projects / platform / core / security / audit-trail.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 49d15be)
Add enabling/disabling to each loggers 50/137550/4
authorSungbae Yoo <sungbae.yoo@samsung.com>
Thu, 6 Jul 2017 09:25:32 +0000 (18:25 +0900)
committerSungbae Yoo <sungbae.yoo@samsung.com>
Tue, 11 Jul 2017 05:27:49 +0000 (14:27 +0900)
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: Ib079c7685d85ba2cc422783d42becf7cabcb3b2c

16 files changed:
lib/audit-trail/dac.cpp patch | blob | history
lib/audit-trail/dac.h patch | blob | history
lib/audit-trail/mac.cpp patch | blob | history
lib/audit-trail/mac.h patch | blob | history
lib/audit-trail/syscall.cpp patch | blob | history
lib/audit-trail/syscall.h patch | blob | history
lib/discretionary-access-control.cpp patch | blob | history
lib/mandatory-access-control.cpp patch | blob | history
lib/system-call.cpp patch | blob | history
rmi/discretionary-access-control.h patch | blob | history
rmi/mandatory-access-control.h patch | blob | history
rmi/system-call.h patch | blob | history
server/discretionary-access-control.cpp patch | blob | history
server/mandatory-access-control.cpp patch | blob | history
server/system-call.cpp patch | blob | history
tools/cli/audit-trail-admin-cli.cpp patch | blob | history

diff --git a/lib/audit-trail/dac.cpp b/lib/audit-trail/dac.cpp
index f7a02c7d98e7695a1b19ea18b7adbbd518044029..a98db7986eed042f492bc11ff97f9fdc56c98c41 100644 (file)
--- a/lib/audit-trail/dac.cpp
+++ b/lib/audit-trail/dac.cpp
@@ -80,3 +80,29 @@ int audit_trail_remove_dac_cb(audit_trail_h handle, int callback_id)
 
        return AUDIT_TRAIL_ERROR_NONE;
 }
+
+int audit_trail_enable_dac(audit_trail_h handle, bool en)
+{
+       RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+       AuditTrailContext &client = GetAuditTrailContext(handle);
+       auto dac = client.createInterface<DiscretionaryAccessControl>();
+
+       int ret = dac.enable(en);
+       if (ret)
+               return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
+
+       return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_is_enabled_dac(audit_trail_h handle, bool *en)
+{
+       RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+       RET_ON_FAILURE(en, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+       AuditTrailContext &client = GetAuditTrailContext(handle);
+       auto dac = client.createInterface<DiscretionaryAccessControl>();
+       *en = dac.isEnabled();
+
+       return AUDIT_TRAIL_ERROR_NONE;
+}
diff --git a/lib/audit-trail/dac.h b/lib/audit-trail/dac.h
index dfd0511c85e0cf7f087f9cbe7db3b3cc4982f177..2c5b2079483445760e11f131b3748043cd3dd432 100644 (file)
--- a/lib/audit-trail/dac.h
+++ b/lib/audit-trail/dac.h
@@ -31,7 +31,8 @@ extern "C" {
 /**
  * @brief       Retrieves all DAC logs that occured in system.
  * @details     This API calls audit_trail_string_cb() once for each DAC
- *              (Discretionary Access Control) logs.
+ *              (Discretionary Access Control) logs collected by audit-trail
+ *              when DAC auditing is enabled.
  * @since_tizen 5.0
  * @param[in]   handle The audit-trail handle
  * @param[in]   callback The iteration callback function
@@ -43,6 +44,7 @@ extern "C" {
  * @pre         The handle must be created by audit_trail_create().
  * @see         audit_trail_create()
  * @see         audit_trail_destroy()
+ * @see         audit_trail_enable_dac()
  */
 AUDIT_TRAIL_API int audit_trail_foreach_dac(audit_trail_h handle, audit_trail_string_cb callback, void *user_data);
 
