Parsing the netlink message header was moved into klay.
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I8eab57a27cb62d9e93d7af3caf597a4946f2402a
#
SET(COMMON_SRCS audit/audit.cpp
audit/audit-rule.cpp
+ audit/audit-user-log.cpp
+ audit/audit-system-log.cpp
+ audit/audit-message-parser.cpp
)
SET(DEPENDENCY klay
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __AUDIT_TRAIL_AUDIT_LOG_BUILDER_H__
+#define __AUDIT_TRAIL_AUDIT_LOG_BUILDER_H__
+
+#include <string>
+
+template <typename T>
+class AuditLogBuilder final {
+public:
+ AuditLogBuilder() :
+ completed(false)
+ {
+ }
+
+ void addMessage(int type, const std::string &log);
+
+ bool isCompleted() const
+ {
+ return completed;
+ }
+
+ T pop();
+
+private:
+ bool completed;
+ T instance;
+};
+
+#endif //!__AUDIT_TRAIL_AUDIT_LOG_BUILDER_H__
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __AUDIT_TRAIL_AUDIT_LOGGER_H__
+#define __AUDIT_TRAIL_AUDIT_LOGGER_H__
+
+#include <string>
+#include <vector>
+#include <algorithm>
+
+#include "audit/audit-log-builder.h"
+
+template <typename T>
+class AuditLogger final {
+public:
+ const std::vector<T> &get() const
+ {
+ return logs;
+ }
+
+ unsigned int size()
+ {
+ return logs.size();
+ }
+
+ void clear()
+ {
+ logs.clear();
+ }
+
+ void setCallback(std::function<void(T&)> cb)
+ {
+ callback = cb;
+ }
+
+ void unsetCallback()
+ {
+ callback = nullptr;
+ }
+
+ void addMessage(int type, const std::string &log)
+ {
+ builder.addMessage(type, log);
+ if (builder.isCompleted()) {
+ logs.push_back(builder.pop());
+ if (callback)
+ callback(logs.back());
+ }
+ }
+
+private:
+ std::vector<T> logs;
+ AuditLogBuilder<T> builder;
+ std::function<void(T&)> callback;
+
+};
+
+#endif //!__AUDIT_TRAIL_AUDIT_LOGGER_H__
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <poll.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <linux/audit.h>
+
+#include <cstring>
+#include <sstream>
+#include <iostream>
+
+#include <klay/error.h>
+#include <klay/exception.h>
+
+#include "audit-message-parser.h"
+
+AuditMessageParser::AuditMessageParser(Audit &audit, runtime::Mainloop &ml) :
+ nl(audit.nl), mainloop(ml)
+{
+ int fd = nl.getFd();
+
+ mainloop.removeEventSource(fd);
+
+ mainloop.addEventSource(nl.getFd(), POLLIN,
+ [this](int fd, runtime::Mainloop::Event event) {
+ parse();
+ });
+}
+
+AuditMessageParser::~AuditMessageParser()
+{
+ mainloop.removeEventSource(nl.getFd());
+}
+
+
+
+void AuditMessageParser::parse()
+{
+ while (1) {
+ try {
+ auto msg = nl.recv(MSG_DONTWAIT);
+
+ int type = msg.first;
+ std::string log(msg.second.begin(), msg.second.end());
+
+ userLogs.addMessage(type, log);
+ systemLogs.addMessage(type, log);
+ } catch (runtime::Exception &e) {
+ break;
+ }
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __AUDIT_TRAIL_AUDIT_MESSAGE_PARSER_H__
+#define __AUDIT_TRAIL_AUDIT_MESSAGE_PARSER_H__
+
+#include <vector>
+
+#include <klay/mainloop.h>
+#include <klay/netlink/netlink.h>
+
+#include "audit/audit.h"
+
+#include "audit/audit-logger.h"
+#include "audit/audit-user-log.h"
+#include "audit/audit-system-log.h"
+
+class AuditMessageParser final {
+public:
+ AuditMessageParser(Audit &audit, runtime::Mainloop &ml);
+ AuditMessageParser(AuditMessageParser&&) = delete;
+ AuditMessageParser(const AuditMessageParser&) = delete;
+ ~AuditMessageParser();
+
+ AuditLogger<AuditUserLog> userLogs;
+ AuditLogger<AuditSystemLog> systemLogs;
+
+private:
+ void parse();
+
+ netlink::Netlink &nl;
+ runtime::Mainloop &mainloop;
+};
+
+#endif //!__AUDIT_TRAIL_AUDIT_MESSAGE_PARSER_H__
template <typename T>
std::vector<Condition<T>> getConditions() const;
- const char *data() const
+ const std::vector<char> &data() const
{
- return buf.data();
+ return buf;
}
- unsigned int size() const
- {
- return buf.size();
- }
private:
std::vector<char> buf;
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <poll.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <linux/audit.h>
+
+#include <cstring>
+#include <sstream>
+#include <iostream>
+
+#include <klay/error.h>
+#include <klay/exception.h>
+
+#include "audit-system-log.h"
+#include "audit-log-builder.h"
+
+namespace {
+
+std::pair<std::string, std::string> getNameValuePair(std::istream &stream)
+{
+ std::string name, value, word;
+
+ if (getline(stream, word, ' ')) {
+ size_t equal = word.find_first_of('=');
+ name = word.substr(0, equal);
+ value = word.substr(equal + 1);
+
+ if (value.front() == '\"') {
+ if (value.back() != '\"') {
+ getline(stream, word, '\"');
+ value += ' ' + word + '\"';
+ }
+ value = value.substr(1, value.size() - 2);
+ } else if (value.front() == '\'') {
+ if (value.back() != '\'') {
+ getline(stream, word, '\'');
+ value += ' ' + word + '\'';
+ }
+ value = value.substr(1, value.size() - 2);
+ }
+ }
+
+ return std::make_pair(name, value);
+}
+
+}// namespace
+
+template <>
+void AuditLogBuilder<AuditSystemLog>::addMessage(int type, const std::string &log)
+{
+ if (type < AUDIT_SYSCALL || type > AUDIT_AVC) {
+ return;
+ }
+
+ switch (type) {
+ case AUDIT_EOE:
+ {
+ std::string word = log.substr(sizeof("audit(") - 1);
+ size_t dot = word.find_first_of('.');
+ instance.time.time = std::stoll(word.substr(0, dot));
+ instance.time.millisec = std::stoi(word.substr(dot + 1, 3));
+
+ completed = true;
+ }
+ break;
+ case AUDIT_SYSCALL:
+ {
+ std::stringstream tok(log);
+ while (!tok.eof()) {
+ auto pair = getNameValuePair(tok);
+ const auto &name = pair.first;
+ const auto &value = pair.second;
+
+ if (name == "syscall") { /* action */
+ instance.action.systemCall = std::stoul(value);
+ } else if (name == "exit") {
+ instance.action.exitCode = std::stoi(value);
+ } else if (name == "a0") {
+ instance.action.args[0] = std::stoul(value, 0, 16);
+ } else if (name == "a1") {
+ instance.action.args[1] = std::stoul(value, 0, 16);
+ } else if (name == "a2") {
+ instance.action.args[2] = std::stoul(value, 0, 16);
