Add all field types to field.h

author seolheui kim <s414.kim@samsung.com>

Thu, 26 Apr 2018 06:13:31 +0000 (15:13 +0900)

committer seolheui kim <s414.kim@samsung.com>

Thu, 26 Apr 2018 06:13:31 +0000 (15:13 +0900)
author seolheui kim <s414.kim@samsung.com>
Thu, 26 Apr 2018 06:13:31 +0000 (15:13 +0900)
committer seolheui kim <s414.kim@samsung.com>
Thu, 26 Apr 2018 06:13:31 +0000 (15:13 +0900)
diff --git a/lib/audit-rule/field.h b/lib/audit-rule/field.h

index e5006064e4759a2e9a6a3801fb505918014a6190..681abe60c8a7affcfb6b9ef4c56cac812a30d729 100644 (file)
--- a/lib/audit-rule/field.h
+++ b/lib/audit-rule/field.h
@@ -40,30 +40,52 @@ public: \
  };
  
  enum class FieldType : unsigned int {
-       EventPid = AUDIT_PID,
-       EventUid = AUDIT_UID,
-       EventEUid = AUDIT_EUID,
-       EventGid = AUDIT_GID,
-       EventEGid = AUDIT_EGID,
-       EventPPid = AUDIT_PPID,
+       Pid = AUDIT_PID,
+       Uid = AUDIT_UID,
+       EUid = AUDIT_EUID,
+       SUid = AUDIT_SUID,
+       FSUid = AUDIT_FSUID,
+       Gid = AUDIT_GID,
+       EGid = AUDIT_EGID,
+       SGid = AUDIT_SGID,
+       FSGid = AUDIT_FSGID,
         AuditUid = AUDIT_LOGINUID,
  
         SubjectUser = AUDIT_SUBJ_USER,
-       ObjectUid = AUDIT_OBJ_UID,
-       ObjectGid = AUDIT_OBJ_GID,
+       SubjectRole = AUDIT_SUBJ_ROLE,
+       SubjectType = AUDIT_SUBJ_TYPE,
+       SubjectSen = AUDIT_SUBJ_SEN,
+       SubjectClr = AUDIT_SUBJ_CLR,
+
+       ObjectUser = AUDIT_OBJ_USER,
+       ObjectRole = AUDIT_OBJ_ROLE,
+       ObjectType = AUDIT_OBJ_TYPE,
+       ObjectLevLow = AUDIT_OBJ_LEV_LOW,
+       ObjectLevHigh = AUDIT_OBJ_LEV_HIGH,
  
         MessageType = AUDIT_MSGTYPE,
+       Arch = AUDIT_ARCH,
+       PPid = AUDIT_PPID,
+
+       DevMajor = AUDIT_DEVMAJOR,
+       DevMinor = AUDIT_DEVMINOR,
+
+       Inode = AUDIT_INODE,
+       SyscallExit = AUDIT_EXIT,
+       SyscallSuccess = AUDIT_SUCCESS,
  
-       Permission = AUDIT_PERM,
         WatchPath = AUDIT_WATCH,
+       Permission = AUDIT_PERM,
         WatchDir = AUDIT_DIR,
  
+       ObjectUid = AUDIT_OBJ_UID,
+       ObjectGid = AUDIT_OBJ_GID,
+
         Arg0 = AUDIT_ARG0,
         Arg1 = AUDIT_ARG1,
         Arg2 = AUDIT_ARG2,
         Arg3 = AUDIT_ARG3,
  
-       Arch = AUDIT_ARCH,
         Tag = AUDIT_FILTERKEY,
  };
  
@@ -90,7 +112,7 @@ public:
                         (ftype == FieldType::WatchPath) ||
                         (ftype == FieldType::WatchDir) ||
                         (ftype == FieldType::Arch) ||
-                       (ftype == FieldType::SubjectUser);
+                       (ftype >= FieldType::SubjectUser && ftype <= FieldType::ObjectLevHigh);
         }
  };
  
@@ -189,29 +211,51 @@ protected:
         T _value;
  };
  
-INT_FIELD(EventPid)
-INT_FIELD(EventUid)
-INT_FIELD(EventEUid)
-INT_FIELD(EventGid)
-INT_FIELD(EventEGid)
-INT_FIELD(EventPPid)
+INT_FIELD(Pid)
+INT_FIELD(Uid)
+INT_FIELD(EUid)
+INT_FIELD(SUid)
+INT_FIELD(FSUid)
+INT_FIELD(Gid)
+INT_FIELD(EGid)
+INT_FIELD(SGid)
+INT_FIELD(FSGid)
  INT_FIELD(AuditUid)
  
-INT_FIELD(ObjectUid)
-INT_FIELD(ObjectGid)
+STR_FIELD(SubjectUser)
+STR_FIELD(SubjectRole)
+STR_FIELD(SubjectType)
+STR_FIELD(SubjectSen)
+STR_FIELD(SubjectClr)
+STR_FIELD(ObjectUser)
+STR_FIELD(ObjectRole)
+STR_FIELD(ObjectType)
+STR_FIELD(ObjectLevLow)
+STR_FIELD(ObjectLevHigh)
  
  INT_FIELD(MessageType)
+STR_FIELD(Arch)
+
+INT_FIELD(PPid)
+INT_FIELD(DevMajor)
+INT_FIELD(DevMinor)
+
+INT_FIELD(Inode)
+INT_FIELD(SyscallExit)
+INT_FIELD(SyscallSuccess)
+
+STR_FIELD(WatchPath)
+INT_FIELD(Permission)
+STR_FIELD(WatchDir)
+
+INT_FIELD(ObjectUid)
+INT_FIELD(ObjectGid)
  
  INT_FIELD(Arg0)
  INT_FIELD(Arg1)
  INT_FIELD(Arg2)
  INT_FIELD(Arg3)
  
-STR_FIELD(SubjectUser)
-
-INT_FIELD(Permission)
-STR_FIELD(WatchPath)
-STR_FIELD(WatchDir)
  STR_FIELD(Tag)
  
  #endif /*__AUDIT_RULE_FIELD_H__*/
author	seolheui kim <s414.kim@samsung.com>
	Thu, 26 Apr 2018 06:13:31 +0000 (15:13 +0900)
committer	seolheui kim <s414.kim@samsung.com>
	Thu, 26 Apr 2018 06:13:31 +0000 (15:13 +0900)