return;
}
+ instance.log.type = type;
+
std::stringstream tok(log);
- std::string word, msg;
+ std::string word;
getline(tok, word, ' ');
word = word.substr(sizeof("audit(") - 1);
const auto &value = pair.second;
if (name == "msg") {
- msg = value;
+ instance.log.text = value;
+ } else if (name == "pid") {
+ instance.log.pid = std::stoul(value);
}
}
- instance.log.type = type;
- instance.log.text = msg;
-
completed = true;
}
#define __AUDIT_TRAIL_AUDIT_USER_LOG_H__
#include <string>
+#include <limits.h>
struct AuditUserLog final {
struct {
} time;
struct {
int type = 0;
+ pid_t pid = UINT_MAX;
std::string text;
} log;
};
SET(PC_FILE "${PROJECT_NAME}.pc")
SET(SOURCES client.cpp
+ log-management.cpp
rule-management.cpp
audit-trail/audit-trail.cpp
audit-trail/rule.cpp
+ audit-trail/user-log.cpp
+ audit-trail/system-log.cpp
)
SET(CAPI_INCLUDE_FILES audit-trail/audit-trail.h
audit-trail/rule.h
+ audit-trail/user-log.h
+ audit-trail/system-log.h
)
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <cstring>
+
+#include "debug.h"
+#include "system-log.h"
+
+#include "client.h"
+
+#include "rmi/log-management.h"
+
+using namespace AuditTrail;
+
+static inline SystemLog& GetSystemLog(void* handle)
+{
+ return *reinterpret_cast<SystemLog*>(handle);
+}
+
+int audit_trail_foreach_system_log(audit_trail_h handle,
+ audit_system_log_cb callback, void *user_data)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &client = GetAuditTrailContext(handle);
+ auto manager = client.createInterface<LogManagement>();
+ int size = manager.countSystemLog();
+
+ for (int i = 0; i < size; i++) {
+ SystemLog log = manager.getSystemLog(i);
+ callback(reinterpret_cast<audit_system_log_h>(&log), user_data);
+ }
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_clear_system_log(audit_trail_h handle)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &client = GetAuditTrailContext(handle);
+ auto manager = client.createInterface<LogManagement>();
+
+ int ret = manager.clearSystemLog();
+ if (ret)
+ return ret;
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_add_system_log_cb(audit_trail_h handle,
+ audit_system_log_cb callback,
+ void* user_data, int *id)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &client = GetAuditTrailContext(handle);
+ int ret = client.subscribeNotification("SystemLog",
+ [callback, user_data, &client] (std::string name, int position)
+ {
+ auto manager = client.createInterface<LogManagement>();
+ auto log(manager.getSystemLog(position - 1));
+ callback(&log, user_data);
+ });
+
+ if (ret < 0)
+ return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
+
+ *id = ret;
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_remove_system_log_cb(audit_trail_h handle, int callback_id)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(callback_id >= 0, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &client = GetAuditTrailContext(handle);
+ int ret = client.unsubscribeNotification(callback_id);
+ if (ret)
+ return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __CAPI_AUDIT_TRAIL_SYSTEM_LOG_H__
+#define __CAPI_AUDIT_TRAIL_SYSTEM_LOG_H__
+
+#include <time.h>
+#include <unistd.h>
+
+#include <audit-trail/audit-trail.h>
+
+/**
+ * @file system-log.h
+ * @brief This file provides APIs to manage system audit logs
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @addtogroup System-log-management
+ * @{
+ */
+
+/**
+ * @brief The system audit log handle
+ * @details The system audit log handle is an abstraction of the audit log
+ * from the inside of kernel.
+ * The audit system log handle must be used in audit_system_log_cb.
+ * and it should not be freed because it would be freed in
+ * the inside of APIs.
+ * @since_tizen 5.0
+ * @see audit_system_log_cb()
+ * @see audit_foreach_system_log()
+ */
+typedef void* audit_system_log_h;
+
+/**
+ * @brief Called to get a audit logs from the inside of kernel as an array
+ * This function is called with system audit log handles, which can
+ * be used to get system audit logs. and also it must not be freed.
+ * @since_tizen 5.0
+ * @param[in] log The audit system log handle
+ * @param[in] user_data The system data passed from the function
+ * @see audit_foreach_system_log
+ */
+typedef void (*audit_system_log_cb)(audit_system_log_h log, void* user_data);
+
+/**
+ * @brief Clears all collected system audit logs saved in audit-trail.