@@ -78,8 +80,10 @@ AUDIT_TRAIL_API int audit_trail_clear_dac(audit_trail_h handle);
  * @retval      #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
  * @retval      #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
  * @pre         The handle must be created by audit_trail_create().
+ * @pre         DAC auditing must be enabled by audit_trail_enable_dac().
  * @see         audit_trail_create()
  * @see         audit_trail_destroy()
+ * @see         audit_trail_enable_dac()
  * @see         audit_trail_remove_dac_cb()
  */
 AUDIT_TRAIL_API int audit_trail_add_dac_cb(audit_trail_h handle,
@@ -104,6 +108,43 @@ AUDIT_TRAIL_API int audit_trail_add_dac_cb(audit_trail_h handle,
  */
 AUDIT_TRAIL_API int audit_trail_remove_dac_cb(audit_trail_h handle, int id);
 
+/**
+ * @brief       Enables DAC auditing.
+ * @details     This API can be used to enable to collect the DAC(Discretionary
+ *              Access Control) logs. Any DAC log will not be collected
+ *              until auditing is enabled
+ * @since_tizen 5.0
+ * @param[in]   handle The audit-trail handle
+ * @param[in]   en True enables DAC auditing, Otherwise disables
+ * @return      #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval      #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval      #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval      #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre         The handle must be created by audit_trail_create().
+ * @see         audit_trail_create()
+ * @see         audit_trail_destroy()
+ * @see         audit_trail_foreach_dac()
+ * @see         audit_trail_add_dac_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_enable_dac(audit_trail_h handle, bool en);
+
+/**
+ * @brief       Retrieves if DAC auditing is enabled.
+ * @details     This API can be used to know if DAC(Discretionary Access
+ *              Control) auditing is enabled now.
+ * @since_tizen 5.0
+ * @param[in]   handle The audit-trail handle
+ * @param[out]  en If true, DAC auditing was enabled, Otherwise disabled
+ * @return      #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval      #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval      #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval      #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre         The handle must be created by audit_trail_create().
+ * @see         audit_trail_create()
+ * @see         audit_trail_destroy()
+ */
+AUDIT_TRAIL_API int audit_trail_is_enabled_dac(audit_trail_h handle, bool *en);
+
 /**
  * @}
  */
diff --git a/lib/audit-trail/mac.cpp b/lib/audit-trail/mac.cpp
index 84c8229a1a728ecdbc5d0d5182c00edfa4fb3bfd..3dea1a1203d1bca2072c12f2f3f2f9c373b2f82f 100644 (file)
--- a/lib/audit-trail/mac.cpp
+++ b/lib/audit-trail/mac.cpp
@@ -80,3 +80,29 @@ int audit_trail_remove_mac_cb(audit_trail_h handle, int callback_id)
 
        return AUDIT_TRAIL_ERROR_NONE;
 }
+
+int audit_trail_enable_mac(audit_trail_h handle, bool en)
+{
+       RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+       AuditTrailContext &client = GetAuditTrailContext(handle);
+       auto mac = client.createInterface<MandatoryAccessControl>();
+
+       int ret = mac.enable(en);
+       if (ret)
+               return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
+
+       return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_is_enabled_mac(audit_trail_h handle, bool *en)
+{
+       RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+       RET_ON_FAILURE(en, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+       AuditTrailContext &client = GetAuditTrailContext(handle);
+       auto mac = client.createInterface<MandatoryAccessControl>();
+       *en = mac.isEnabled();
+
+       return AUDIT_TRAIL_ERROR_NONE;
+}
diff --git a/lib/audit-trail/mac.h b/lib/audit-trail/mac.h
index c33430f1a30dada53f1d61b5da2c74788f280a2c..054a5a7c90138299d1812d3d2e4d33d8b803f4cb 100644 (file)
--- a/lib/audit-trail/mac.h
+++ b/lib/audit-trail/mac.h
@@ -31,7 +31,8 @@ extern "C" {
 /**
  * @brief       Retrieves all MAC logs that occured in system.
  * @details     This API calls audit_trail_string_cb() once for each MAC
- *              (Mandatory Access Control) logs.
+ *              (Mandatory Access Control) logs collected by audit-trail
+ *              when MAC auditing is enabled.
  * @since_tizen 5.0
  * @param[in]   handle The audit-trail handle
  * @param[in]   callback The iteration callback function
@@ -43,6 +44,7 @@ extern "C" {
  * @pre         The handle must be created by audit_trail_create().
  * @see         audit_trail_create()
  * @see         audit_trail_destroy()
+ * @see         audit_trail_enable_mac()
  */
 AUDIT_TRAIL_API int audit_trail_foreach_mac(audit_trail_h handle, audit_trail_string_cb callback, void *user_data);
 
