#!/usr/bin/perl
use strict;
use warnings;

require LibAppArmor;

my $path_message = 'Jun 22 13:53:48 localhost kernel: [153157.745909] type=1400 audit(1308767024.828:3705): apparmor="DENIED" operation="open" parent=24000 profile="/usr/lib/firefox-5.0/firefox{,*[^s][^h]}" name="/opt/server/photos/100_0243.JPG" pid=24791 comm="plugin-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000';
my $net_message = 'Jun 22 13:53:48 localhost kernel: [153073.826757] type=1400 audit(1308766940.698:3704): apparmor="DENIED" operation="sendmsg" parent=24737 profile="/usr/bin/evince-thumbnailer" pid=24743 comm="evince-thumbnai" laddr=192.168.66.150 lport=765 faddr=192.168.66.200 fport=2049 family="inet" sock_type="stream" protocol=6';

my($test) = LibAppArmorc::parse_record($path_message);
print "== path denial ==\n";
print "Audit ID: " . LibAppArmor::aa_log_record::swig_audit_id_get($test) . "\n";
print "PID: " . LibAppArmor::aa_log_record::swig_pid_get($test) . "\n";
print "Epoch: " . LibAppArmor::aa_log_record::swig_epoch_get($test) . "\n";
print "Operation: " . LibAppArmor::aa_log_record::swig_operation_get($test) . "\n";
print "Denied mask: " . LibAppArmor::aa_log_record::swig_denied_mask_get($test) . "\n";
print "Name: " . LibAppArmor::aa_log_record::swig_name_get($test) . "\n";
LibAppArmorc::free_record($test);

($test) = LibAppArmorc::parse_record($net_message);
print "\n";
print "== net denial ==\n";
print "Audit ID: " . LibAppArmor::aa_log_record::swig_audit_id_get($test) . "\n";
print "PID: " . LibAppArmor::aa_log_record::swig_pid_get($test) . "\n";
print "Epoch: " . LibAppArmor::aa_log_record::swig_epoch_get($test) . "\n";
print "Operation: " . LibAppArmor::aa_log_record::swig_operation_get($test) . "\n";
print "Denied mask: " . LibAppArmor::aa_log_record::swig_denied_mask_get($test) . "\n";

print "Family: " . LibAppArmor::aa_log_record::swig_net_family_get($test) . "\n";
print "Sock: " . LibAppArmor::aa_log_record::swig_net_sock_type_get($test) . "\n";
LibAppArmorc::free_record($test);