* @param eventType type of the event
* @param event event content
*/
- void addReportEvent(const std::string& eventType, const std::string& event);
+ void addReportEvent(const std::string& eventType, const Json::Value& event);
/**
* @brief loadResource load resource identified by URI
#include <sstream>
#include <jsoncpp/json/value.h>
+#include <memory>
namespace NetworkManager
{
-typedef std::pair<std::string, std::string> ReportEvent;
+typedef std::pair<std::string, Json::Value> ReportEvent;
/**
* @brief The ReportComposer class used for packing report into one message
}
}
-void Connection::addReportEvent(const std::string& eventType, const std::string& event)
+void Connection::addReportEvent(const std::string& eventType, const Json::Value& event)
{
std::lock_guard<std::mutex> lock(locker);
- reports.emplace_back(eventType, event);
+ reports.emplace_back(eventType, std::move(event));
notice.notify_one();
}
if (!reports.empty()) {
ReportComposer composer;
- composer.addEvents(reports.cbegin(), reports.cend());
+ composer.addEvents(reports.begin(), reports.end());
reports.clear();
lock.unlock();
* @author Mail to: <A HREF="mailto:i.metelytsia@samsung.com">Iurii Metelytsia, i.metelytsia@samsung.com</A>
* @author Mail to: <A HREF="mailto:d.lomtev@samsung.com">Dmytro Lomtev, d.lomtev@samsung.com</A>
*/
-#include <sstream>
#include <stdexcept>
#include <cassert>
#include "audit_trail_client.h"
#include "logging.h"
#include "samonitor_tag.h"
+#include "base64.h"
-namespace
-{
-const int DLP_REPORT_TYPE = 1111;
-const int PAD_REPORT_TYPE = 1112;
-const int FIM_REPORT_TYPE = 1113;
-}
namespace NMD
{
-//TODO: Rework when Audit-Trail API will be finalized
-#if 0
-void dacLogCallback(audit_trail_dac_h handle, void* user_data)
+void sysCallLogCallback(audit_system_log_h handle, void* user_data)
{
AuditTrailClient* client = reinterpret_cast<AuditTrailClient*>(user_data);
assert(client);
time_t time;
- unsigned short ms;
- pid_t pid;
- unsigned int syscall;
- const char* subj_name;
- const char* obj_name;
- uid_t uid, euid, suid;
- gid_t gid, egid, sgid;
- mode_t mode;
int result;
-
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_dac_time(handle, &time, &ms))) {
- LOG_E(TAG, "audit_trail_get_dac_time error %d", result);
- return;
- }
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_dac_subject_name(handle, &subj_name))) {
- LOG_E(TAG, "audit_trail_get_dac_subject_name error %d", result);
- return;
- }
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_dac_subject_owner(handle, &suid, &sgid))) {
- LOG_E(TAG, "audit_trail_get_dac_subject_owner error %d", result);
- return;
- }
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_dac_subject_effective_owner(handle, &euid, &egid))) {
- LOG_E(TAG, "audit_trail_get_dac_subject_effective_owner error %d", result);
- return;
- }
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_dac_subject_pid(handle, &pid))) {
- LOG_E(TAG, "audit_trail_get_dac_subject_pid error %d", result);
- return;
- }
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_dac_object_name(handle, &obj_name))) {
- LOG_E(TAG, "audit_trail_get_dac_object_name error %d", result);
- return;
- }
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_dac_object_owner(handle, &uid, &gid))) {
- LOG_E(TAG, "audit_trail_get_dac_object_owner error %d", result);
- return;
- }
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_dac_object_mode(handle, &mode))) {
- LOG_E(TAG, "audit_trail_get_dac_object_mode error %d", result);
- return;
- }
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_dac_action_syscall(handle, &syscall))) {
- LOG_E(TAG, "audit_trail_get_dac_action_syscall error %d", result);
- return;
- }
-
- std::ostringstream os;
- os << "[DAC] audit(" << time << '.' << ms << ":0) arch=undefined syscall=" << syscall << " per=undefined success=no exit=undefined "