+ } else if (name == "a3") {
+ instance.action.args[3] = std::stoul(value, 0, 16);
+ } else if (name == "uid") { /* subject */
+ instance.subject.uid = std::stoul(value);
+ } else if (name == "euid") {
+ instance.subject.euid = std::stoul(value);
+ } else if (name == "gid") {
+ instance.subject.gid = std::stoul(value);
+ } else if (name == "egid") {
+ instance.subject.egid = std::stoul(value);
+ } else if (name == "pid") {
+ instance.subject.pid = std::stoul(value);
+ } else if (name == "exe") {
+ instance.subject.name = value;
+ } else if (name == "subj") {
+ instance.subject.label = value;
+ } else if (name == "key") { /* tag */
+ if (value != "(null)" && instance.tag != "smack") {
+ instance.tag = value;
+ }
+ }
+ }
+ }
+ break;
+ case AUDIT_AVC:
+ {
+ std::stringstream tok(log);
+ while (!tok.eof()) {
+ auto pair = getNameValuePair(tok);
+ const auto &name = pair.first;
+ const auto &value = pair.second;
+
+ if (name == "object") { /* object */
+ instance.object.label = value;
+ } else if (name == "path") {
+ instance.object.name = value;
+ instance.object.type = AuditSystemLog::FileObject;
+ } else if (name == "path") {
+ instance.object.name = value;
+ instance.object.type = AuditSystemLog::FileObject;
+ } else if (name == "inode") {
+ instance.object.inode = std::stoul(value);
+ instance.object.type = AuditSystemLog::FileObject;
+ }
+ }
+ instance.tag = "smack";
+ }
+ break;
+ case AUDIT_PATH:
+ {
+ std::stringstream tok(log);
+ while (!tok.eof()) {
+ auto pair = getNameValuePair(tok);
+ const auto &name = pair.first;
+ const auto &value = pair.second;
+
+ if (name == "name") { /* object */
+ instance.object.name = value;
+ } else if (name == "obj") {
+ instance.object.label = value;
+ } else if (name == "inode") {
+ instance.object.inode = std::stoul(value);
+ } else if (name == "mode") {
+ instance.object.mode = std::stoul(value, 0, 8);
+ } else if (name == "ouid") {
+ instance.subject.uid = std::stoul(value);
+ } else if (name == "ogid") {
+ instance.subject.gid = std::stoul(value);
+ }
+ }
+ instance.object.type = AuditSystemLog::FileObject;
+ }
+ break;
+ case AUDIT_OBJ_PID:
+ {
+ std::stringstream tok(log);
+ while (!tok.eof()) {
+ auto pair = getNameValuePair(tok);
+ const auto &name = pair.first;
+ const auto &value = pair.second;
+
+ if (name == "ocomm") { /* object */
+ instance.object.name = value;
+ } else if (name == "obj") {
+ instance.object.label = value;
+ } else if (name == "opid") {
+ instance.object.inode = std::stoul(value);
+ } else if (name == "ouid") {
+ instance.object.uid = std::stoul(value);
+ }
+ }
+ instance.object.type = AuditSystemLog::ProcessObject;
+ }
+ break;
+ default:
+ break;
+ }
+}
+
+template <>
+AuditSystemLog AuditLogBuilder<AuditSystemLog>::pop()
+{
+ AuditSystemLog result = instance;
+
+ instance = AuditSystemLog();
+ completed = false;
+
+ return result;
+}
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __AUDIT_TRAIL_AUDIT_SYSTEM_LOG_H__
+#define __AUDIT_TRAIL_AUDIT_SYSTEM_LOG_H__
+
+#include <string>
+#include <limits.h>
+
+struct AuditSystemLog final {
+ enum ObjectType {
+ NoObject,
+ ProcessObject,
+ FileObject,
+ };
+
+ std::string tag;
+ struct {
+ time_t time = 0;
+ unsigned short millisec = 0;
+ } time;
+
+ struct {
+ uid_t uid = UINT_MAX, euid = UINT_MAX;
+ gid_t gid = UINT_MAX, egid = UINT_MAX;
+ std::string label;
+ std::string name;
+ pid_t pid = UINT_MAX;
+ } subject;
+
+ struct {
+ int type = NoObject;
+ uid_t uid = UINT_MAX;
+ gid_t gid = UINT_MAX;
+ mode_t mode = UINT_MAX;
+ std::string label;
+ std::string name;
+ pid_t pid = UINT_MAX;
+ ino_t inode = UINT_MAX;
+ } object;
+
+ struct {
+ unsigned int systemCall = 0;
+ unsigned int args[4] = {0,};
+ int exitCode = 0;
+ } action;
+};
+
+#endif //!__AUDIT_TRAIL_AUDIT_SYSTEM_LOG_H__
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <poll.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <linux/audit.h>
+
+#include <cstring>
+#include <sstream>
+
+#include <klay/error.h>
+#include <klay/exception.h>
+
+#include "audit-user-log.h"
+#include "audit-log-builder.h"
+
+namespace {
+
+std::pair<std::string, std::string> getNameValuePair(std::istream &stream)
+{
+ std::string name, value, word;
+
+ if (getline(stream, word, ' ')) {
+ size_t equal = word.find_first_of('=');
+ name = word.substr(0, equal);
+ value = word.substr(equal + 1);
+
+ if (value.front() == '\"') {
+ if (value.back()!= '\"') {
+ getline(stream, word, '\"');
+ value += ' ' + word + '\"';
+ }
+ value = value.substr(1, value.size() - 2);
+ }
+ if (value.front() == '\'') {
+ if (value.back()!= '\'') {
+ getline(stream, word, '\'');
+ value += ' ' + word + '\'';
+ }
+ value = value.substr(1, value.size() - 2);
+ }
+ }
+
+ return std::make_pair(name, value);
+}
+
+}// namespace
+
+template <>
+void AuditLogBuilder<AuditUserLog>::addMessage(int type, const std::string &log)
+{
+ if (!(type >= AUDIT_FIRST_USER_MSG && type <= AUDIT_LAST_USER_MSG) &&
+ !(type >= AUDIT_FIRST_USER_MSG2 && type <= AUDIT_LAST_USER_MSG2)) {
+ return;
+ }
+
+ std::stringstream tok(log);
+ std::string word, msg;
+
+ getline(tok, word, ' ');
+ word = word.substr(sizeof("audit(") - 1);
+ size_t dot = word.find_first_of('.');
+ instance.time.time = std::stoll(word.substr(0, dot));
+ instance.time.millisec = std::stoi(word.substr(dot + 1, 3));
+
+ while (!tok.eof()) {
+ auto pair = getNameValuePair(tok);
+ const auto &name = pair.first;
+ const auto &value = pair.second;
+
+ if (name == "msg") {
+ msg = value;
+ }
+ }
+
+ instance.log.type = type;
+ instance.log.text = msg;
+
+ completed = true;
+}
+
+template <>
+AuditUserLog AuditLogBuilder<AuditUserLog>::pop()
+{
+ AuditUserLog result = instance;
+
+ instance = AuditUserLog();
+ completed = false;
+
+ return result;
+}
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __AUDIT_TRAIL_AUDIT_USER_LOG_H__
+#define __AUDIT_TRAIL_AUDIT_USER_LOG_H__
+
+#include <string>
+