@@ -78,6 +80,7 @@ AUDIT_TRAIL_API int audit_trail_clear_mac(audit_trail_h handle);
  * @retval      #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
  * @retval      #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
  * @pre         The handle must be created by audit_trail_create().
+ * @pre         MAC auditing must be enabled by audit_trail_enable_mac().
  * @see         audit_trail_create()
  * @see         audit_trail_destroy()
  * @see         audit_trail_remove_mac_cb()
@@ -104,6 +107,43 @@ AUDIT_TRAIL_API int audit_trail_add_mac_cb(audit_trail_h handle,
  */
 AUDIT_TRAIL_API int audit_trail_remove_mac_cb(audit_trail_h handle, int id);
 
+/**
+ * @brief       Enables MAC auditing.
+ * @details     This API can be used to enable to collect the MAC(Mandatory
+ *              Access Control) logs. Any MAC log will not be collected
+ *              until auditing is enabled
+ * @since_tizen 5.0
+ * @param[in]   handle The audit-trail handle
+ * @param[in]   en True enables MAC auditing, Otherwise disables
+ * @return      #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval      #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval      #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval      #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre         The handle must be created by audit_trail_create().
+ * @see         audit_trail_create()
+ * @see         audit_trail_destroy()
+ * @see         audit_trail_mac_syscall()
+ * @see         audit_trail_add_mac_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_enable_mac(audit_trail_h handle, bool en);
+
+/**
+ * @brief       Retrieves if MAC auditing is enabled.
+ * @details     This API can be used to know if MAC(Mandatory Access Control)
+ *               auditing is enabled now.
+ * @since_tizen 5.0
+ * @param[in]   handle The audit-trail handle
+ * @param[out]  en If true, MAC auditing was enabled, Otherwise disabled
+ * @return      #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval      #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval      #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval      #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre         The handle must be created by audit_trail_create().
+ * @see         audit_trail_create()
+ * @see         audit_trail_destroy()
+ */
+AUDIT_TRAIL_API int audit_trail_is_enabled_mac(audit_trail_h handle, bool *en);
+
 /**
  * @}
  */
diff --git a/lib/audit-trail/syscall.cpp b/lib/audit-trail/syscall.cpp
index 6e732755e384659f5b7465dc52a51b73e917ff93..e6def39caf32d04445dd70e6b463891e2e8f22c4 100644 (file)
--- a/lib/audit-trail/syscall.cpp
+++ b/lib/audit-trail/syscall.cpp
@@ -80,3 +80,29 @@ int audit_trail_remove_syscall_cb(audit_trail_h handle, int callback_id)
 
        return AUDIT_TRAIL_ERROR_NONE;
 }
+
+int audit_trail_enable_syscall(audit_trail_h handle, bool en)
+{
+       RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+       AuditTrailContext &client = GetAuditTrailContext(handle);
+       auto syscall = client.createInterface<SystemCall>();
+
+       int ret = syscall.enable(en);
+       if (ret)
+               return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
+
+       return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_is_enabled_syscall(audit_trail_h handle, bool *en)
+{
+       RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+       RET_ON_FAILURE(en, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+       AuditTrailContext &client = GetAuditTrailContext(handle);
+       auto syscall = client.createInterface<SystemCall>();
+       *en = syscall.isEnabled();
+
+       return AUDIT_TRAIL_ERROR_NONE;
+}
diff --git a/lib/audit-trail/syscall.h b/lib/audit-trail/syscall.h
index c61503f55964aaf02f8e2d9af48d2544aeae74cc..fa877547902e1e80d674c6d4280a794c34b3b0b0 100644 (file)
--- a/lib/audit-trail/syscall.h
+++ b/lib/audit-trail/syscall.h
@@ -20,7 +20,7 @@
 #include <audit-trail/audit-trail.h>
 