- << " a0=undefined a1=undefined a2=undefined a3=undefined items=undefined ppid=undefined pid=" << pid << " comm=" << obj_name
- << " auid=undefined uid=" << uid << " gid=" << gid << " euid=" << euid << " egid=" << egid << " suid=" << suid << " sgid=" << sgid
- << " fsuid=" << suid << " fsgid=" << sgid << " ses=undefined tty=undefined exe=" << subj_name << " subj=undefined";
- LOG_D(TAG, "DAC log callback: %s", os.str().c_str());
-
- client->m_reporter->sendReport(std::string{"dac"}, os.str());
-}
-
-void macLogCallback(audit_trail_mac_h handle, void* user_data)
-{
- AuditTrailClient* client = reinterpret_cast<AuditTrailClient*>(user_data);
- assert(client);
-
- time_t time;
unsigned short ms;
- pid_t pid;
+ pid_t subj_pid, obj_pid;
unsigned int syscall;
+ unsigned int syscall_args[4];
+ int syscall_exitcode;
const char* subj_name;
const char* subj_label;
const char* obj_name;
const char* obj_label;
- const char* req;
- int result;
+ int obj_type;
+ uid_t subj_uid, subj_euid, obj_uid, obj_euid;
+ gid_t subj_gid, subj_egid, obj_gid, obj_egid;
+ mode_t obj_perm;
+ ino_t obj_inode;
+ Json::Value root;
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_mac_time(handle, &time, &ms))) {
- LOG_E(TAG, "audit_trail_get_mac_time error %d", result);
- return;
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_time(handle, &time, &ms))) {
+ root["time"] = Json::Int(time);
+ } else {
+ LOG_E(TAG, "audit_system_log_get_time error %d", result);
}
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_mac_subject_name(handle, &subj_name))) {
- LOG_E(TAG, "audit_trail_get_mac_subject_name error %d", result);
- return;
- }
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_mac_subject_label(handle, &subj_label))) {
- LOG_E(TAG, "audit_trail_get_mac_subject_label error %d", result);
- return;
- }
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_mac_subject_pid(handle, &pid))) {
- LOG_E(TAG, "audit_trail_get_mac_subject_pid error %d", result);
- return;
+
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_subject_name(handle, &subj_name))) {
+ root["subj"] = std::string{subj_name};
+ } else {
+ LOG_E(TAG, "audit_system_log_get_subject_name error %d", result);
}
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_mac_object_name(handle, &obj_name))) {
- LOG_E(TAG, "audit_trail_get_mac_object_name error %d", result);
- return;
+
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_subject_owner(handle, &subj_uid, &subj_gid))) {
+ root["subj_owner_uid"] = subj_uid;
+ root["subj_owner_gid"] = subj_gid;
+ } else {
+ LOG_E(TAG, "audit_system_log_get_subject_owner error %d", result);
}
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_mac_object_label(handle, &obj_label))) {
- LOG_E(TAG, "audit_trail_get_mac_object_label error %d", result);
- return;
+
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_subject_effective_owner(handle, &subj_euid, &subj_egid))) {
+ root["subj_owner_euid"] = subj_euid;
+ root["subj_owner_egid"] = subj_egid;
+ } else {
+ LOG_E(TAG, "audit_system_log_get_subject_effective_owner error %d", result);
}
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_mac_action_syscall(handle, &syscall))) {
- LOG_E(TAG, "audit_trail_get_mac_action_syscall error %d", result);
- return;
+
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_subject_pid(handle, &subj_pid))) {
+ root["subj_pid"] = subj_pid;
+ } else {
+ LOG_E(TAG, "audit_system_log_get_subject_pid error %d", result);
}
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_mac_action_request(handle, &req))) {
- LOG_E(TAG, "audit_trail_get_mac_action_request error %d", result);
- return;
+
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_subject_smack_label(handle, &subj_label))) {
+ root["subj_label"] = std::string{subj_label};
+ } else {