+ * @details This API removes all system audit logs collected by audit-trail.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail handle
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ */
+AUDIT_TRAIL_API int audit_trail_clear_system_log(audit_trail_h handle);
+
+/**
+ * @brief Retrieves all collected system audit logs in this device.
+ * @details This API calls audit_system_log_cb() once for each system audit
+ * logs in this system
+ * @since_tizen 5.0
+ * @param[in] handle The audit handle
+ * @param[in] callback The iteration callback function
+ * @param[in] user_data The user data passed to the callback function
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_system_log_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_foreach_system_log(audit_trail_h handle,
+ audit_system_log_cb callback, void *user_data);
+
+/**
+ * @brief Adds an system audit log callback.
+ * @details This API can be used to receive audit logs from the inside of
+ * kernel. The callback specified to this function is
+ * automatically called when a new log occurs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit_trail handle
+ * @param[in] callback The callback to get system audit logs
+ * @param[in] user_data The user data passed to the callback function
+ * @param[out] id Callback identifier
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ * @see audit_system_log_cb()
+ * @see audit_trail_remove_system_log_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_add_system_log_cb(audit_trail_h handle,
+ audit_system_log_cb callback, void* user_data,
+ int* id);
+
+/**
+ * @brief Removes the system audit log callback.
+ * @details This API can be used to remove the callback for audit logs from
+ * the inside of the kernel.
+ * @since_tizen 5.0
+ * @param[in] handle The audit trail handle
+ * @param[in] id Callback identifier
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ * @see audit_system_log_cb()
+ * @see audit_trail_add_system_log_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_remove_system_log_cb(audit_trail_h handle,
+ int id);
+
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __CAPI_AUDIT_TRAIL_SYSTEM_LOG_H__ */
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <cstring>
+
+#include "debug.h"
+#include "user-log.h"
+
+#include "client.h"
+
+#include "rmi/log-management.h"
+
+using namespace AuditTrail;
+
+static inline UserLog& GetUserLog(void* handle)
+{
+ return *reinterpret_cast<UserLog*>(handle);
+}
+
+int audit_trail_foreach_user_log(audit_trail_h handle,
+ audit_user_log_cb callback, void *user_data)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &client = GetAuditTrailContext(handle);
+ auto manager = client.createInterface<LogManagement>();
+ int size = manager.countUserLog();
+
+ for (int i = 0; i < size; i++) {
+ UserLog log = manager.getUserLog(i);
+ callback(reinterpret_cast<audit_user_log_h>(&log), user_data);
+ }
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_clear_user_log(audit_trail_h handle)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &client = GetAuditTrailContext(handle);
+ auto manager = client.createInterface<LogManagement>();
+
+ int ret = manager.clearUserLog();
+ if (ret)
+ return ret;
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_add_user_log_cb(audit_trail_h handle,
+ audit_user_log_cb callback,
+ void* user_data, int *id)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &client = GetAuditTrailContext(handle);
+ int ret = client.subscribeNotification("UserLog",
+ [callback, user_data, &client] (std::string name, int position)
+ {
+ auto manager = client.createInterface<LogManagement>();
+ auto log(manager.getUserLog(position - 1));
+ callback(&log, user_data);
+ });
+
+ if (ret < 0)
+ return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
+
+ *id = ret;
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_remove_user_log_cb(audit_trail_h handle, int callback_id)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(callback_id >= 0, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &client = GetAuditTrailContext(handle);
+ int ret = client.unsubscribeNotification(callback_id);
+ if (ret)
+ return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __CAPI_AUDIT_TRAIL_USER_LOG_H__
+#define __CAPI_AUDIT_TRAIL_USER_LOG_H__
+
+#include <time.h>
+#include <unistd.h>
+
+#include <audit-trail/audit-trail.h>
+
+/**
+ * @file user-log.h
+ * @brief This file provides APIs to manage user audit logs
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @addtogroup User-log-management
+ * @{
+ */
+
+/**
+ * @brief The user audit log handle
+ * @details The user audit log handle is an abstraction of the audit log
+ * from user process.
+ * The audit user log handle must be used in audit_user_log_cb.
+ * and it should not be freed because it would be freed in
+ * the inside of APIs.
+ * @since_tizen 5.0
+ * @see audit_user_log_cb()
+ * @see audit_foreach_user_log()
+ */
+typedef void* audit_user_log_h;
+
+/**
+ * @brief Called to get a audit logs from user processes as an array.