 /**
- * @file dac.h
+ * @file syscall.h
  * @brief This file provides APIs to get system call logs
  */
 
@@ -31,7 +31,7 @@ extern "C" {
 /**
  * @brief       Retrieves all system call logs that occured in system.
  * @details     This API calls audit_trail_strimg_cb() once for each system call
- *              logs.
+ *              logs collected by audit-trail when system call auditing is enabled.
  * @since_tizen 5.0
  * @param[in]   handle The audit-trail handle
  * @param[in]   callback The iteration callback function
@@ -43,6 +43,7 @@ extern "C" {
  * @pre         The handle must be created by audit_trail_create().
  * @see         audit_trail_create()
  * @see         audit_trail_destroy()
+ * @see         audit_trail_enable_syscall()
  */
 AUDIT_TRAIL_API int audit_trail_foreach_syscall(audit_trail_h handle, audit_trail_string_cb callback, void *user_data);
 
@@ -78,8 +79,11 @@ AUDIT_TRAIL_API int audit_trail_clear_syscall(audit_trail_h handle);
  * @retval      #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
  * @retval      #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
  * @pre         The handle must be created by audit_trail_create().
+ * @pre         System call auditing must be enabled by
+ *              audit_trail_enable_syscall().
  * @see         audit_trail_create()
  * @see         audit_trail_destroy()
+ * @see         audit_trail_enable_syscall()
  * @see         audit_trail_remove_syscall_cb()
  */
 AUDIT_TRAIL_API int audit_trail_add_syscall_cb(audit_trail_h handle,
@@ -103,6 +107,42 @@ AUDIT_TRAIL_API int audit_trail_add_syscall_cb(audit_trail_h handle,
  */
 AUDIT_TRAIL_API int audit_trail_remove_syscall_cb(audit_trail_h handle, int id);
 
+/**
+ * @brief       Enables system call auditing.
+ * @details     This API can be used to enable to collect the system call logs.
+ *              Any system call log will not be collected until auditing is
+ *              enabled
+ * @since_tizen 5.0
+ * @param[in]   handle The audit-trail handle
+ * @param[in]   en True enables system call auditing, Otherwise disables
+ * @return      #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval      #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval      #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval      #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre         The handle must be created by audit_trail_create().
+ * @see         audit_trail_create()
+ * @see         audit_trail_destroy()
+ * @see         audit_trail_foreach_syscall()
+ * @see         audit_trail_add_syscall_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_enable_syscall(audit_trail_h handle, bool en);
+
+/**
+ * @brief       Retrieves if system call auditing is enabled.
+ * @details     This API can be used to know if system call auditing is
+ *              enabled now.
+ * @since_tizen 5.0
+ * @param[in]   handle The audit-trail handle
+ * @param[out]  en If true, system call auditing was enabled, Otherwise disabled
+ * @return      #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval      #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval      #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval      #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre         The handle must be created by audit_trail_create().
+ * @see         audit_trail_create()
+ * @see         audit_trail_destroy()
+ */
+AUDIT_TRAIL_API int audit_trail_is_enabled_syscall(audit_trail_h handle, bool *en);
 /**
  * @}
  */
diff --git a/lib/discretionary-access-control.cpp b/lib/discretionary-access-control.cpp
index dc5b16a01ebe6f51383a7a82552db3a3b6c2a6d6..92b26f5c4e67cfad206ccc95a7d50b01cfc0b2d9 100644 (file)
--- a/lib/discretionary-access-control.cpp
+++ b/lib/discretionary-access-control.cpp
@@ -66,4 +66,20 @@ int DiscretionaryAccessControl::clear()
        return 0;
 }
 
