags const[O_RDWR], mode const[0]) fd_apparmor_current
openat$apparmor_thread_current(fd const[AT_FDCWD], file ptr[in, string["/proc/thread-self/attr/current"]], flags const[O_RDWR], mode const[0]) fd_apparmor_current
write$apparmor_current(fd fd_apparmor_current, data ptr[in, apparmor_current_attr], len len[data])
apparmor_current_attr [
hat apparmor_current_hat
profile apparmor_current_profile
] [varlen]
apparmor_current_hat {
cmd stringnoz[apparmor_hat_cmds]
token fmt[hex, int64[0:4]]
delim const['^', int8]
# TODO: what are these hats? should we pass some strings from apparmor profile?
hats array[string]
} [packed]
apparmor_hat_cmds = "changehat ", "permhat "
apparmor_current_profile {
cmd stringnoz[apparmor_profile_cmds]
# TODO: what is this profile/fqname?
profile string
} [packed]
apparmor_profile_cmds = "changeprofile ", "permprofile ", "stack "
resource fd_apparmor_exec[fd]
openat$apparmor_task_exec(fd const[AT_FDCWD], file ptr[in, string["/proc/self/attr/exec"]], flags const[O_RDWR], mode const[0]) fd_apparmor_exec
openat$apparmor_thread_exec(fd const[AT_FDCWD], file ptr[in, string["/proc/thread-self/attr/exec"]], flags const[O_RDWR], mode const[0]) fd_apparmor_exec
write$apparmor_exec(fd fd_apparmor_exec, data ptr[in, apparmor_exec_attr], len len[data])
apparmor_exec_attr {
cmd stringnoz[apparmor_exec_profile_cmds]
# TODO: what is this profile/fqname?
profile string
} [packed]
apparmor_exec_profile_cmds = "exec ", "stack "
|