+ LOG_E(TAG, "audit_system_log_get_subject_smack_label error %d", result);
}
- std::ostringstream os;
- os << "[MAC] audit(" << time << '.' << ms << ":0) lsm=SMACK comm=" << subj_name << " subject=" << subj_label
- << " path=" << obj_name << " object=" << obj_label << " requested=" << req << " pid=" << pid << " ino=" << syscall;
- LOG_D(TAG, "MAC log callback: %s", os.str().c_str());
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_object_type(handle, &obj_type))) {
+ root["obj_type"] = obj_type;
+ } else {
+ LOG_E(TAG, "audit_system_log_get_object_type error %d", result);
+ }
- client->m_reporter->sendReport(std::string{"smack"}, os.str());
-}
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_object_owner(handle, &obj_uid, &obj_gid))) {
+ root["obj_owner_uid"] = obj_uid;
+ root["obj_owner_gid"] = obj_gid;
+ } else {
+ LOG_E(TAG, "audit_system_log_get_object_owner error %d", result);
+ }
-void sysCallLogCallback(audit_trail_syscall_h handle, void* user_data)
-{
- AuditTrailClient* client = reinterpret_cast<AuditTrailClient*>(user_data);
- assert(client);
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_object_effective_owner(handle, &obj_euid, &obj_egid))) {
+ root["obj_owner_euid"] = obj_euid;
+ root["obj_owner_egid"] = obj_egid;
+ } else {
+ LOG_E(TAG, "audit_system_log_get_object_effective_owner error %d", result);
+ }
- time_t time;
- int result;
- unsigned short ms;
- pid_t pid;
- unsigned int syscall;
- const char* subject;
- uid_t uid, euid;
- gid_t gid, egid;
- unsigned int exit;
-
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_syscall_time(handle, &time, &ms))) {
- LOG_E(TAG, "audit_trail_get_syscall_time error %d", result);
- return;
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_object_permission(handle, &obj_perm))) {
+ root["obj_perm"] = obj_perm;
+ } else {
+ LOG_E(TAG, "audit_system_log_get_object_permission error %d", result);
}
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_syscall_subject_name(handle, &subject))) {
- LOG_E(TAG, "audit_trail_get_syscall_subject_name error %d", result);
- return;
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_object_smack_label(handle, &obj_label))) {
+ root["obj_label"] = std::string{obj_label};
+ } else {
+ LOG_E(TAG, "audit_system_log_get_object_smack_label error %d", result);
}
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_syscall_subject_owner(handle, &uid, &gid))) {
- LOG_E(TAG, "audit_trail_get_syscall_subject_owner error %d", result);
- return;
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_object_name(handle, &obj_name))) {
+ root["obj"] = std::string{obj_name};
+ } else {
+ LOG_E(TAG, "audit_system_log_get_object_name error %d", result);
}
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_syscall_subject_effective_owner(handle, &euid, &egid))) {
- LOG_E(TAG, "audit_trail_get_syscall_subject_effective_owner error %d", result);
- return;
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_object_pid(handle, &obj_pid))) {
+ root["obj_pid"] = obj_pid;
+ } else {
+ LOG_E(TAG, "audit_system_log_get_object_pid error %d", result);
}
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_syscall_subject_pid(handle, &pid))) {
- LOG_E(TAG, "audit_trail_get_syscall_subject_pid error %d", result);
- return;
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_object_inode(handle, &obj_inode))) {
+ root["obj_inode"] = Json::UInt64(obj_inode);
+ } else {
+ LOG_E(TAG, "audit_system_log_get_object_inode error %d", result);
}
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_syscall_action_syscall(handle, &syscall))) {
- LOG_E(TAG, "audit_trail_get_syscall_action_syscall error %d", result);
- return;
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_action_systemcall(handle, &syscall))) {
+ root["syscall"] = syscall;
+ } else {
+ LOG_E(TAG, "audit_system_log_get_action_systemcall error %d", result);
