Add CAPI to load a ruleset plugin

Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I241efc1f2a9853daf438cc90645849953fab4e03

diff --git a/lib/audit-trail/rule.cpp b/lib/audit-trail/rule.cpp
index a4ae03d69a3324d0b501c105fc4af552191996b5..edda040e09dba043497a7ba3f19f09f8023553a9 100644 (file)
--- a/lib/audit-trail/rule.cpp
+++ b/lib/audit-trail/rule.cpp
@@ -216,3 +216,16 @@ int audit_trail_foreach_rule(audit_trail_h handle,
 
        return AUDIT_TRAIL_ERROR_NONE;
 }
+
+int audit_trail_load_ruleset(audit_trail_h handle, const char *name)
+{
+       RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+       RET_ON_FAILURE(name, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+       AuditTrailContext &client = GetAuditTrailContext(handle);
+       auto manager = client.createInterface<RuleManagement>();
+
+       manager.loadRuleSet(name);
+
+       return AUDIT_TRAIL_ERROR_NONE;
+}

diff --git a/lib/audit-trail/rule.h b/lib/audit-trail/rule.h
index b00164f9173225d88f391582e9226e4be3f2fda6..3286bb280b56a658df0c59ace58bf0cf70c0c9da 100644 (file)
--- a/lib/audit-trail/rule.h
+++ b/lib/audit-trail/rule.h
@@ -338,6 +338,23 @@ typedef void (*audit_rule_cb)(audit_rule_h rule, void* user_data);
  */
 AUDIT_TRAIL_API int audit_trail_foreach_rule(audit_trail_h handle,
                                                                        audit_rule_cb callback, void *user_data);
+
+/**
+ * @brief       Load the specified ruleset module
+ * @details     This API loads the specified ruleset module and apply the rules
+ *              of the module onto this system
+ * @since_tizen 5.0
+ * @param[in]   handle The audit handle
+ * @param[in]   name The modules name
+ * @return      #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval      #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval      #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval      #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre         The handle must be created by audit_trail_create().
+ * @see         audit_trail_create()
+ */
+AUDIT_TRAIL_API int audit_trail_load_ruleset(audit_trail_h handle,
+                                                                                               const char *name);
 /**
  * @}
  */

diff --git a/lib/rule-management.cpp b/lib/rule-management.cpp
index d219c4e2888478c8a379e781c93814ccf704bc26..54c3bde2e222b505611392711ed691b345177fb6 100644 (file)
--- a/lib/rule-management.cpp
+++ b/lib/rule-management.cpp
@@ -50,4 +50,12 @@ std::vector<std::vector<char>> RuleManagement::getRules()
        return std::vector<std::vector<char>>();
 }
 
+int RuleManagement::loadRuleSet(std::string name)
+{
+       try {
+               return context->methodCall<int>("RuleManagement::loadRuleSet", name);
+       } catch (runtime::Exception& e) {}
+       return -1;
+}
+
 } // namespace AuditTrail

diff --git a/rmi/rule-management.h b/rmi/rule-management.h
index 740b0ea23ad7eca02ef050756302d75ca127a992..f4b669279c29aa868f6b10dd5cd1a9991ccd3e19 100644 (file)
--- a/rmi/rule-management.h
+++ b/rmi/rule-management.h
@@ -30,6 +30,8 @@ public:
        int removeRule(std::vector<char> data);
        std::vector<std::vector<char>> getRules();
 
+       int loadRuleSet(std::string name);
+
 private:
        AuditTrailControlContext& context;
 };

diff --git a/server/rule-management.cpp b/server/rule-management.cpp
index 10f11638bf82e0a8d0ed867aca4fec784687a709..dbb768790b5ac618bd87823f8803932b4560d1ca 100644 (file)
--- a/server/rule-management.cpp
+++ b/server/rule-management.cpp
@@ -27,6 +27,7 @@ RuleManagement::RuleManagement(AuditTrailControlContext &ctx) :
        context.expose(this, PRIVILEGE_PLATFORM, (int)(RuleManagement::addRule)(std::vector<char>));
        context.expose(this, PRIVILEGE_PLATFORM, (int)(RuleManagement::removeRule)(std::vector<char>));
        context.expose(this, PRIVILEGE_PLATFORM, (std::vector<std::vector<char>>)(RuleManagement::getRules)());
+       context.expose(this, PRIVILEGE_PLATFORM, (int)(RuleManagement::loadRuleSet)(std::string));
 }
 
 RuleManagement::~RuleManagement()
@@ -57,4 +58,10 @@ std::vector<std::vector<char>> RuleManagement::getRules()
        return ret;
 }
 
+int RuleManagement::loadRuleSet(std::string name)
+{
+       context.loadRuleSet(name);
+       return 0;
+}
+
 } // namespace AuditTrail

diff --git a/tools/cli/audit-trail-admin-cli.cpp b/tools/cli/audit-trail-admin-cli.cpp
index 2862c26e497307189c994b3cedf62cf312077691..b2463b59c8e17af3d2ff841b0c1f20df78951501 100644 (file)
--- a/tools/cli/audit-trail-admin-cli.cpp
+++ b/tools/cli/audit-trail-admin-cli.cpp
@@ -70,6 +70,7 @@ static inline int usage(const std::string name)
                          << "   -d, --add-dac-rules         apply rules to catch DAC denied" << std::endl
                          << "   -r, --remove-rules          remove all applied rules" << std::endl
                          << "   -l, --list-rules            show the applied rules" << std::endl
+                         << "   -i, --load-ruleset          load a ruleset module" << std::endl
                          << "   -h, --help                  show this" << std::endl
                          << std::endl;
 
@@ -639,7 +640,6 @@ void foreachRuleToRemove(audit_rule_h rule, void *userData)
        audit_rule_destroy(rule);
 }
 
-
 int removeRules()
 {
        audit_trail_h auditTrail = nullptr;
@@ -656,6 +656,22 @@ int removeRules()
        return 0;
 }
 
+int loadRuleSet(std::string name)
+{
+       audit_trail_h auditTrail = nullptr;
+
+       audit_trail_create(&auditTrail);
+       if (auditTrail == nullptr) {
+               std::cerr << "Audit trail can't be usable" << std::endl;
+               return -1;
+       }
+
+       audit_trail_load_ruleset(auditTrail, name.c_str());
+       audit_trail_destroy(auditTrail);
+
+       return 0;
+}
+
 int main(int argc, char* argv[])
 {
        int opt = 0, index, ret = 0;
@@ -668,6 +684,7 @@ int main(int argc, char* argv[])
                {"add-dac-rules", no_argument, 0, 'd'},
                {"remove-rules", no_argument, 0, 'r'},
                {"list-rules", no_argument, 0, 'l'},
+               {"load-ruleset", required_argument, 0, 'l'},
                {0, 0, 0, 0}
        };
 
@@ -676,7 +693,7 @@ int main(int argc, char* argv[])
                return EXIT_SUCCESS;
        }
 
-       while ((opt = getopt_long(argc, argv, "s:c:mdlrh", options, &index)) != -1) {
+       while ((opt = getopt_long(argc, argv, "s:c:mdlri:h", options, &index)) != -1) {
                switch (opt) {
                case 's':
                        ret = showLog(optarg);
@@ -696,6 +713,9 @@ int main(int argc, char* argv[])
                case 'l':
                        ret = listAppliedRules();
                        break;
+               case 'i':
+                       ret = loadRuleSet(optarg);
+                       break;
                case 'h':
                default:
                        usage(argv[0]);