+struct AuditUserLog final {
+ struct {
+ time_t time = 0;
+ unsigned short millisec = 0;
+ } time;
+ struct {
+ int type = 0;
+ std::string text;
+ } log;
+};
+
+#endif //!__AUDIT_TRAIL_AUDIT_USER_LOG_H__
#include "audit.h"
-using namespace std::placeholders;
+namespace {
-Audit::Audit() :
- nl(NETLINK_AUDIT), sequence(0), mainloop(nullptr)
-{
+template <typename T>
+std::vector<T> arrayToVector(T *buf, size_t size) {
+ return std::vector<T>(buf, buf + size);
}
-Audit::Audit(Audit&& audit) :
- nl(std::move(audit.nl)), sequence(audit.sequence), mainloop(audit.mainloop)
+};
+
+Audit::Audit() :
+ nl(NETLINK_AUDIT)
{
}
Audit::~Audit()
{
- if (mainloop != nullptr) {
- mainloop->removeEventSource(nl.getFd());
- }
}
void Audit::setPID(pid_t pid)
s.mask = AUDIT_STATUS_PID;
s.pid = pid;
- send(AUDIT_SET, &s, sizeof(s));
+ nl.send(AUDIT_SET, arrayToVector((char*)&s, sizeof(s)));
+
+ //Remove the log for a PID change
+ nl.recv();
}
void Audit::setEnabled(int enabled)
s.mask = AUDIT_STATUS_ENABLED;
s.enabled = enabled;
- send(AUDIT_SET, &s, sizeof(s));
+ nl.send(AUDIT_SET, arrayToVector((char*)&s, sizeof(s)));
}
int Audit::isEnabled()
{
int ret = 0;
- send(AUDIT_GET, NULL, 0);
+ nl.send(AUDIT_GET, std::vector<char>());
while (1) {
- auto msg = recv();
+ auto msg = nl.recv();
switch (msg.first) {
- case NLMSG_DONE:
- case NLMSG_ERROR:
- throw runtime::Exception("Failed to get audit state");
case AUDIT_GET:
ret = ((struct audit_status*)msg.second.data())->enabled;
break;
{
std::vector<AuditRule> ret;
- send(AUDIT_LIST_RULES, NULL, 0);
+ nl.send(AUDIT_LIST_RULES, std::vector<char>());
while (1) {
- auto msg = recv();
+ auto msg = nl.recv();
switch (msg.first) {
case NLMSG_DONE:
break;
- case NLMSG_ERROR:
- throw runtime::Exception("Failed to get a list of audit rules");
case AUDIT_LIST_RULES:
ret.push_back(msg.second);
default:
void Audit::addRule(const AuditRule& rule)
{
- send(AUDIT_ADD_RULE, rule.data(), rule.size());
+ nl.send(AUDIT_ADD_RULE, rule.data());
}
void Audit::removeRule(const AuditRule& rule)
{
- send(AUDIT_DEL_RULE, rule.data(), rule.size());
-}
-
-void Audit::setMainloop(runtime::Mainloop *ml)
-{
- int fd = nl.getFd();
-
- if (mainloop != nullptr) {
- mainloop->removeEventSource(fd);
- }
-
- mainloop = ml;
- mainloop->addEventSource(fd, POLLIN, std::bind(&Audit::processMessage,
- this, _1, _2));
-}
-
-void Audit::setMessageHandler(MessageHandler&& handler)
-{
- messageHandler = handler;
-}
-
-void Audit::send(int type, const void *data, unsigned int size)
-{
- char buf[NLMSG_SPACE(size)];
- auto *nlh = (struct nlmsghdr *)buf;
-
- ::memset(buf, 0, sizeof(buf));
-
- nlh->nlmsg_len = sizeof(buf);
- nlh->nlmsg_type = type;
- nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
- nlh->nlmsg_seq = ++sequence;
-
- if (sequence == 0) {
- sequence++;
- }
-
- if (size && data) {
- ::memcpy(NLMSG_DATA(buf), data, size);
- }
-
- nl.send(buf, sizeof(buf));
-
- if (recv(MSG_PEEK).first == NLMSG_ERROR) {
- auto reply = recv().second;
- auto err = (struct nlmsgerr*)reply.data();
- if (err->error) {
- throw runtime::Exception("Audit netlink error: " +
- std::to_string(err->error));
- }
- }
-}
-
-Audit::Message Audit::recv(int options)
-{
- struct nlmsghdr nlh;
-
- processMessage(nl.getFd(), POLLIN);
-
- //To get message size
- nl.recv(&nlh, sizeof(nlh), options | MSG_PEEK);
-
- char buf[nlh.nlmsg_len + NLMSG_HDRLEN];
- nl.recv(buf, sizeof(buf), options);
-
- Message msg = {nlh.nlmsg_type, std::vector<char>(nlh.nlmsg_len)};
-
- ::memcpy(msg.second.data(), NLMSG_DATA(buf), msg.second.size());
- return msg;
-}
-
-void Audit::processMessage(int fd, runtime::Mainloop::Event event)
-{
- struct nlmsghdr nlh;
-
- nl.recv(&nlh, sizeof(nlh), MSG_PEEK);
-
- while (nlh.nlmsg_seq == 0) {
- char buf[nlh.nlmsg_len + NLMSG_HDRLEN];
- nl.recv(buf, sizeof(buf));
-
- Message msg = {nlh.nlmsg_type, std::vector<char>(nlh.nlmsg_len)};
-
- ::memcpy(msg.second.data(), NLMSG_DATA(buf), msg.second.size());
- if (messageHandler) {
- messageHandler(msg);
- }
-
- try {
- nl.recv(&nlh, sizeof(nlh), MSG_PEEK | MSG_DONTWAIT);
- } catch (runtime::Exception &e) {
- break;
- }
- }
+ nl.send(AUDIT_DEL_RULE, rule.data());
}
#ifndef __AUDIT_TRAIL_AUDIT_H__
#define __AUDIT_TRAIL_AUDIT_H__
-#include <list>
#include <vector>
-#include <linux/audit.h>
-
-#include <klay/mainloop.h>
#include <klay/netlink/netlink.h>
#include "audit/audit-rule.h"
class Audit final {
public:
typedef std::pair<int, std::vector<char>> Message;
- typedef std::function<void(Message&)> MessageHandler;
Audit();
- Audit(Audit&&);
+ Audit(Audit&&) = delete;
Audit(const Audit&) = delete;
~Audit();
- Audit& operator=(const Audit&) = delete;
-
void setPID(pid_t pid);
void setEnabled(int enabled);
int isEnabled();
void addRule(const AuditRule& rule);
void removeRule(const AuditRule& rule);
- void setMainloop(runtime::Mainloop *ml);
- void setMessageHandler(MessageHandler&& handler);
+ int getFd()
+ {
+ return nl.getFd();
+ }
private:
- void send(int type, const void *data, unsigned int size);
- Message recv(int options = 0);
-
- void processMessage(int fd, runtime::Mainloop::Event event);
-
netlink::Netlink nl;
- unsigned int sequence = 0;
- runtime::Mainloop *mainloop;
- MessageHandler messageHandler;
+
+ friend class AuditMessageParser;
};
+
#endif //!__AUDIT_TRAIL_AUDIT_H__
SET(SOURCES client.cpp
rule-management.cpp
audit-trail/audit-trail.cpp
- audit-trail/rule-management.cpp
+ audit-trail/rule.cpp
)
SET(CAPI_INCLUDE_FILES audit-trail/audit-trail.h
- audit-trail/rule-management.h
+ audit-trail/rule.h
)
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-#include <cstring>
-
-#include "debug.h"
-#include "rule-management.h"
-
-#include "client.h"
-#include "audit/audit-rule.h"
-#include "rmi/rule-management.h"
-
-using namespace AuditTrail;
-
-static inline AuditRule& GetAuditRule(void* handle)
-{
- return *reinterpret_cast<AuditRule*>(handle);
-}
-