}
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_syscall_action_exitcode(handle, &exit))) {
- LOG_E(TAG, "audit_trail_get_syscall_action_exitcode error %d", result);
- return;
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_action_arguments(handle, &syscall_args))) {
+ Json::Value args = Json::Value{Json::arrayValue};
+ for (int i = 0; i < 4; i++) {
+ args.append(syscall_args[i]);
+ }
+
+ root["syscall_args"] = args;
+ } else {
+ LOG_E(TAG, "audit_system_log_get_action_arguments error %d", result);
}
- std::ostringstream os;
- os << "[SYSCALL] audit(" << time << '.' << ms << ":0) syscall=" << syscall << " pid=" << pid << " subject=" << subject
- << " uid=" << uid << " gid=" << gid << " euid=" << euid << " egid=" << egid << " exit_code=" << exit;
- LOG_D(TAG, "SYSCALL log callback: %s", os.str().c_str());
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_system_log_get_action_exitcode(handle, &syscall_exitcode))) {
+ root["syscall_exitcode"] = syscall_exitcode;
+ } else {
+ LOG_E(TAG, "audit_system_log_get_action_exitcode error %d", result);
+ }
- client->m_reporter->sendReport(std::string{"syscall"}, os.str());
+ if (!root.empty()) {
+ client->m_reporter->sendReport(std::string{"syscall"}, root);
+ } else {
+ LOG_E(TAG, "Failed to collect system log info. Log is empty.");
+ }
}
-void userLogCallback(audit_trail_user_h handle, void* user_data)
+void userLogCallback(audit_user_log_h handle, void* user_data)
{
AuditTrailClient* client = reinterpret_cast<AuditTrailClient*>(user_data);
assert(client);
time_t time;
unsigned short ms;
+ pid_t pid;
int type;
const char* text = "";
int result;
+ Json::Value root;
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_user_time(handle, &time, &ms))) {
- LOG_E(TAG, "audit_trail_get_user_time error %d", result);
- return;
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_user_log_get_time(handle, &time, &ms))) {
+ root["time"] = Json::Int(time);
+ } else {
+ LOG_E(TAG, "audit_user_log_get_time error %d", result);
}
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_user_log_type(handle, &type))) {
- LOG_E(TAG, "audit_trail_get_user_log_type error %d", result);
- return;
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_user_log_get_pid(handle, &pid))) {
+ root["pid"] = pid;
+ } else {
+ LOG_E(TAG, "audit_user_log_get_pid error %d", result);
}
- if (AUDIT_TRAIL_ERROR_NONE != (result = audit_trail_get_user_log_text(handle, &text))) {
- LOG_E(TAG, "audit_trail_get_user_log_text error %d", result);
- return;
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_user_log_get_type(handle, &type))) {
+ root["type"] = type;
+ } else {
+ LOG_E(TAG, "audit_user_log_get_type error %d", result);
}
- std::string report_type;
-
- switch (type)
- {
- case DLP_REPORT_TYPE:
- report_type = "DLP";
- break;
- case PAD_REPORT_TYPE:
- report_type = "PAD";
- break;
- case FIM_REPORT_TYPE:
- report_type = "FIM";
- break;
- default:
- LOG_E(TAG, "unknown audit_trail user report type %d", type);
- return;
+ if (AUDIT_TRAIL_ERROR_NONE == (result = audit_user_log_get_text(handle, &text))) {
+ root["text"] = base64_encode(text);
+ } else {
+ LOG_E(TAG, "audit_trail_get_user_log_text error %d", result);
}
- std::ostringstream os;
- os << '[' << report_type << "] audit(" << time << '.' << ms << ":0) type=" << type << " text= " << text;
- LOG_D(TAG, "%s log callback: %s", report_type.c_str(), os.str().c_str());
-
- client->m_reporter->sendReport(report_type, os.str());
+ if (!root.empty()) {
+ client->m_reporter->sendReport(std::string{"user"}, root);
+ } else {
+ LOG_E(TAG, "Failed to collect user log info. Log is empty.");
+ }
}
-#endif
AuditTrailClient::AuditTrailClient(IReporter* reporter)
: m_reporter(reporter)
, m_audit_trail(nullptr)
- , m_dac_cb_id(-1)
- , m_mac_cb_id(-1)
, m_syscall_cb_id(-1)