+ * This function is called with user audit log handles, which can
+ * be used to get user audit logs. and also it must not be freed.
+ * @since_tizen 5.0
+ * @param[in] log The audit user log handle
+ * @param[in] user_data The user data passed from the function
+ * @see audit_foreach_user_log
+ */
+typedef void (*audit_user_log_cb)(audit_user_log_h log, void* user_data);
+
+/**
+ * @brief Clears all collected user audit logs saved in audit-trail.
+ * @details This API removes all user audit logs collected by audit-trail.
+ * @since_tizen 5.0
+ * @param[in] handle The audit trail handle
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ */
+AUDIT_TRAIL_API int audit_trail_clear_user_log(audit_trail_h handle);
+
+/**
+ * @brief Retrieves all collected user audit logs in this device.
+ * @details This API calls audit_user_log_cb() once for each user audit logs
+ * in this system
+ * @since_tizen 5.0
+ * @param[in] handle The audit trail handle
+ * @param[in] callback The iteration callback function
+ * @param[in] user_data The user data passed to the callback function
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ * @see audit_user_log_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_foreach_user_log(audit_trail_h handle,
+ audit_user_log_cb callback, void *user_data);
+
+/**
+ * @brief Adds an user audit log callback.
+ * @details This API can be used to receive audit logs from user processes.
+ * The callback specified to this function is automatically called
+ * when a new log occurs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit trail handle
+ * @param[in] callback The callback to get user audit logs
+ * @param[in] user_data The user data passed to the callback function
+ * @param[out] id Callback identifier
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @pre The handle must be created by audit_trail_create().
+ * @pre DAC auditing must be enabled by audit_trail_enable_dac().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ * @see audit_user_log_cb()
+ * @see audit_trail_remove_user_log_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_add_user_log_cb(audit_trail_h handle,
+ audit_user_log_cb callback, void* user_data,
+ int* id);
+
+/**
+ * @brief Removes the user audit log callback.
+ * @details This API can be used to remove the callback for audit logs from
+ * user processes.
+ * @since_tizen 5.0
+ * @param[in] handle The audit trail handle
+ * @param[in] id Callback identifier
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ * @see audit_user_log_cb()
+ * @see audit_trail_add_user_log_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_remove_user_log_cb(audit_trail_h handle,
+ int id);
+
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __CAPI_AUDIT_TRAIL_USER_LOG_H__ */
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include "rmi/log-management.h"
+
+namespace AuditTrail {
+
+LogManagement::LogManagement(AuditTrailControlContext& ctx) :
+ context(ctx)
+{
+}
+
+LogManagement::~LogManagement()
+{
+}
+
+SystemLog LogManagement::getSystemLog(unsigned int pos)
+{
+ try {
+ return context->methodCall<SystemLog>("LogManagement::getSystemLog", pos);
+ } catch (runtime::Exception& e) {}
+ return SystemLog();
+}
+
+int LogManagement::countSystemLog()
+{
+ try {
+ return context->methodCall<int>("LogManagement::countSystemLog");
+ } catch (runtime::Exception& e) {}
+ return -1;
+}
+
+int LogManagement::clearSystemLog()
+{
+ try {
+ return context->methodCall<int>("LogManagement::clearSystemLog");
+ } catch (runtime::Exception& e) {}
+ return -1;
+}
+
+UserLog LogManagement::getUserLog(unsigned int pos)
+{
+ try {
+ return context->methodCall<UserLog>("LogManagement::getUserLog", pos);
+ } catch (runtime::Exception& e) {}
+ return UserLog();
+}
+
+int LogManagement::countUserLog()
+{
+ try {
+ return context->methodCall<int>("LogManagement::countUserLog");
+ } catch (runtime::Exception& e) {}
+ return -1;
+}
+
+int LogManagement::clearUserLog()
+{
+ try {
+ return context->methodCall<int>("LogManagement::clearUserLog");
+ } catch (runtime::Exception& e) {}
+ return -1;
+}
+
+} // namespace AuditTrail
%attr(755,root,root) %{_bindir}/audit-trail-daemon
%{_unitdir}/audit-trail.service
%{_unitdir}/multi-user.target.wants/audit-trail.service
-#%attr(700,root,root) %{_sbindir}/audit-trail-admin-cli