-int audit_rule_create(audit_rule_h* handle)
-{
- RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
- *handle = reinterpret_cast<audit_rule_h>(new AuditRule());
-
- return AUDIT_TRAIL_ERROR_NONE;
-}
-
-int audit_rule_destroy(audit_rule_h handle)
-{
- RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
-
- delete &GetAuditRule(handle);
-
- return AUDIT_TRAIL_ERROR_NONE;
-}
-
-int audit_rule_add_systemcall(audit_rule_h handle, unsigned int syscall)
-{
- RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
-
- GetAuditRule(handle).addSystemcall(syscall);
-
- return AUDIT_TRAIL_ERROR_NONE;
-}
-
-int audit_rule_remove_systemcall(audit_rule_h handle, unsigned int syscall)
-{
- RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
-
- GetAuditRule(handle).removeSystemcall(syscall);
-
- return AUDIT_TRAIL_ERROR_NONE;
-}
-
-int audit_rule_add_all_systemcalls(audit_rule_h handle)
-{
- RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
-
- GetAuditRule(handle).addAllSystemcalls();
-
- return AUDIT_TRAIL_ERROR_NONE;
-}
-
-int audit_rule_remove_all_systemcall(audit_rule_h handle)
-{
- RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
-
- GetAuditRule(handle).removeAllSystemcalls();
-
- return AUDIT_TRAIL_ERROR_NONE;
-}
-
-int audit_rule_add_condition(audit_rule_h handle, unsigned int field,
- unsigned int op, void *value)
-{
- RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
-
- try {
- GetAuditRule(handle).addCondition({field, op, (int)(intptr_t)value});
- return AUDIT_TRAIL_ERROR_NONE;
- } catch (std::exception &e) {}
-
- try {
- GetAuditRule(handle).addCondition({field, op, (char *)value});
- return AUDIT_TRAIL_ERROR_NONE;
- } catch (std::exception &e) {}
-
- return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
-}
-
-int audit_rule_remove_condition(audit_rule_h handle, unsigned int field,
- unsigned int op, void *value)
-{
- RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
-
- try {
- GetAuditRule(handle).addCondition({field, op, (int)(intptr_t)value});
- return AUDIT_TRAIL_ERROR_NONE;
- } catch (std::exception &e) {}
-
- try {
- GetAuditRule(handle).addCondition({field, op, (char *)value});
- return AUDIT_TRAIL_ERROR_NONE;
- } catch (std::exception &e) {}
-
- return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
-}
-
-int audit_rule_foreach_systemcall(audit_rule_h handle,
- audit_rule_systemcall_cb callback,
- void *user_data)
-{
- RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
- RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
-
- auto syscalls = GetAuditRule(handle).getSystemcalls();
- for (auto syscall : syscalls) {
- callback(syscall, user_data);
- }
-
- return AUDIT_TRAIL_ERROR_NONE;
-}
-
-int audit_rule_foreach_condition(audit_rule_h handle,
- audit_rule_condition_cb callback,
- void *user_data)
-{
- RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
- RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
-
- auto intConds = GetAuditRule(handle).getConditions<int>();
- auto strConds = GetAuditRule(handle).getConditions<std::string>();
-
- for (auto cond : intConds) {
- callback(cond.getField(), cond.getOperator(),
- (void*)(intptr_t)cond.getValue(), user_data);
- }
-
- for (auto cond : strConds) {
- callback(cond.getField(), cond.getOperator(),
- (void*)cond.getValue().c_str(), user_data);
- }
-
- return AUDIT_TRAIL_ERROR_NONE;
-}
-
-int audit_add_rule(audit_trail_h handle, audit_rule_h rule)
-{
- RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
- RET_ON_FAILURE(rule, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
-
- AuditTrailContext &client = GetAuditTrailContext(handle);
- auto manager = client.createInterface<RuleManagement>();
- auto r = GetAuditRule(rule);
-
- manager.addRule(std::vector<char>(r.data(), r.data() + r.size()));
-
- return AUDIT_TRAIL_ERROR_NONE;
-}
-
-int audit_remove_rule(audit_trail_h handle, audit_rule_h rule)
-{
- RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
- RET_ON_FAILURE(rule, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
-
- AuditTrailContext &client = GetAuditTrailContext(handle);
- auto manager = client.createInterface<RuleManagement>();
- auto r = GetAuditRule(rule);
-
- manager.removeRule(std::vector<char>(r.data(), r.data() + r.size()));
-
- return AUDIT_TRAIL_ERROR_NONE;
-}
-
-int audit_foreach_rule(audit_trail_h handle,
- audit_rule_cb callback, void *user_data)
-{
- RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
- RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
-
- AuditTrailContext &client = GetAuditTrailContext(handle);
- auto manager = client.createInterface<RuleManagement>();
- auto rulesData = manager.getRules();
-
- for (auto data : rulesData) {
- callback(reinterpret_cast<audit_rule_h>(new AuditRule(data)),
- user_data);
- }
-
- return AUDIT_TRAIL_ERROR_NONE;
-}
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-#ifndef __CAPI_AUDIT_TRAIL_RULE_MANAGEMENT_H__
-#define __CAPI_AUDIT_TRAIL_RULE_MANAGEMENT_H__
-
-#include <audit-trail/audit-trail.h>
-
-/**
- * @file user.h
- * @brief This file provides APIs to manage audit rules
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * @addtogroup Rule-management
- * @{
- */
-
-/**
- * @brief The audit rule handle
- * @details The audit rule handle is an abstraction of the audit rule.
- * The audit rule handle must be created by using
- * audit_rule_create() before attempting to use almost any of
- * audit rule related APIs, and it should be freed when the audit
- * rule is no longer required.
- * To release the handle, use audit_rule_destroy().
- * @since_tizen 5.0
- * @see audit_rule_create()
- * @see audit_rule_destroy()
- */
-typedef void* audit_rule_h;
-
-/**
- * @brief Creates the audit rule handle.
- * @details This API creates audit rule handle required by the audit rule
- * related APIs.
- * This API is also used to verify whether caller is authorized
- * or not.
