class FieldBase {
public:
- virtual void emit(std::vector<char> &rule) = 0;
- virtual unsigned int type() = 0;
+ virtual void emit(std::vector<char> &rule) const = 0;
+ virtual unsigned int type() const = 0;
};
template <typename T>
using RuleData = struct audit_rule_data;
Field(FieldType type)
- : _type(static_cast<unsigned int>(type))
+ : _type(static_cast<unsigned int>(type)),
+ _op(0)
{
}
/* TODO: to be removed below constructor */
{
}
- unsigned int type()
+ unsigned int type() const
{
return _type;
}
- Field &&operator == (T value) {
+ Field operator == (T value) {
return create(value, Operator::Equal);
}
- Field &&operator != (T value) {
+ Field operator != (T value) {
return create(value, Operator::NotEqual);
}
- Field &&operator < (T value) {
+ Field operator < (T value) {
return create(value, Operator::LessThan);
}
- Field &&operator <= (T value) {
+ Field operator <= (T value) {
return create(value, Operator::LessThanEqual);
}
- Field &&operator > (T value) {
+ Field operator > (T value) {
return create(value, Operator::GreaterThan);
}
- Field &&operator >= (T value) {
+ Field operator >= (T value) {
return create(value, Operator::GreaterThanEqual);
}
- void emit(std::vector<char> &rule) {
+ void emit(std::vector<char> &rule) const {
auto r = reinterpret_cast<RuleData *>(rule.data());
r->fields[r->field_count] = _type;
r->fieldflags[r->field_count] = _op;
- setValue(rule, _value);
+ emitValue(rule, _value);
}
private:
- Field &&create(T value, Operator op) {
+ Field create(T value, Operator op) {
_op = static_cast<unsigned int>(op);
_value = value;
- return std::move(*this);
+ return *this;
}
- void setValue(std::vector<char> &rule, int value)
+ void emitValue(std::vector<char> &rule, int value) const
{
auto r = reinterpret_cast<RuleData *>(rule.data());
r->values[r->field_count++] = value;
}
- void setValue(std::vector<char> &rule, const std::string &value)
+
+ void emitValue(std::vector<char> &rule, const std::string &value) const
{
auto r = reinterpret_cast<RuleData *>(rule.data());
r->values[r->field_count] = value.size();
virtual void initialize() = 0;
- RuleList &&operator *()
+ RuleList get() const
{
- return std::move(list);
+ return list;
}
-
protected:
void add(const Rule &rule);
Rule::Rule(const Rule &rule)
: _type(rule._type), buf(sizeof(RuleData))
{
- std::vector<char> bufdata(rule.buf);
- for (auto &c : rule.conditions) {
- if (c.second)
- c.second->emit(bufdata);
- }
- setComponents(bufdata);
+ conditions.insert(rule.conditions.begin(), rule.conditions.end());
+ setComponents(rule.buf);
}
Rule::~Rule()
return ret;
}
-bool Rule::isStringField(unsigned int type)
+bool Rule::isStringField(unsigned int type) const
{
FieldType ftype = static_cast<FieldType>(type);
return (ftype == FieldType::WatchPath) ||
for (unsigned int i = 0; i < r->field_count; i++) {
if (isStringField(r->fields[i])) {
std::string value(ruleBuf, ruleBuf + r->values[i]);
- conditions[r->fields[i]].reset(
- new Field<std::string>(r->fields[i], r->fieldflags[i], value));
+ conditions[r->fields[i]].reset(new Field<std::string>(r->fields[i], r->fieldflags[i], value));
ruleBuf += r->values[i];
} else {
- conditions[r->fields[i]].reset(
- new Field<int>(r->fields[i], r->fieldflags[i], r->values[i]));
+ conditions[r->fields[i]].reset(new Field<int>(r->fields[i], r->fieldflags[i], r->values[i]));
}
}
}
void Rule::updateConditions()
{
for (auto &c : conditions) {
- if (c.second)
- c.second->emit(buf);
+ c.second->emit(buf);
}
}
Rule(const Rule &rule);
template <typename T>
- Rule &&operator << (Field<T> &&field)
+ Rule operator << (const Field<T> &field)
{
- setCondition(std::move(field));
- return std::move(*this);
+ setCondition(field);
+ return *this;
}
bool operator == (const Rule &rule)
return buf == rule.buf;
}
- RuleType type()
+ RuleType type() const
{
return _type;
}
void setTag(const std::string &tag);
template <typename T>
- void setCondition(Field<T> &&field);
+ void setCondition(const Field<T> &field);
template <typename T>
- void unsetCondition(Field<T> &&field);
+ void unsetCondition(const Field<T> &field);
void setMask();
- void setMask(unsigned int syscall = 0);
+ void setMask(unsigned int syscall);
void unsetMask();
- void unsetMask(unsigned int syscall = 0);
+ void unsetMask(unsigned int syscall);
+
std::vector<unsigned int> getMask();
protected:
{
return reinterpret_cast<RuleData*>(buf.data());
}
- bool isStringField(unsigned int type);
+
+ bool isStringField(unsigned int type) const;
void setComponents(const std::vector<char> &rule);
void updateConditions();
private:
RuleType _type;
std::vector<char> buf;
- std::unordered_map<unsigned int, std::unique_ptr<FieldBase>> conditions;
+ std::unordered_map<unsigned int, std::shared_ptr<FieldBase>> conditions;
};
template <typename T>
-void Rule::setCondition(Field<T> &&field)
+void Rule::setCondition(const Field<T> &field)
{
conditions[field.type()].reset(new Field<T>(field));
}
template <typename T>
-void Rule::unsetCondition(Field<T> &&field)
+void Rule::unsetCondition(const Field<T> &field)
{
if (conditions.find(field.type()) != conditions.end())
- conditions[field.type()].reset();
+ conditions.erase(field.type());
}
#endif /*__AUDIT_RULE_H__*/
close();
}
-AbstractRuleSet::RuleList &&RuleSetLoader::load(const std::string &path)
+AbstractRuleSet::RuleList RuleSetLoader::load(const std::string &path)
{
+ std::unique_ptr<AbstractRuleSet> ruleSet;
+
if (open(basePath + path, RTLD_LAZY | RTLD_LOCAL) != 0)
throw runtime::Exception("Failed to load rule set library");
ruleSet.reset(reinterpret_cast<AbstractRuleSet*>(factory()));
ruleSet->initialize();
}
- return **ruleSet;
+
+ return ruleSet->get();
}
int RuleSetLoader::open(const std::string &path, int flags)
RuleSetLoader();
~RuleSetLoader();
- AbstractRuleSet::RuleList &&load(const std::string &path);
+ AbstractRuleSet::RuleList load(const std::string &path);
private:
int open(const std::string &path, int flags);
void close();
private:
- std::unique_ptr<AbstractRuleSet> ruleSet;
void *handle;
std::string basePath;
projects / platform / core / security / audit-trail.git / commitdiff