+%attr(700,root,root) %{_sbindir}/audit-trail-admin-cli
%prep
%setup -q
%manifest audit-trail.manifest
%defattr(644,root,root,755)
%attr(700,root,root) %{_sbindir}/audit-trail-send-test
-#%attr(700,root,root) %{_sbindir}/audit-trail-speed-test
+%attr(700,root,root) %{_sbindir}/audit-trail-speed-test
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __AUDIT_TRAIL_LOG_MANAGEMENT_H__
+#define __AUDIT_TRAIL_LOG_MANAGEMENT_H__
+
+#include "context.h"
+
+#include "audit/audit-user-log.h"
+#include "audit/audit-system-log.h"
+
+namespace AuditTrail {
+
+struct SystemLog {
+ AuditSystemLog log;
+ REFLECTABLE(log.tag,
+ log.time.time, log.time.millisec,
+ log.subject.uid, log.subject.euid,
+ log.subject.gid, log.subject.egid,
+ log.subject.label, log.subject.name, log.subject.pid,
+ log.object.type, log.object.uid, log.object.gid,
+ log.object.mode, log.object.label, log.object.name,
+ log.object.pid, log.object.inode,
+ log.action.systemCall, log.action.exitCode,
+ log.action.args[0], log.action.args[1],
+ log.action.args[2],log.action.args[3]);
+};
+
+struct UserLog {
+ AuditUserLog log;
+ REFLECTABLE(log.time.time, log.time.millisec,
+ log.log.type, log.log.pid, log.log.text);
+};
+
+class LogManagement final {
+public:
+ LogManagement(AuditTrailControlContext& ctxt);
+ ~LogManagement();
+
+ SystemLog getSystemLog(unsigned int pos);
+ int countSystemLog();
+ int clearSystemLog();
+
+ UserLog getUserLog(unsigned int pos);
+ int countUserLog();
+ int clearUserLog();
+
+private:
+ AuditTrailControlContext& context;
+};
+
+} // namespace AuditTrail
+#endif // __AUDIT_TRAIL_LOG_MANAGEMENT_H__
#
SET(SERVER_SRCS main.cpp
server.cpp
+ log-management.cpp
rule-management.cpp
)
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <unistd.h>
+
+#include "rmi/log-management.h"
+
+#define PRIVILEGE_PLATFORM "http://tizen.org/privilege/internal/default/platform"
+
+namespace AuditTrail {
+
+LogManagement::LogManagement(AuditTrailControlContext &ctx) :
+ context(ctx)
+{
+ context.expose(this, PRIVILEGE_PLATFORM, (SystemLog)(LogManagement::getSystemLog)(unsigned int));
+ context.expose(this, PRIVILEGE_PLATFORM, (int)(LogManagement::countSystemLog)());
+ context.expose(this, PRIVILEGE_PLATFORM, (int)(LogManagement::clearSystemLog)());
+ context.expose(this, PRIVILEGE_PLATFORM, (UserLog)(LogManagement::getUserLog)(unsigned int));
+ context.expose(this, PRIVILEGE_PLATFORM, (int)(LogManagement::countUserLog)());
+ context.expose(this, PRIVILEGE_PLATFORM, (int)(LogManagement::clearUserLog)());
+
+ context.createNotification("UserLog");
+ context.createNotification("SystemLog");
+
+ auto &systemLogs = context.getAuditParser().systemLogs;
+ systemLogs.setCallback([&ctx, &systemLogs] (AuditSystemLog &log) {
+ ctx.notify("SystemLog", systemLogs.size());
+ });
+
+ auto &userLogs = context.getAuditParser().userLogs;
+ userLogs.setCallback([&ctx, &userLogs] (AuditUserLog &log) {
+ ctx.notify("UserLog", userLogs.size());
+ });
+}
+
+LogManagement::~LogManagement()
+{
+}
+
+SystemLog LogManagement::getSystemLog(unsigned int pos)
+{
+ SystemLog ret;
+ auto &logs = context.getAuditParser().systemLogs.get();
+ if (logs.size() > pos) {
+ ret.log = logs[pos];
+ }
+ return ret;
+}
+
+int LogManagement::countSystemLog()
+{
+ return context.getAuditParser().systemLogs.size();
+}
+
+int LogManagement::clearSystemLog()
+{
+ context.getAuditParser().systemLogs.clear();
+ return 0;
+}
+
+UserLog LogManagement::getUserLog(unsigned int pos)
+{
+ UserLog ret;
+ auto &logs = context.getAuditParser().userLogs.get();
+ if (logs.size() > pos) {
+ ret.log = logs[pos];
+ }
+ return ret;
+}
+
+int LogManagement::countUserLog()
+{
+ return context.getAuditParser().userLogs.size();
+}
+
+int LogManagement::clearUserLog()
+{
+ context.getAuditParser().userLogs.clear();
+ return 0;
+}
+
+} // namespace AuditTrail
#include <cynara-client.h>
#include <cynara-session.h>
+#include "rmi/log-management.h"
#include "rmi/rule-management.h"
#include "server.h"
const std::string AUDIT_TRAIL_MANAGER_ADDRESS = "/tmp/.audit-trail.sock";
+std::unique_ptr<AuditTrail::LogManagement> log;
std::unique_ptr<AuditTrail::RuleManagement> rule;
} // namespace
audit->setPID(::getpid());
auditParser.reset(new AuditMessageParser(*audit, service->mainloop));
+
+ log.reset(new AuditTrail::LogManagement(*this));
rule.reset(new AuditTrail::RuleManagement(*this));