- * @since_tizen 5.0
- * @param[out] handle The audit rule handle
- * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
- * @retval #AUDIT_TRAIL_ERROR_NONE Successful
- * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
- * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
- * @see audit_rule_destroy()
- */
-AUDIT_TRAIL_API int audit_rule_create(audit_rule_h *handle);
-
-/**
- * @brief Releases the audit rule handle.
- * @details This API must be called if operations of the audit rule is
- * no longer required.
- * @since_tizen 5.0
- * @param[in] handle The audit rule handle
- * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
- * @retval #AUDIT_TRAIL_ERROR_NONE Successful
- * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
- * @pre The handle must be created by audit_rule_create()
- * @see audit_rule_create()
- */
-AUDIT_TRAIL_API int audit_rule_destroy(audit_rule_h handle);
-
-/**
- * @brief Add a system call to be monitored.
- * @details This API sets a system call to be monitored on the audit rule.
- * Parameter requires a system call number, which is defined in
- * asm/unistd.h typically.
- * @since_tizen 5.0
- * @param[in] handle The audit rule handle
- * @param[in] syscall The system call number
- * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
- * @retval #AUDIT_TRAIL_ERROR_NONE Successful
- * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
- * @pre The handle must be created by audit_rule_create()
- * @see audit_rule_create()
- * @see audit_rule_remove_systemcall()
- * @see audit_rule_add_all_systemcalls()
- * @see audit_rule_remove_all_systemcalls()
- */
-AUDIT_TRAIL_API int audit_rule_add_systemcall(audit_rule_h handle,
- unsigned int syscall);
-
-/**
- * @brief Remove a system call to be monitored.
- * @details This API sets a system call not to be monitored anymore
- * on the audit rule.
- * Parameter requires a system call number, which is
- * defined in asm/unistd.h typically.
- * @since_tizen 5.0
- * @param[in] handle The audit rule handle
- * @param[in] syscall The system call number
- * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
- * @retval #AUDIT_TRAIL_ERROR_NONE Successful
- * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
- * @pre The handle must be created by audit_rule_create()
- * @see audit_rule_create()
- * @see audit_rule_add_systemcall()
- * @see audit_rule_add_all_systemcalls()
- * @see audit_rule_remove_all_systemcalls()
- */
-AUDIT_TRAIL_API int audit_rule_remove_systemcall(audit_rule_h handle,
- unsigned int syscall);
-
-/**
- * @brief Add all system calls to be monitored.
- * @details This API sets all system calls to be monitored on the audit
- * rule.
- * @since_tizen 5.0
- * @param[in] handle The audit rule handle
- * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
- * @retval #AUDIT_TRAIL_ERROR_NONE Successful
- * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
- * @pre The handle must be created by audit_rule_create()
- * @see audit_rule_create()
- * @see audit_rule_add_systemcall()
- * @see audit_rule_remove_systemcall()
- * @see audit_rule_remove_all_systemcallis()
- */
-AUDIT_TRAIL_API int audit_rule_add_all_systemcalls(audit_rule_h handle);
-
-/**
- * @brief Remove all system calls to be monitored.
- * @details This API sets all system calls not to be monitored anymore
- * on the audit rule.
- * @since_tizen 5.0
- * @param[in] handle The audit rule handle
- * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
- * @retval #AUDIT_TRAIL_ERROR_NONE Successful
- * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
- * @pre The handle must be created by audit_rule_create()
- * @see audit_rule_create()
- * @see audit_rule_add_systemcall()
- * @see audit_rule_remove_systemcall()
- * @see audit_rule_add_all_systemcallis()
- */
-AUDIT_TRAIL_API int audit_rule_remove_all_systemcalls(audit_rule_h handle);
-
-/**
- * @brief Called to get system call numbers in an array
- * @since_tizen 5.0
- * @param[in] syscall The system call number
- * @param[in] user_data The user data passed from the function
- * @see audit_rule_foreach_systemcall
- */
-typedef void (*audit_rule_systemcall_cb)(unsigned int syscall, void* user_data);
-
-/**
- * @brief Retrieves all added system call nummbers in the audit rule.
- * @details This API calls audit_rule_systemcall_cb() once for each added
- * system calls in the audit rule.
- * @since_tizen 5.0
- * @param[in] handle The audit rule handle
- * @param[in] callback The iteration callback function
- * @param[in] user_data The user data passed to the callback function
- * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
- * @retval #AUDIT_TRAIL_ERROR_NONE Successful
- * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
- * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
- * @pre The handle must be created by audit_trail_create().
- * @see audit_rule_create()
- * @see audit_rule_add_syscall()
- * @see audit_rule_add_all_syscall()
- */
-AUDIT_TRAIL_API int audit_rule_foreach_systemcall(audit_rule_h handle,
- audit_rule_systemcall_cb callback, void *user_data);
-
-
-/**
- * @brief Add a condition to be monitored.
- * @details This API sets a condition to be monitored on the audit rule.
- * A condition consists of 3 parameters: field, operator, value.
- * Both fields and operators are defined in linux/audit.h.
- * Value type should be different regarding to field.
- * But the most used type is integer type.
- * @since_tizen 5.0
- * @param[in] handle The audit rule handle
- * @param[in] field The field number
- * @param[in] op The operator number
- * @param[in] value The value
- * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
- * @retval #AUDIT_TRAIL_ERROR_NONE Successful
- * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
- * @pre The handle must be created by audit_rule_create()
- * @see audit_rule_create()
- * @see audit_rule_remove_condition()
- */
-AUDIT_TRAIL_API int audit_rule_add_condition(audit_rule_h handle,
- unsigned int field,
- unsigned int op,
- void *value);
-
-/**
- * @brief Remove a condition to be monitored.
- * @details This API sets a condition not to be monitored anymore
- * on the audit rule.
- * A condition consists of 3 parameters: field, operator, value.
- * Both fields and operators are defined in linux/audit.h.
- * Value type should be different regarding to field.
- * But the most used type is integer type.
- * @since_tizen 5.0
- * @param[in] handle The audit rule handle
- * @param[in] field The field number
- * @param[in] op The operator number
- * @param[in] value The value
- * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
- * @retval #AUDIT_TRAIL_ERROR_NONE Successful
- * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
- * @pre The handle must be created by audit_rule_create()
- * @see audit_rule_create()
- * @see audit_rule_add_condition()
- */
-AUDIT_TRAIL_API int audit_rule_remove_condition(audit_rule_h handle,
- unsigned int field,
- unsigned int op,
- void *value);
-
-/**
- * @brief Called to get a audit rule condition in an array
- * A condition consists of 3 parameters: field, operator, value.
- * Both fields and operators are defined in linux/audit.h.
- * Value type should be different regarding to field.
- * But the most used type is integer type.
- * @since_tizen 5.0
- * @param[in] field The field number
- * @param[in] op The operator number
- * @param[in] value The value
- * @param[in] user_data The user data passed from the function
- * @see audit_rule_foreach_condition
- */
-typedef void (*audit_rule_condition_cb)(unsigned int field, unsigned int op,
- const void* value, void* user_data);
-
-/**
- * @brief Retrieves all added conditions in the audit rule.
