File libapparmor1-2.3-new-log-format-fix of Package libapparmor1

From: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Acked-By: Steve Beattie <steve@ubuntu.com>
Ref: https://bugs.launchpad.net/bugs/431929
SVN: r1444
References: bnc#546618

Parse log entries containing an ouid.

(I added a testcase to Marc's fix.)

---
 src/aalogparse.h                       |    1 +
 src/grammar.y                          |    3 +++
 src/libaalogparse.c                    |    1 +
 src/scanner.l                          |    2 ++
 testsuite/test_multi.c                 |    4 ++++
 testsuite/test_multi/testcase_ouid.in  |    1 +
 testsuite/test_multi/testcase_ouid.out |   15 +++++++++++++++
 7 files changed, 27 insertions(+)

--- a/src/aalogparse.h
+++ b/src/aalogparse.h
@@ -127,6 +127,7 @@ typedef struct
 	char *denied_mask;		/* "r", "w", etc. */
 	char *requested_mask;
 	unsigned long fsuid;		/* fsuid of task - if logged */
+	unsigned long ouid;		/* ouid of task - if logged */
 	char *profile;			/* The name of the profile */
 	char *name;
 	char *name2;
--- a/src/grammar.y
+++ b/src/grammar.y
@@ -143,6 +143,7 @@ aa_record_event_type lookup_aa_event(uns
 %token TOK_KEY_NAMESPACE
 %token TOK_KEY_ERROR
 %token TOK_KEY_FSUID
+%token TOK_KEY_OUID
 
 %token TOK_SYSLOG_KERNEL
 
@@ -415,6 +416,8 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QU
 	{ ret_record->error_code = $3;}
 	| TOK_KEY_FSUID TOK_EQUALS TOK_DIGITS
 	{ ret_record->fsuid = $3;}
+	| TOK_KEY_OUID TOK_EQUALS TOK_DIGITS
+	{ ret_record->ouid = $3;}
 	;
 
 key_pid: TOK_KEY_PID TOK_EQUALS TOK_DIGITS { ret_record->pid = $3; }
--- a/src/libaalogparse.c
+++ b/src/libaalogparse.c
@@ -93,6 +93,7 @@ void _init_log_record(aa_log_record *rec
 	record->version = AA_RECORD_SYNTAX_UNKNOWN;
 	record->event = AA_RECORD_INVALID;
 	record->fsuid = (unsigned long) -1;
+	record->ouid = (unsigned long) -1;
 
 	return;
 }
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -107,6 +107,7 @@ key_sock_type		"sock_type"
 key_protocol		"protocol"
 key_error		"error"
 key_fsuid		"fsuid"
+key_ouid		"ouid"
 audit			"audit"
 
 /* syslog tokens */
@@ -289,6 +290,7 @@ char *string_buf_ptr = string_buf; /* as
 {key_protocol}		{ return(TOK_KEY_PROTOCOL); }
 {key_error}		{ return(TOK_KEY_ERROR); }
 {key_fsuid}		{ return(TOK_KEY_FSUID); }
+{key_ouid}		{ return(TOK_KEY_OUID); }
 
 {syslog_kernel}		{ BEGIN(dmesg_timestamp); return(TOK_SYSLOG_KERNEL); }
 {syslog_month}		{ yylval->t_str = strdup(yytext); return(TOK_DATE_MONTH); }
--- a/testsuite/test_multi.c
+++ b/testsuite/test_multi.c
@@ -117,6 +117,10 @@ int print_results(aa_log_record *record)
 		{
 			printf("fsuid: %ld\n", record->fsuid);
 		}
+		if (record->ouid != (unsigned long) -1)
+		{
+			printf("ouid: %ld\n", record->ouid);
+		}
 		if (record->profile != NULL)
 		{
 			printf("Profile: %s\n", record->profile);
--- /dev/null
+++ b/testsuite/test_multi/testcase_ouid.in
@@ -0,0 +1 @@
+type=APPARMOR_DENIED msg=audit(1253311255.027:200): operation="open" pid=25588 parent=25587 profile="/home/ubuntu/tmp/aashell" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/home/ubuntu/"
--- /dev/null
+++ b/testsuite/test_multi/testcase_ouid.out
@@ -0,0 +1,15 @@
+START
+File: test_multi/testcase_ouid.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1253311255.027:200
+Operation: open
+Mask: r::
+Denied Mask: r::
+fsuid: 1000
+ouid: 1000
+Profile: /home/ubuntu/tmp/aashell
+Name: /home/ubuntu/
+Parent: 25587
+PID: 25588
+Epoch: 1253311255
+Audit subid: 200