+int DiscretionaryAccessControl::enable(bool en)
+{
+       try {
+               return context->methodCall<int>("DiscretionaryAccessControl::enable", en);
+       } catch (runtime::Exception& e) {}
+       return 0;
+}
+
+bool DiscretionaryAccessControl::isEnabled()
+{
+       try {
+               return context->methodCall<bool>("DiscretionaryAccessControl::isEnabled");
+       } catch (runtime::Exception& e) {}
+       return false;
+}
+
 } // namespace AuditTrail
diff --git a/lib/mandatory-access-control.cpp b/lib/mandatory-access-control.cpp
index f9e6685a809eb3ebbda28ca11c7f9c72481a505c..70100263a38880fee3155b7f9fffc936af931705 100644 (file)
--- a/lib/mandatory-access-control.cpp
+++ b/lib/mandatory-access-control.cpp
@@ -66,4 +66,20 @@ int MandatoryAccessControl::clear()
        return 0;
 }
 
+int MandatoryAccessControl::enable(bool en)
+{
+       try {
+               return context->methodCall<int>("MandatoryAccessControl::enable", en);
+       } catch (runtime::Exception& e) {}
+       return 0;
+}
+
+bool MandatoryAccessControl::isEnabled()
+{
+       try {
+               return context->methodCall<bool>("MandatoryAccessControl::isEnabled");
+       } catch (runtime::Exception& e) {}
+       return false;
+}
+
 } // namespace AuditTrail
diff --git a/lib/system-call.cpp b/lib/system-call.cpp
index e1010b7ab1edf96a35482998eed1e395a67c466e..ff792ea463e34ac9549b5c80e344cda570dcba15 100644 (file)
--- a/lib/system-call.cpp
+++ b/lib/system-call.cpp
@@ -66,4 +66,20 @@ int SystemCall::clear()
        return 0;
 }
 
+int SystemCall::enable(bool en)
+{
+       try {
+               return context->methodCall<int>("SystemCall::enable", en);
+       } catch (runtime::Exception& e) {}
+       return 0;
+}
+
+bool SystemCall::isEnabled()
+{
+       try {
+               return context->methodCall<bool>("SystemCall::isEnabled");
+       } catch (runtime::Exception& e) {}
+       return false;
+}
+
 } // namespace AuditTrail
diff --git a/rmi/discretionary-access-control.h b/rmi/discretionary-access-control.h
index c704da89f6ec04ed16a0fd3539f14d71c1b4e3e4..bb8323ef5773fb51dd2c3862192faa0b37643e46 100644 (file)
--- a/rmi/discretionary-access-control.h
+++ b/rmi/discretionary-access-control.h
@@ -37,6 +37,9 @@ public:
 
        int clear();
 
+       int enable(bool en);
+       bool isEnabled();
+
 private:
        AuditTrailControlContext& context;
 };
diff --git a/rmi/mandatory-access-control.h b/rmi/mandatory-access-control.h
index 32177d0bd8373038ad6c41a47d3011d011db80f9..fb55d73294ea44701ed4281a673954e44627edac 100644 (file)
--- a/rmi/mandatory-access-control.h
+++ b/rmi/mandatory-access-control.h
@@ -37,6 +37,9 @@ public:
 
        int clear();
 
+       int enable(bool en);
+       bool isEnabled();
+
 private:
        AuditTrailControlContext& context;
 };
diff --git a/rmi/system-call.h b/rmi/system-call.h
index 453961d38f07c299ae6f63c9a6f22020cb796b64..10b26c652f76994099e532607b09000d7204c9e9 100644 (file)
--- a/rmi/system-call.h
+++ b/rmi/system-call.h
@@ -37,6 +37,9 @@ public:
 
        int clear();
 