- * @details This API calls audit_rule_condition_cb() once for each added
- * conditions in the audit rule.
- * @since_tizen 5.0
- * @param[in] handle The audit rule handle
- * @param[in] callback The iteration callback function
- * @param[in] user_data The user data passed to the callback function
- * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
- * @retval #AUDIT_TRAIL_ERROR_NONE Successful
- * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
- * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
- * @pre The handle must be created by audit_trail_create().
- * @see audit_rule_create()
- * @see audit_rule_add_condition()
- */
-AUDIT_TRAIL_API int audit_rule_foreach_condition(audit_rule_h handle,
- audit_rule_condition_cb callback, void *user_data);
-
-/**
- * @brief Add a audit rule to apply to collect the audit logs.
- * @details This API applie a audit rule to collect the audit logs.
- * The audit rules not wanted to be applied have to be removed by
- * audit_remove_rule().
- * @since_tizen 5.0
- * @param[in] handle The audit handle
- * @param[in] rule The audit rule handle
- * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
- * @retval #AUDIT_TRAIL_ERROR_NONE Successful
- * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
- * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
- * @pre The handle must be created by audit_trail_create().
- * @pre The rule must be created by audit_rule_create().
- * @see audit_trail_create()
- * @see audit_rule_create()
- * @see audit_remove_rule()
- */
-AUDIT_TRAIL_API int audit_add_rule(audit_trail_h handle, audit_rule_h rule);
-
-/**
- * @brief Remove a audit rule not to be used to collect the audit logs.
- * @details This API removes a audit rule not wanted anymore to be applied.
- * If there is no added rule to match, This API will be ignored.
- * @since_tizen 5.0
- * @param[in] handle The audit handle
- * @param[in] rule The audit rule handle
- * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
- * @retval #AUDIT_TRAIL_ERROR_NONE Successful
- * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
- * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
- * @pre The handle must be created by audit_trail_create().
- * @pre The rule must be created by audit_rule_create().
- * @see audit_trail_create()
- * @see audit_rule_create()
- * @see audit_add_rule()
- */
-AUDIT_TRAIL_API int audit_remove_rule(audit_trail_h handle, audit_rule_h rule);
-
-/**
- * @brief Called to get a audit rules an array
- * This function is called with audit rule handles, which can be
- * used to get system calls to be monitored by the rule and severa;
- * conditions. and also it must not be freed by
- * audit_rule_destroy().
- * @since_tizen 5.0
- * @param[in] rule The audit rule handle
- * @param[in] user_data The user data passed from the function
- * @see audit_foreach_rule
- * @see audit_rule_foreach_systemcall
- * @see audit_rule_foreach_condition
- */
-typedef void (*audit_rule_cb)(audit_rule_h rule, void* user_data);
-
-/**
- * @brief Retrieves all added audit ruless in this device.
- * @details This API calls audit_rule_cb() once for each added audit rules
- * in this system
- * @since_tizen 5.0
- * @param[in] handle The audit handle
- * @param[in] callback The iteration callback function
- * @param[in] user_data The user data passed to the callback function
- * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
- * @retval #AUDIT_TRAIL_ERROR_NONE Successful
- * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
- * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
- * @pre The handle must be created by audit_trail_create().
- * @see audit_rule_add_condition()
- * @see audit_rule_remove_condition()
- * @see audit_rule_cb()
- */
-AUDIT_TRAIL_API int audit_foreach_rule(audit_trail_h handle,
- audit_rule_cb callback, void *user_data);
-/**
- * @}
- */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __CAPI_AUDIT_TRAIL_RULE_MANAGEMENT_H__ */
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <cstring>
+
+#include "debug.h"
+#include "rule.h"
+
+#include "client.h"
+#include "audit/audit-rule.h"
+
+#include "rmi/rule-management.h"
+
+using namespace AuditTrail;
+
+static inline AuditRule& GetAuditRule(void* handle)
+{
+ return *reinterpret_cast<AuditRule*>(handle);
+}
+
+int audit_rule_create(audit_rule_h* handle)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ *handle = reinterpret_cast<audit_rule_h>(new AuditRule());
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_rule_destroy(audit_rule_h handle)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ delete &GetAuditRule(handle);
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_rule_add_systemcall(audit_rule_h handle, unsigned int syscall)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ GetAuditRule(handle).addSystemcall(syscall);
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_rule_remove_systemcall(audit_rule_h handle, unsigned int syscall)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ GetAuditRule(handle).removeSystemcall(syscall);
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_rule_add_all_systemcalls(audit_rule_h handle)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ GetAuditRule(handle).addAllSystemcalls();
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_rule_remove_all_systemcall(audit_rule_h handle)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ GetAuditRule(handle).removeAllSystemcalls();
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_rule_add_condition(audit_rule_h handle, unsigned int field,
+ unsigned int op, void *value)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ try {
+ GetAuditRule(handle).addCondition({field, op, (int)(intptr_t)value});
+ return AUDIT_TRAIL_ERROR_NONE;
+ } catch (std::exception &e) {}
+
+ try {
+ GetAuditRule(handle).addCondition({field, op, (char *)value});
+ return AUDIT_TRAIL_ERROR_NONE;
+ } catch (std::exception &e) {}
+
+ return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
+}
+
+int audit_rule_remove_condition(audit_rule_h handle, unsigned int field,
+ unsigned int op, void *value)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ try {
+ GetAuditRule(handle).addCondition({field, op, (int)(intptr_t)value});
+ return AUDIT_TRAIL_ERROR_NONE;
+ } catch (std::exception &e) {}
+
+ try {
+ GetAuditRule(handle).addCondition({field, op, (char *)value});
+ return AUDIT_TRAIL_ERROR_NONE;
+ } catch (std::exception &e) {}
+
+ return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
+}
+
+int audit_rule_foreach_systemcall(audit_rule_h handle,
+ audit_rule_systemcall_cb callback,
+ void *user_data)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ auto syscalls = GetAuditRule(handle).getSystemcalls();
+ for (auto syscall : syscalls) {
+ callback(syscall, user_data);
+ }
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_rule_foreach_condition(audit_rule_h handle,
+ audit_rule_condition_cb callback,
+ void *user_data)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ auto intConds = GetAuditRule(handle).getConditions<int>();
+ auto strConds = GetAuditRule(handle).getConditions<std::string>();
+
+ for (auto cond : intConds) {
+ callback(cond.getField(), cond.getOperator(),
+ (void*)(intptr_t)cond.getValue(), user_data);
+ }
+
+ for (auto cond : strConds) {
+ callback(cond.getField(), cond.getOperator(),
+ (void*)cond.getValue().c_str(), user_data);
+ }
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_add_rule(audit_trail_h handle, audit_rule_h rule)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(rule, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &client = GetAuditTrailContext(handle);
+ auto manager = client.createInterface<RuleManagement>();
+ auto r = GetAuditRule(rule);
+
+ manager.addRule(r.data());
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_remove_rule(audit_trail_h handle, audit_rule_h rule)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(rule, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &client = GetAuditTrailContext(handle);
+ auto manager = client.createInterface<RuleManagement>();
+ auto r = GetAuditRule(rule);
+
+ manager.removeRule(r.data());
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_foreach_rule(audit_trail_h handle,
+ audit_rule_cb callback, void *user_data)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &client = GetAuditTrailContext(handle);
+ auto manager = client.createInterface<RuleManagement>();
+ auto rulesData = manager.getRules();
+
+ for (auto data : rulesData) {
+ callback(reinterpret_cast<audit_rule_h>(new AuditRule(data)),
+ user_data);
+ }
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __CAPI_AUDIT_TRAIL_RULE_H__
+#define __CAPI_AUDIT_TRAIL_RULE_H__
+
+#include <audit-trail/audit-trail.h>
+
+/**
+ * @file user.h
+ * @brief This file provides APIs to manage audit rules
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @addtogroup Rule-management
+ * @{
+ */
+
+/**
+ * @brief The audit rule handle
+ * @details The audit rule handle is an abstraction of the audit rule.