}
# See the License for the specific language governing permissions and
# limitations under the License.
#
-#SET(AUDIT_TRAIL_CLI ${AUDIT_TRAIL_TOOLS}/cli)
+SET(AUDIT_TRAIL_CLI ${AUDIT_TRAIL_TOOLS}/cli)
SET(AUDIT_TRAIL_TEST ${AUDIT_TRAIL_TOOLS}/tests)
-#ADD_SUBDIRECTORY(${AUDIT_TRAIL_CLI})
+ADD_SUBDIRECTORY(${AUDIT_TRAIL_CLI})
ADD_SUBDIRECTORY(${AUDIT_TRAIL_TEST})
#include <sstream>
#include <iostream>
-#include <audit-trail/dac.h>
-#include <audit-trail/mac.h>
-#include <audit-trail/user.h>
-#include <audit-trail/syscall.h>
-#include <audit-trail/audit-trail.h>
+#include <audit-trail/rule.h>
+#include <audit-trail/user-log.h>
+#include <audit-trail/system-log.h>
enum {
- LOG_TYPE_DAC,
- LOG_TYPE_MAC,
LOG_TYPE_USER,
- LOG_TYPE_SYSCALL,
+ LOG_TYPE_SYSTEM,
};
GMainLoop *gmainloop = NULL;
std::cout << "Usage: " << name << " [Option]" << std::endl
<< std::endl
<< "Options :" << std::endl
- << " -s, --show=[dac|mac|syscall|user] show the audit logs" << std::endl
- << " -c, --clear=[dac|mac|syscall|user] clear the audit logs" << std::endl
- << " -d, --disable=[dac|mac|syscall|user] disable to collect logs" << std::endl
- << " -e, --enable=[dac|mac|syscall|user] enable to collect logs" << std::endl
- << " -m, --monitor monitor for all audit logs" << std::endl
- << " -h, --help show this" << std::endl
+ << " -s, --show=[user|system] show the audit logs" << std::endl
+ << " -c, --clear=[user|system] clear the audit logs" << std::endl
+ << " -m, --monitor monitor for all audit logs" << std::endl
+ << " -h, --help show this" << std::endl
<< std::endl;
return -1;
}
-std::string printDACLog(audit_trail_dac_h log)
+std::string printUserLog(audit_user_log_h log)
{
std::stringstream str;
- const char *text;
- unsigned int uint;
- uid_t uid;
- gid_t gid;
- pid_t pid;
- mode_t mode;
-
- time_t time;
- unsigned short millisec;
- audit_trail_get_dac_time(log, &time, &millisec);
- struct tm *local = localtime(&time);
-
- str << "time={"
- << local->tm_hour << ":" << local->tm_min << ":" << local->tm_sec
- << "." << millisec;
- str << "},subject={";
- audit_trail_get_dac_subject_name(log, &text);
- str << "name=" << text;
- audit_trail_get_dac_subject_owner(log, &uid, &gid);
- str << ",uid=" << uid << ",gid=" << gid;
- audit_trail_get_dac_subject_effective_owner(log, &uid, &gid);
- str << ",euid=" << uid << ",egid=" << gid;
- audit_trail_get_dac_subject_pid(log, &pid);
- str << ",pid=" << pid;
+ str << "time={";
- str << "},object={";
- audit_trail_get_dac_object_name(log, &text);
- str << "name=" << text;
- audit_trail_get_dac_object_owner(log, &uid, &gid);
- if (uid != UINT_MAX) {
- str << ",uid=" << uid;
- }
- if (gid != UINT_MAX) {
- str << ",gid=" << gid;
- }
- audit_trail_get_dac_object_mode(log, &mode);
- if (mode != UINT_MAX) {
- str << ",mode=" << std::oct << mode;
- }
+ str << "},log={";
- str << "},action={";
- audit_trail_get_dac_action_syscall(log, &uint);
- str << "syscall=" << uint;
str << "}";
return str.str();
}
-std::string printMACLog(audit_trail_dac_h log)
+std::string printSystemLog(audit_system_log_h log)
{
std::stringstream str;
- const char *text;
- unsigned int uint;
- pid_t pid;
- time_t time;
- unsigned short millisec;
