projects / platform / core / security / klay.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 64d55ae)
Add audit trail for remote method call 14/115414/1 accepted/tizen/3.0/common/20170220.130540 accepted/tizen/3.0/ivi/20170220.090248 accepted/tizen/3.0/mobile/20170220.090204 accepted/tizen/3.0/tv/20170220.090217 accepted/tizen/3.0/wearable/20170220.090231 submit/tizen_3.0/20170220.004439
authorJaemin Ryu <jm77.ryu@samsung.com>
Sun, 19 Feb 2017 22:52:39 +0000 (07:52 +0900)
committerJaemin Ryu <jm77.ryu@samsung.com>
Sun, 19 Feb 2017 22:52:39 +0000 (07:52 +0900)
Change-Id: Ideb4f96f55b650e8adb2640355659cd50631f8ef
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
include/klay/rmi/service.h patch | blob | history
src/rmi/service.cpp patch | blob | history
test/rmi.cpp patch | blob | history

diff --git a/include/klay/rmi/service.h b/include/klay/rmi/service.h
index 9db9d28501f8be9693dbf0269bff3a140b9fa0d8..883b63b9fdd3558f07e96e4637098765f7f8c708 100644 (file)
--- a/include/klay/rmi/service.h
+++ b/include/klay/rmi/service.h
@@ -143,6 +143,7 @@ namespace rmi {
 
 typedef std::function<bool(const Connection& connection)> ConnectionCallback;
 typedef std::function<bool(const Credentials& cred, const std::string& privilege)> PrivilegeChecker;
+typedef std::function<void(const Credentials& cred, const std::string& method, int condition)> AuditTrail;
 
 class Service {
 public:
@@ -155,6 +156,7 @@ public:
        void start(bool useGMainloop = false);
        void stop();
 
+       void setAuditTrail(const AuditTrail& trail);
        void setPrivilegeChecker(const PrivilegeChecker& checker);
        void setNewConnectionCallback(const ConnectionCallback& callback);
        void setCloseConnectionCallback(const ConnectionCallback& callback);
@@ -220,7 +222,8 @@ private:
 
        CallbackDispatcher onNewConnection;
        CallbackDispatcher onCloseConnection;
-       PrivilegeChecker onMethodCall;
+       PrivilegeChecker onPrivilegeCheck;
+       AuditTrail onAuditTrail;
 
        MethodRegistry methodRegistry;
        NotificationRegistry notificationRegistry;
diff --git a/src/rmi/service.cpp b/src/rmi/service.cpp
index 8fc2fb9fb10d6930f633c64141b5b72a1b376374..df9d2ffa73a25360667e14f2115b31f57c6faa90 100644 (file)
--- a/src/rmi/service.cpp
+++ b/src/rmi/service.cpp
@@ -34,9 +34,12 @@ Service::Service(const std::string& path) :
        setNewConnectionCallback(nullptr);
        setCloseConnectionCallback(nullptr);
 
-       onMethodCall = [](const Credentials& cred, const std::string& privilege) {
+       onPrivilegeCheck = [](const Credentials& cred, const std::string& privilege) {
                return true;
        };
+
+       onAuditTrail = [](const Credentials& cred, const std::string& name, int condition) {
+       };
 }
 
 Service::~Service()
@@ -72,7 +75,12 @@ Service::ConnectionRegistry::iterator Service::getConnectionIterator(const int i
 
 void Service::setPrivilegeChecker(const PrivilegeChecker& checker)
 {
-       onMethodCall = std::move(checker);
+       onPrivilegeCheck = std::move(checker);
+}
+
+void Service::setAuditTrail(const AuditTrail& trail)
+{
+       onAuditTrail = std::move(trail);
 }
 
 void Service::setNewConnectionCallback(const ConnectionCallback& connectionCallback)
@@ -192,7 +200,9 @@ void Service::onMessageProcess(const std::shared_ptr<Connection>& connection)
                        std::shared_ptr<MethodContext> methodContext = methodRegistry.at(request.target());
 
                        processingContext = ProcessingContext(connection);
-                       if (onMethodCall(processingContext.credentials, methodContext->privilege) != true) {
+                       bool allowed = onPrivilegeCheck(processingContext.credentials, methodContext->privilege);
+                       onAuditTrail(processingContext.credentials, request.target(), allowed);
+                       if (!allowed) {
                                throw runtime::Exception("Permission denied");
                        }
 
diff --git a/test/rmi.cpp b/test/rmi.cpp
index 2b0ed4c178bfc6f5fe4225c3620247b77f334278..ab54fad2f07e33634af9d21df0b40e4ae6a88e8d 100644 (file)
--- a/test/rmi.cpp
+++ b/test/rmi.cpp
@@ -32,8 +32,17 @@
 
 #include <klay/testbench.h>
 
+namespace {
+
 const std::string IPC_TEST_ADDRESS = "/tmp/.dpm-test";
 
+void AuditTrail(const rmi::Credentials& cred, const std::string& method, int condition)
+{
+       std::cout << "AuditTrail pid: " << cred.pid << " method: " << method << std::endl;
+}
+
+};
+
 class TestServer {
 public:
        TestServer()
@@ -51,6 +60,8 @@ public:
                service->expose(this, "", (int)(TestServer::sendSignal)());
                service->expose(this, "", (int)(TestServer::sendPolicyChangeNotification)());
 
+               service->setAuditTrail(AuditTrail);
+
                service->createNotification("TestPolicyChanged");
                service->createNotification("TestSignal");
        }
Domain: Security / Utilities;