+ * The audit rule handle must be created by using
+ * audit_rule_create() before attempting to use almost any of
+ * audit rule related APIs, and it should be freed when the audit
+ * rule is no longer required.
+ * To release the handle, use audit_rule_destroy().
+ * @since_tizen 5.0
+ * @see audit_rule_create()
+ * @see audit_rule_destroy()
+ */
+typedef void* audit_rule_h;
+
+/**
+ * @brief Creates the audit rule handle.
+ * @details This API creates audit rule handle required by the audit rule
+ * related APIs.
+ * This API is also used to verify whether caller is authorized
+ * or not.
+ * @since_tizen 5.0
+ * @param[out] handle The audit rule handle
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @see audit_rule_destroy()
+ */
+AUDIT_TRAIL_API int audit_rule_create(audit_rule_h *handle);
+
+/**
+ * @brief Releases the audit rule handle.
+ * @details This API must be called if operations of the audit rule is
+ * no longer required.
+ * @since_tizen 5.0
+ * @param[in] handle The audit rule handle
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_rule_create()
+ * @see audit_rule_create()
+ */
+AUDIT_TRAIL_API int audit_rule_destroy(audit_rule_h handle);
+
+/**
+ * @brief Add a system call to be monitored.
+ * @details This API sets a system call to be monitored on the audit rule.
+ * Parameter requires a system call number, which is defined in
+ * asm/unistd.h typically.
+ * @since_tizen 5.0
+ * @param[in] handle The audit rule handle
+ * @param[in] syscall The system call number
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_rule_create()
+ * @see audit_rule_create()
+ * @see audit_rule_remove_systemcall()
+ * @see audit_rule_add_all_systemcalls()
+ * @see audit_rule_remove_all_systemcalls()
+ */
+AUDIT_TRAIL_API int audit_rule_add_systemcall(audit_rule_h handle,
+ unsigned int syscall);
+
+/**
+ * @brief Remove a system call to be monitored.
+ * @details This API sets a system call not to be monitored anymore
+ * on the audit rule.
+ * Parameter requires a system call number, which is
+ * defined in asm/unistd.h typically.
+ * @since_tizen 5.0
+ * @param[in] handle The audit rule handle
+ * @param[in] syscall The system call number
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_rule_create()
+ * @see audit_rule_create()
+ * @see audit_rule_add_systemcall()
+ * @see audit_rule_add_all_systemcalls()
+ * @see audit_rule_remove_all_systemcalls()
+ */
+AUDIT_TRAIL_API int audit_rule_remove_systemcall(audit_rule_h handle,
+ unsigned int syscall);
+
+/**
+ * @brief Add all system calls to be monitored.
+ * @details This API sets all system calls to be monitored on the audit
+ * rule.
+ * @since_tizen 5.0
+ * @param[in] handle The audit rule handle
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_rule_create()
+ * @see audit_rule_create()
+ * @see audit_rule_add_systemcall()
+ * @see audit_rule_remove_systemcall()
+ * @see audit_rule_remove_all_systemcallis()
+ */
+AUDIT_TRAIL_API int audit_rule_add_all_systemcalls(audit_rule_h handle);
+
+/**
+ * @brief Remove all system calls to be monitored.
+ * @details This API sets all system calls not to be monitored anymore
+ * on the audit rule.
+ * @since_tizen 5.0
+ * @param[in] handle The audit rule handle
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_rule_create()
+ * @see audit_rule_create()
+ * @see audit_rule_add_systemcall()
+ * @see audit_rule_remove_systemcall()
+ * @see audit_rule_add_all_systemcallis()
+ */
+AUDIT_TRAIL_API int audit_rule_remove_all_systemcalls(audit_rule_h handle);
+
+/**
+ * @brief Called to get system call numbers in an array
+ * @since_tizen 5.0
+ * @param[in] syscall The system call number
+ * @param[in] user_data The user data passed from the function
+ * @see audit_rule_foreach_systemcall
+ */
+typedef void (*audit_rule_systemcall_cb)(unsigned int syscall, void* user_data);
+
+/**
+ * @brief Retrieves all added system call nummbers in the audit rule.
+ * @details This API calls audit_rule_systemcall_cb() once for each added
+ * system calls in the audit rule.
+ * @since_tizen 5.0
+ * @param[in] handle The audit rule handle
+ * @param[in] callback The iteration callback function
+ * @param[in] user_data The user data passed to the callback function
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_rule_create()
+ * @see audit_rule_add_syscall()
+ * @see audit_rule_add_all_syscall()
+ */
+AUDIT_TRAIL_API int audit_rule_foreach_systemcall(audit_rule_h handle,
+ audit_rule_systemcall_cb callback, void *user_data);
+
+
+/**
+ * @brief Add a condition to be monitored.
+ * @details This API sets a condition to be monitored on the audit rule.
+ * A condition consists of 3 parameters: field, operator, value.
+ * Both fields and operators are defined in linux/audit.h.
+ * Value type should be different regarding to field.
+ * But the most used type is integer type.
+ * @since_tizen 5.0
+ * @param[in] handle The audit rule handle
+ * @param[in] field The field number
+ * @param[in] op The operator number
+ * @param[in] value The value
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_rule_create()
+ * @see audit_rule_create()
+ * @see audit_rule_remove_condition()
+ */
+AUDIT_TRAIL_API int audit_rule_add_condition(audit_rule_h handle,
+ unsigned int field,
+ unsigned int op,
+ void *value);
+
+/**
+ * @brief Remove a condition to be monitored.
+ * @details This API sets a condition not to be monitored anymore
+ * on the audit rule.
+ * A condition consists of 3 parameters: field, operator, value.
+ * Both fields and operators are defined in linux/audit.h.
+ * Value type should be different regarding to field.
+ * But the most used type is integer type.
+ * @since_tizen 5.0
+ * @param[in] handle The audit rule handle
+ * @param[in] field The field number
+ * @param[in] op The operator number
+ * @param[in] value The value
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_rule_create()
+ * @see audit_rule_create()
+ * @see audit_rule_add_condition()
+ */
+AUDIT_TRAIL_API int audit_rule_remove_condition(audit_rule_h handle,
+ unsigned int field,
+ unsigned int op,
+ void *value);
+
+/**
+ * @brief Called to get a audit rule condition in an array
+ * A condition consists of 3 parameters: field, operator, value.