- audit_trail_get_mac_time(log, &time, &millisec);
- struct tm *local = localtime(&time);
-
- str << "time={"
- << local->tm_hour << ":" << local->tm_min << ":" << local->tm_sec
- << "." << millisec;
+ str << "time={";
str << "},subject={";
- audit_trail_get_mac_subject_name(log, &text);
- str << "name=" << text;
- audit_trail_get_mac_subject_label(log, &text);
- str << ",label=" << text;
- audit_trail_get_mac_subject_pid(log, &pid);
- str << ",pid=" << pid;
str << "},object={";
- audit_trail_get_mac_object_name(log, &text);
- str << "name=" << text;
- audit_trail_get_mac_object_label(log, &text);
- str << ",label=" << text;
str << "},action={";
- audit_trail_get_mac_action_syscall(log, &uint);
- str << "syscall=" << uint;
- audit_trail_get_mac_action_request(log, &text);
- str << ",request=" << text;
- str << "}";
-
- return str.str();
-}
-
-std::string printUserLog(audit_trail_dac_h log)
-{
- std::stringstream str;
- const char *text;
- int type;
-
- time_t time;
- unsigned short millisec;
- audit_trail_get_user_time(log, &time, &millisec);
- struct tm *local = localtime(&time);
-
- str << "time={"
- << local->tm_hour << ":" << local->tm_min << ":" << local->tm_sec
- << "." << millisec;
- str << "},log={";
- audit_trail_get_user_log_type(log, &type);
- str << "type=" << type;
- audit_trail_get_user_log_text(log, &text);
- str << ",text=" << text;
-
- str << "}";
-
- return str.str();
-}
-
-std::string printSyscallLog(audit_trail_syscall_h log)
-{
- std::stringstream str;
- const char *text;
- unsigned int uint;
- uid_t uid;
- gid_t gid;
- pid_t pid;
-
- time_t time;
- unsigned short millisec;
- audit_trail_get_dac_time(log, &time, &millisec);
- struct tm *local = localtime(&time);
-
- str << "time={"
- << local->tm_hour << ":" << local->tm_min << ":" << local->tm_sec
- << "." << millisec;
-
- str << "},subject={";
- audit_trail_get_syscall_subject_name(log, &text);
- str << "name=" << text;
- audit_trail_get_syscall_subject_owner(log, &uid, &gid);
- str << ",uid=" << uid << ",gid=" << gid;
- audit_trail_get_syscall_subject_effective_owner(log, &uid, &gid);
- str << ",euid=" << uid << ",egid=" << gid;
- audit_trail_get_syscall_subject_pid(log, &pid);
- str << ",pid=" << pid;
-
- str << "},action={";
- audit_trail_get_syscall_action_syscall(log, &uint);
- str << "syscall=" << uint;
- audit_trail_get_syscall_action_exitcode(log, &uint);
- str << ",exitcode=" << uint;
str << "}";
return str.str();
std::cout << "{";
switch ((intptr_t)userData) {
- case LOG_TYPE_DAC:
- std::cout << printDACLog(log);
- break;
- case LOG_TYPE_MAC:
- std::cout << printDACLog(log);
- break;
case LOG_TYPE_USER:
std::cout << printUserLog(log);
break;
- case LOG_TYPE_SYSCALL:
- std::cout << printSyscallLog(log);
+ case LOG_TYPE_SYSTEM:
+ std::cout << printSystemLog(log);
break;
}
std::cout << "}" << std::endl;
-
- std::cout << log << std::endl;
}
int showLog(const std::string type)
audit_trail_create(&auditTrail);
while (getline(tok, word, '|')) {
- if (word == "dac") {
- std::cout << "DAC logs" << std::endl;
- audit_trail_foreach_dac(auditTrail, foreachLog, (void*)LOG_TYPE_DAC);
- } else if (word == "mac") {
- std::cout << "MAC logs" << std::endl;