+       int enable(bool en);
+       bool isEnabled();
+
 private:
        AuditTrailControlContext& context;
 };
diff --git a/server/discretionary-access-control.cpp b/server/discretionary-access-control.cpp
index 17674bdee3bd955be176a2471db3e7d4528e4c6f..791e6e11eb2048c0cbeb29598c1d0307ea85fc19 100644 (file)
--- a/server/discretionary-access-control.cpp
+++ b/server/discretionary-access-control.cpp
@@ -34,6 +34,9 @@ int newIteratorId = 0;
 
 const std::string keyString = " key=\"" AUDIT_RULE_KEY "\"";
 
+netlink::AuditRule ruleDacAccess, ruleDacPerm;
+bool enabled;
+
 } // namespace
 
 
@@ -45,31 +48,25 @@ DiscretionaryAccessControl::DiscretionaryAccessControl(AuditTrailControlContext
        context.expose(this, "", (bool)(DiscretionaryAccessControl::nextIterator)(int));
        context.expose(this, "", (int)(DiscretionaryAccessControl::destroyIterator)(int));
        context.expose(this, PRIVILEGE_PLATFORM, (int)(DiscretionaryAccessControl::clear)());
+       context.expose(this, PRIVILEGE_PLATFORM, (int)(DiscretionaryAccessControl::enable)(bool));
+       context.expose(this, "", (bool)(DiscretionaryAccessControl::isEnabled)());
 
        context.createNotification("DiscretionaryAccessControl");
 
-       netlink::AuditRule dacAccess, dacPerm;
-
-       dacAccess.setKey(AUDIT_RULE_KEY);
-       dacAccess.setSystemCall(__NR_open);
-       dacAccess.setSystemCall(__NR_openat);
-       dacAccess.setSystemCall(__NR_getxattr);
-       dacAccess.setReturn(-EACCES);
+       ruleDacAccess.setKey(AUDIT_RULE_KEY);
+       ruleDacAccess.setSystemCall(__NR_open);
+       ruleDacAccess.setSystemCall(__NR_openat);
+       ruleDacAccess.setSystemCall(__NR_getxattr);
+       ruleDacAccess.setReturn(-EACCES);
 
-       dacPerm = dacAccess;
-       dacPerm.setReturn(-EPERM);
-
-       try {
-               context.addAuditRule(dacAccess);
-       } catch (runtime::Exception& e) {
-               INFO("Failed to add audit rule");
-       }
+       ruleDacPerm = ruleDacAccess;
+       ruleDacPerm.setReturn(-EPERM);
 
        try {
-               context.addAuditRule(dacPerm);
-       } catch (runtime::Exception& e) {
-               INFO("Failed to add audit rule");
-       }
+               context.removeAuditRule(ruleDacAccess);
+               context.removeAuditRule(ruleDacPerm);
+       } catch (runtime::Exception& e) {}
+       enabled = false;
 
        context.setAuditHandler([&ctx] (int type, std::vector<char> &buf) {
                if (type == AUDIT_SYSCALL) {
@@ -145,4 +142,28 @@ int DiscretionaryAccessControl::clear()
        return 0;
 }
 
+bool DiscretionaryAccessControl::isEnabled()
+{
+       return enabled;
+}
+
+int DiscretionaryAccessControl::enable(bool en)
+{
+       if (en != enabled) {
+               enabled = en;
+               try {
+                       if (en) {
+                               context.addAuditRule(ruleDacAccess);
+                               context.addAuditRule(ruleDacPerm);
+                       } else {
+                               context.removeAuditRule(ruleDacAccess);
+                               context.removeAuditRule(ruleDacPerm);
+                       }
+               } catch (runtime::Exception& e) {
+                       return -1;
+               }
+       }
+       return 0;
+}
+
 } // namespace AuditTrail
diff --git a/server/mandatory-access-control.cpp b/server/mandatory-access-control.cpp
index 8195975973c67fbcb82155a69d264fec309e03e6..4e30692456fe54c76cb97ca12833e41282299def 100644 (file)
--- a/server/mandatory-access-control.cpp
+++ b/server/mandatory-access-control.cpp
@@ -30,6 +30,8 @@ std::vector<std::string> logs;
 std::unordered_map<int, unsigned long long> iteratorMap;
 int newIteratorId = 0;
 