+ * Both fields and operators are defined in linux/audit.h.
+ * Value type should be different regarding to field.
+ * But the most used type is integer type.
+ * @since_tizen 5.0
+ * @param[in] field The field number
+ * @param[in] op The operator number
+ * @param[in] value The value
+ * @param[in] user_data The user data passed from the function
+ * @see audit_rule_foreach_condition
+ */
+typedef void (*audit_rule_condition_cb)(unsigned int field, unsigned int op,
+ const void* value, void* user_data);
+
+/**
+ * @brief Retrieves all added conditions in the audit rule.
+ * @details This API calls audit_rule_condition_cb() once for each added
+ * conditions in the audit rule.
+ * @since_tizen 5.0
+ * @param[in] handle The audit rule handle
+ * @param[in] callback The iteration callback function
+ * @param[in] user_data The user data passed to the callback function
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_rule_create()
+ * @see audit_rule_add_condition()
+ */
+AUDIT_TRAIL_API int audit_rule_foreach_condition(audit_rule_h handle,
+ audit_rule_condition_cb callback, void *user_data);
+
+/**
+ * @brief Add a audit rule to apply to collect the audit logs.
+ * @details This API applie a audit rule to collect the audit logs.
+ * The audit rules not wanted to be applied have to be removed by
+ * audit_remove_rule().
+ * @since_tizen 5.0
+ * @param[in] handle The audit handle
+ * @param[in] rule The audit rule handle
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @pre The rule must be created by audit_rule_create().
+ * @see audit_trail_create()
+ * @see audit_rule_create()
+ * @see audit_trail_remove_rule()
+ */
+AUDIT_TRAIL_API int audit_trail_add_rule(audit_trail_h handle,
+ audit_rule_h rule);
+
+/**
+ * @brief Remove a audit rule not to be used to collect the audit logs.
+ * @details This API removes a audit rule not wanted anymore to be applied.
+ * If there is no added rule to match, This API will be ignored.
+ * @since_tizen 5.0
+ * @param[in] handle The audit handle
+ * @param[in] rule The audit rule handle
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @pre The rule must be created by audit_rule_create().
+ * @see audit_trail_create()
+ * @see audit_rule_create()
+ * @see audit_trail_add_rule()
+ */
+AUDIT_TRAIL_API int audit_trail_remove_rule(audit_trail_h handle,
+ audit_rule_h rule);
+
+/**
+ * @brief Called to get a audit rules an array
+ * This function is called with audit rule handles, which can be
+ * used to get system calls to be monitored by the rule and severa;
+ * conditions. and also it must not be freed by
+ * audit_rule_destroy().
+ * @since_tizen 5.0
+ * @param[in] rule The audit rule handle
+ * @param[in] user_data The user data passed from the function
+ * @see audit_trail_foreach_rule
+ */
+typedef void (*audit_rule_cb)(audit_rule_h rule, void* user_data);
+
+/**
+ * @brief Retrieves all added audit ruless in this device.
+ * @details This API calls audit_rule_cb() once for each added audit rules
+ * in this system
+ * @since_tizen 5.0
+ * @param[in] handle The audit handle
+ * @param[in] callback The iteration callback function
+ * @param[in] user_data The user data passed to the callback function
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_add_rule()
+ * @see audit_trail_remove_rule()
+ * @see audit_rule_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_foreach_rule(audit_trail_h handle,
+ audit_rule_cb callback, void *user_data);
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __CAPI_AUDIT_TRAIL_RULE_H__ */
int RuleManagement::addRule(std::vector<char> data)
{
- context.addAuditRule(AuditRule(data));
+ context.getAudit().addRule(AuditRule(data));
return 0;
}
int RuleManagement::removeRule(std::vector<char> data)
{
- context.removeAuditRule(AuditRule(data));
+ context.getAudit().removeRule(AuditRule(data));
return 0;
}
std::vector<std::vector<char>> RuleManagement::getRules()
{
std::vector<std::vector<char>> ret;
- auto rules = context.getAuditRules();
+ auto rules = context.getAudit().getRules();
for (const auto& rule : rules) {
- ret.push_back({rule.data(), rule.data() + rule.size()});
+ ret.push_back(rule.data());
}
return ret;
#include <cynara-client.h>
#include <cynara-session.h>
+#include "rmi/rule-management.h"
+
#include "server.h"
using namespace std::placeholders;
namespace {
-const std::string AUDIT_RAIL_MANAGER_ADDRESS = "/tmp/.audit-trail.sock";
+const std::string AUDIT_TRAIL_MANAGER_ADDRESS = "/tmp/.audit-trail.sock";
+
+std::unique_ptr<AuditTrail::RuleManagement> rule;
} // namespace
Server::Server()
{
- service.reset(new rmi::Service(AUDIT_RAIL_MANAGER_ADDRESS));
+ service.reset(new rmi::Service(AUDIT_TRAIL_MANAGER_ADDRESS));
service->setPrivilegeChecker(std::bind(&Server::checkPeerPrivilege, this, _1, _2));
service->expose(this, "", (runtime::FileDescriptor)(Server::registerNotificationSubscriber)(std::string));
service->expose(this, "", (int)(Server::unregisterNotificationSubscriber)(std::string, int));
- audit.setPID(::getpid());
- audit.setEnabled(1);
- audit.setMainloop(&service->mainloop);
- audit.setMessageHandler([this] (Audit::Message &msg) {
- for (auto handler : this->auditHandlers) {
- handler(msg.first, msg.second);
- }
- });
+ audit.reset(new Audit());
+ audit->setEnabled(1);
+ audit->setPID(::getpid());
+
+ auditParser.reset(new AuditMessageParser(*audit, service->mainloop));
+ rule.reset(new AuditTrail::RuleManagement(*this));
}
Server::~Server()
#include <klay/rmi/service.h>
#include "audit/audit.h"
+#include "audit/audit-message-parser.h"
class Server final {
public:
runtime::FileDescriptor registerNotificationSubscriber(const std::string& name);
int unregisterNotificationSubscriber(const std::string& name, int id);
- void setAuditHandler(AuditHandler&& handler)
+ Audit &getAudit()
{
- auditHandlers.push_back(handler);
+ return *audit;
}
- void addAuditRule(const AuditRule &rule)
+ AuditMessageParser &getAuditParser()
{
- audit.addRule(rule);
- }
-
- void removeAuditRule(const AuditRule &rule)
- {
- audit.removeRule(rule);
- }
-
- std::vector<AuditRule> getAuditRules()
- {
- return audit.getRules();
+ return *auditParser;
}
private:
- Audit audit;
+ std::unique_ptr<Audit> audit;
+ std::unique_ptr<AuditMessageParser> auditParser;
+
std::string securityLabel;
std::unique_ptr<rmi::Service> service;
- std::vector<AuditHandler> auditHandlers;
};
#endif //__AUDIT_TRAIL_SERVER_H__
projects / platform / core / security / audit-trail.git / commitdiff