- audit_trail_foreach_mac(auditTrail, foreachLog, (void*)LOG_TYPE_MAC);
- } else if (word == "user") {
+ if (word == "user") {
std::cout << "User logs" << std::endl;
- audit_trail_foreach_user(auditTrail, foreachLog, (void*)LOG_TYPE_USER);
- } else if (word == "syscall") {
- std::cout << "System call logs" << std::endl;
- audit_trail_foreach_syscall(auditTrail, foreachLog, (void*)LOG_TYPE_SYSCALL);
+ audit_trail_foreach_user_log(auditTrail, foreachLog,
+ (void*)LOG_TYPE_USER);
+ } else if (word == "system") {
+ std::cout << "System logs" << std::endl;
+ audit_trail_foreach_system_log(auditTrail, foreachLog,
+ (void*)LOG_TYPE_SYSTEM);
}
}
audit_trail_create(&auditTrail);
while (getline(tok, word, '|')) {
- if (word == "dac") {
- audit_trail_clear_dac(auditTrail);
- } else if (word == "mac") {
- audit_trail_clear_mac(auditTrail);
- } else if (word == "user") {
- audit_trail_clear_user(auditTrail);
- } else if (word == "syscall") {
- audit_trail_clear_syscall(auditTrail);
+ if (word == "user") {
+ audit_trail_clear_user_log(auditTrail);
+ } else if (word == "system") {
+ audit_trail_clear_system_log(auditTrail);
}
}
return 0;
}
-int enableLog(const std::string type, bool en)
-{
- std::stringstream tok(type);
- std::string word;
-
- audit_trail_h auditTrail;
- audit_trail_create(&auditTrail);
-
- while (getline(tok, word, '|')) {
- if (word == "dac") {
- audit_trail_enable_dac(auditTrail, en);
- } else if (word == "mac") {
- audit_trail_enable_mac(auditTrail, en);
- } else if (word == "user") {
- audit_trail_enable_user(auditTrail, en);
- } else if (word == "syscall") {
- audit_trail_enable_syscall(auditTrail, en);
- }
- }
-
- std::cout << "Enabled : ";
-
- en = false;
- audit_trail_is_enabled_dac(auditTrail, &en);
- if (en) {
- std::cout << "dac ";
- }
- audit_trail_is_enabled_mac(auditTrail, &en);
- if (en) {
- std::cout << "mac ";
- }
- audit_trail_is_enabled_user(auditTrail, &en);
- if (en) {
- std::cout << "user ";
- }
- audit_trail_is_enabled_syscall(auditTrail, &en);
- if (en) {
- std::cout << "syscall ";
- }
-
- std::cout << std::endl;
-
- audit_trail_destroy(auditTrail);
- return 0;
-}
-
void monitorSigHandler(int sig)
{
g_main_loop_quit(gmainloop);
void logCallback(void* log, void *userData)
{
switch ((intptr_t)userData) {
- case LOG_TYPE_DAC:
- std::cout << "\x1B[33m[DAC] ";
- std::cout << "{";
- std::cout << printDACLog(log);
- std::cout << "}";
- break;
- case LOG_TYPE_MAC:
- std::cout << "\x1B[31m[MAC] ";
- std::cout << "{";
- std::cout << printMACLog(log);
- std::cout << "}";
- break;
case LOG_TYPE_USER:
- std::cout << "[User] ";
+ std::cout << "\x1B[33m[USER] ";
std::cout << "{";
std::cout << printUserLog(log);
std::cout << "}";
break;
- case LOG_TYPE_SYSCALL:
- std::cout << "[SystemCall] ";
+ case LOG_TYPE_SYSTEM:
+ std::cout << "\x1B[31m[SYSTEM] ";
std::cout << "{";
- std::cout << printSyscallLog(log);
+ std::cout << printSystemLog(log);
std::cout << "}";
break;
}
int monitorLog()
{
- int macCbId, dacCbId, syscallCbId, userCbId;
+ int userCbId, systemCbId;
audit_trail_h auditTrail;
audit_trail_create(&auditTrail);
- audit_trail_add_dac_cb(auditTrail, logCallback, (void*)LOG_TYPE_DAC, &dacCbId);