+bool enabled;
+
 } // namespace
 
 
@@ -41,11 +43,15 @@ MandatoryAccessControl::MandatoryAccessControl(AuditTrailControlContext &ctx) :
        context.expose(this, "", (bool)(MandatoryAccessControl::nextIterator)(int));
        context.expose(this, "", (int)(MandatoryAccessControl::destroyIterator)(int));
        context.expose(this, PRIVILEGE_PLATFORM, (int)(MandatoryAccessControl::clear)());
+       context.expose(this, PRIVILEGE_PLATFORM, (int)(MandatoryAccessControl::enable)(bool));
+       context.expose(this, "", (bool)(MandatoryAccessControl::isEnabled)());
 
        context.createNotification("MandatoryAccessControl");
 
+       enabled = false;
+
        context.setAuditHandler([&ctx] (int type, std::vector<char> &buf) {
-               if (type == AUDIT_AVC) {
+               if (type == AUDIT_AVC && enabled) {
                        std::string log(buf.begin(), buf.end());
                        logs.push_back(log);
                        ctx.notify("MandatoryAccessControl", log);
@@ -113,4 +119,15 @@ int MandatoryAccessControl::clear()
        return 0;
 }
 
+bool MandatoryAccessControl::isEnabled()
+{
+       return enabled;
+}
+
+int MandatoryAccessControl::enable(bool en)
+{
+       enabled = en;
+       return 0;
+}
+
 } // namespace AuditTrail
diff --git a/server/system-call.cpp b/server/system-call.cpp
index d7c6dfa6607cde29f2b21cc8de3b9d84e5ea12e3..affc40b50d26b17bcc2bf95422216048371c9e31 100644 (file)
--- a/server/system-call.cpp
+++ b/server/system-call.cpp
@@ -34,6 +34,9 @@ int newIteratorId = 0;
 
 const std::string keyString = " key=\"" AUDIT_RULE_KEY "\"";
 
+netlink::AuditRule ruleAllSyscall;
+bool enabled;
+
 } // namespace
 
 
@@ -45,19 +48,19 @@ SystemCall::SystemCall(AuditTrailControlContext &ctx) :
        context.expose(this, "", (bool)(SystemCall::nextIterator)(int));
        context.expose(this, "", (int)(SystemCall::destroyIterator)(int));
        context.expose(this, PRIVILEGE_PLATFORM, (int)(SystemCall::clear)());
+       context.expose(this, PRIVILEGE_PLATFORM, (int)(SystemCall::enable)(bool));
+       context.expose(this, "", (bool)(SystemCall::isEnabled)());
 
        context.createNotification("SystemCall");
 
-       netlink::AuditRule allSyscall;
 
-       allSyscall.setKey(AUDIT_RULE_KEY);
-       allSyscall.setAllSystemCalls();
+       ruleAllSyscall.setKey(AUDIT_RULE_KEY);
+       ruleAllSyscall.setAllSystemCalls();
 
        try {
-               context.addAuditRule(allSyscall);
-       } catch (runtime::Exception& e) {
-               INFO("Failed to add audit rule");
-       }
+               context.removeAuditRule(ruleAllSyscall);
+       } catch (runtime::Exception& e) {}
+       enabled = false;
 
        context.setAuditHandler([&ctx] (int type, std::vector<char> &buf) {
                if (type == AUDIT_SYSCALL) {
@@ -133,4 +136,26 @@ int SystemCall::clear()
        return 0;
 }
 