- audit_trail_add_mac_cb(auditTrail, logCallback, (void*)LOG_TYPE_MAC, &macCbId);
- audit_trail_add_user_cb(auditTrail, logCallback, (void*)LOG_TYPE_USER, &userCbId);
- audit_trail_add_syscall_cb(auditTrail, logCallback, (void*)LOG_TYPE_SYSCALL, &syscallCbId);
+ audit_trail_add_user_log_cb(auditTrail, logCallback, (void*)LOG_TYPE_USER, &userCbId);
+ audit_trail_add_system_log_cb(auditTrail, logCallback, (void*)LOG_TYPE_SYSTEM, &systemCbId);
std::cout << "=== Monitoring start ===" << std::endl << std::endl;
g_main_loop_run(gmainloop);
g_main_loop_unref(gmainloop);
- audit_trail_remove_dac_cb(auditTrail, dacCbId);
- audit_trail_remove_mac_cb(auditTrail, macCbId);
- audit_trail_remove_user_cb(auditTrail, userCbId);
- audit_trail_remove_syscall_cb(auditTrail, syscallCbId);
+ audit_trail_remove_user_log_cb(auditTrail, userCbId);
+ audit_trail_remove_system_log_cb(auditTrail, systemCbId);
std::cout << std::endl << "=== Monitoring end ===" << std::endl;
{"help", no_argument, 0, 'h'},
{"show", required_argument, 0, 's'},
{"clear", required_argument, 0, 'c'},
- {"enable", required_argument, 0, 'e'},
- {"disable", required_argument, 0, 'd'},
{"monitor", no_argument, 0, 'm'},
{0, 0, 0, 0}
};
return EXIT_SUCCESS;
}
- while ((opt = getopt_long(argc, argv, "s:c:d:e:mh", options, &index)) != -1) {
+ while ((opt = getopt_long(argc, argv, "s:c:mh", options, &index)) != -1) {
switch (opt) {
case 's':
ret = showLog(optarg);
case 'c':
ret = clearLog(optarg);
break;
- case 'd':
- ret = enableLog(optarg, false);
- break;
- case 'e':
- ret = enableLog(optarg, true);
- break;
case 'm':
ret = monitorLog();
break;
#
FILE(GLOB SEND_SRCS send.cpp)
-#FILE(GLOB SPEED_SRCS speed.cpp)
+FILE(GLOB SPEED_SRCS speed.cpp)
SET(SEND_NAME ${PROJECT_NAME}-send-test)
-#SET(SPEED_NAME ${PROJECT_NAME}-speed-test)
+SET(SPEED_NAME ${PROJECT_NAME}-speed-test)
ADD_EXECUTABLE(${SEND_NAME} ${SEND_SRCS})
-#ADD_EXECUTABLE(${SPEED_NAME} ${SPEED_SRCS})
+ADD_EXECUTABLE(${SPEED_NAME} ${SPEED_SRCS})
SET_TARGET_PROPERTIES(${SEND_NAME} PROPERTIES PREFIX ""
glib-2.0
)
-#INCLUDE_DIRECTORIES(SYSTEM ${CLI_DEPS_INCLUDE_DIRS} ${AUDIT_TRAIL_LIB})
-#TARGET_LINK_LIBRARIES(${SPEED_NAME} ${CLI_DEPS_LIBRARIES} ${PROJECT_NAME} audit-trail)
+INCLUDE_DIRECTORIES(SYSTEM ${CLI_DEPS_INCLUDE_DIRS} ${AUDIT_TRAIL_LIB})
+TARGET_LINK_LIBRARIES(${SPEED_NAME} ${CLI_DEPS_LIBRARIES} ${PROJECT_NAME} audit-trail)
INSTALL(TARGETS ${SEND_NAME} DESTINATION sbin)
-#INSTALL(TARGETS ${SPEED_NAME} DESTINATION sbin)
+INSTALL(TARGETS ${SPEED_NAME} DESTINATION sbin)
#include <sys/time.h>
#include <sys/socket.h>
#include <linux/netlink.h>
-#include <audit-trail/user.h>
+#include <audit-trail/user-log.h>
#include <string>
#include <cstring>
long long total_time = 0;
-void logCb(void* log, void *userData)
+void logCb(audit_user_log_h log, void *userData)
{
gettimeofday(&end_time, NULL);
end = true;
audit_trail_h auditTrail;
audit_trail_create(&auditTrail);
- audit_trail_enable_user(auditTrail, true);
- audit_trail_add_user_cb(auditTrail, logCb, NULL, &ret);
+ audit_trail_add_user_log_cb(auditTrail, logCb, NULL, &ret);
for (int i = 0; i < COUNT ; i++) {
end = false;
projects / platform / core / security / audit-trail.git / commitdiff