+bool SystemCall::isEnabled()
+{
+       return enabled;
+}
+
+int SystemCall::enable(bool en)
+{
+       if (en != enabled) {
+               enabled = en;
+               try {
+                       if (en) {
+                               context.addAuditRule(ruleAllSyscall);
+                       } else {
+                               context.removeAuditRule(ruleAllSyscall);
+                       }
+               } catch (runtime::Exception& e) {
+                       return -1;
+               }
+       }
+       return 0;
+}
+
 } // namespace AuditTrail
diff --git a/tools/cli/audit-trail-admin-cli.cpp b/tools/cli/audit-trail-admin-cli.cpp
index fc36af7322280d1e07bfab41596542a995b213c3..b1f38c8d6d5645e248fc8d141a411910f9bb9caf 100644 (file)
--- a/tools/cli/audit-trail-admin-cli.cpp
+++ b/tools/cli/audit-trail-admin-cli.cpp
@@ -45,6 +45,8 @@ static inline int usage(const std::string name)
                          << "Options :" << std::endl
                          << "   -s, --show=[dac|mac|syscall]     show the audit logs" << std::endl
                          << "   -c, --clear=[dac|mac|syscall]    clear the audit logs" << std::endl
+                         << "   -d, --disable=[dac|mac|syscall]  disable to collect logs" << std::endl
+                         << "   -e, --enable=[dac|mac|syscall]   enable to collect logs" << std::endl
                          << "   -m, --monitor                    monitor for all audit logs" << std::endl
                          << "   -h, --help                       show this" << std::endl
                          << std::endl;
@@ -101,6 +103,50 @@ int clearLog(const std::string type)
 
        return 0;
 }
+
+int enableLog(const std::string type, bool en)
+{
+       std::stringstream tok(type);
+       std::string word;
+
+       audit_trail_h auditTrail;
+       audit_trail_create(&auditTrail);
+
+       while (getline(tok, word, '|')) {
+               if (word == "dac") {
+                       audit_trail_enable_dac(auditTrail, en);
+               } else if (word == "mac") {
+                       audit_trail_enable_mac(auditTrail, en);
+               } else if (word == "syscall") {
+                       audit_trail_enable_syscall(auditTrail, en);
+               }
+       }
+
+       std::cout << "Enabled : ";
+
+       en = false;
+       audit_trail_is_enabled_dac(auditTrail, &en);
+       if (en) {
+               std::cout << "dac ";
+       }
+
+       en = false;
+       audit_trail_is_enabled_mac(auditTrail, &en);
+       if (en) {
+               std::cout << "mac ";
+       }
+
+       en = false;
+       audit_trail_is_enabled_syscall(auditTrail, &en);
+       if (en) {
+               std::cout << "syscall ";
+       }
+       std::cout << std::endl;
+
+       audit_trail_destroy(auditTrail);
+       return 0;
+}
+
 void monitorSigHandler(int sig)
 {
        g_main_loop_quit(gmainloop);
@@ -149,6 +195,8 @@ int main(int argc, char* argv[])
                {"help", no_argument, 0, 'h'},
                {"show", required_argument, 0, 's'},
                {"clear", required_argument, 0, 'c'},
+               {"enable", required_argument, 0, 'e'},
+               {"disable", required_argument, 0, 'd'},
                {"monitor", no_argument, 0, 'm'},
                {0, 0, 0, 0}
        };
@@ -158,7 +206,7 @@ int main(int argc, char* argv[])
                return EXIT_SUCCESS;
        }
 
-       while ((opt = getopt_long(argc, argv, "s:c:mh", options, &index)) != -1) {
+       while ((opt = getopt_long(argc, argv, "s:c:d:e:mh", options, &index)) != -1) {
                switch (opt) {
                case 's':
                        ret = showLog(optarg);
@@ -166,6 +214,12 @@ int main(int argc, char* argv[])
                case 'c':
                        ret = clearLog(optarg);
                        break;
+               case 'd':
+                       ret = enableLog(optarg, false);
+                       break;
+               case 'e':
+                       ret = enableLog(optarg, true);
+                       break;
                case 'm':
                        ret = monitorLog();
                        break;
Domain: Security / Access Control;