, m_user_cb_id(-1)
{
audit_trail_destroy(m_audit_trail);
}
-bool AuditTrailClient::start_dac_auditing()
-{
-//TODO: Rework when Audit-Trail API will be finalized
-#if 0
- int err;
- if (AUDIT_TRAIL_ERROR_NONE != (err = audit_trail_enable_dac(m_audit_trail, true))) {
- LOG_E(TAG, "audit_trail_enable_dac error %d", err);
- return false;
- }
-
- bool en = false;
- audit_trail_is_enabled_dac(m_audit_trail, &en);
- if (!en) {
- LOG_E(TAG, "audit_trail failed to enable dac log");
- return false;
- }
-
- return (audit_trail_add_dac_cb(m_audit_trail, dacLogCallback, (void*)this, &m_dac_cb_id) == AUDIT_TRAIL_ERROR_NONE);
-#else
- return true;
-#endif
-}
-
-void AuditTrailClient::stop_dac_auditing()
-{
-//TODO: Rework when Audit-Trail API will be finalized
-#if 0
- audit_trail_remove_dac_cb(m_audit_trail, m_dac_cb_id);
-#endif
-}
-
-bool AuditTrailClient::start_mac_auditing()
-{
-//TODO: Rework when Audit-Trail API will be finalized
-#if 0
- int err;
- if (AUDIT_TRAIL_ERROR_NONE != (err = audit_trail_enable_mac(m_audit_trail, true))) {
- LOG_E(TAG, "audit_trail_enable_mac error %d", err);
- return false;
- }
-
- bool en = false;
- audit_trail_is_enabled_mac(m_audit_trail, &en);
- if (!en) {
- LOG_E(TAG, "audit_trail failed to enable mac log");
- return false;
- }
-
- return audit_trail_add_mac_cb(m_audit_trail, macLogCallback, (void*)this, &m_mac_cb_id) == AUDIT_TRAIL_ERROR_NONE;
-#else
- return true;
-#endif
-}
-
-void AuditTrailClient::stop_mac_auditing()
-{
-//TODO: Rework when Audit-Trail API will be finalized
-#if 0
- audit_trail_remove_mac_cb(m_audit_trail, m_mac_cb_id);
-#endif
-}
-
bool AuditTrailClient::start_syscall_auditing()
{
-//TODO: Rework when Audit-Trail API will be finalized
-#if 0
- int err;
- if (AUDIT_TRAIL_ERROR_NONE != (err = audit_trail_enable_syscall(m_audit_trail, true))) {
- LOG_E(TAG, "audit_trail_enable_syscall error %d", err);
- return false;
- }
-
- bool en = false;
- audit_trail_is_enabled_syscall(m_audit_trail, &en);
- if (!en) {
- LOG_E(TAG, "audit_trail failed to enable syscall log");
- return false;
- }
-
- return audit_trail_add_syscall_cb(m_audit_trail, sysCallLogCallback, (void*)this, &m_syscall_cb_id) == AUDIT_TRAIL_ERROR_NONE;
-#else
- return true;
-#endif
+ return audit_trail_add_system_log_cb(m_audit_trail, sysCallLogCallback, (void*)this, &m_syscall_cb_id) == AUDIT_TRAIL_ERROR_NONE;
}
void AuditTrailClient::stop_syscall_auditing()
{
-//TODO: Rework when Audit-Trail API will be finalized
-#if 0
- audit_trail_remove_syscall_cb(m_audit_trail, m_syscall_cb_id);
-#endif
+ if (m_syscall_cb_id != -1) {
+ audit_trail_remove_system_log_cb(m_audit_trail, m_syscall_cb_id);
+ }
}
bool AuditTrailClient::start_user_auditing()
{
-//TODO: Rework when Audit-Trail API will be finalized
-#if 0
- int err;
- if (AUDIT_TRAIL_ERROR_NONE != (err = audit_trail_enable_user(m_audit_trail, true))) {
- LOG_E(TAG, "audit_trail_enable_user error %d", err);
- return false;
- }
-
- bool en = false;
- audit_trail_is_enabled_user(m_audit_trail, &en);
- if (!en) {
- LOG_E(TAG, "audit_trail failed to enable user log");
- return false;
- }
-
- return audit_trail_add_user_cb(m_audit_trail, userLogCallback, (void*)this, &m_user_cb_id) == AUDIT_TRAIL_ERROR_NONE;
-#else
- return true;
-#endif
+ return audit_trail_add_user_log_cb(m_audit_trail, userLogCallback, (void*)this, &m_user_cb_id) == AUDIT_TRAIL_ERROR_NONE;
}
void AuditTrailClient::stop_user_auditing()
{
-//TODO: Rework when Audit-Trail API will be finalized
-#if 0
- audit_trail_remove_user_cb(m_audit_trail, m_user_cb_id);
-#endif
+ if (m_user_cb_id != -1) {
+ audit_trail_remove_user_log_cb(m_audit_trail, m_user_cb_id);
+ }
}
bool AuditTrailClient::start_auditing()
{
-//TODO: Rework when Audit-Trail API will be finalized
-#if 0
- bool result = start_dac_auditing();
- result &= start_mac_auditing();
-// result &= start_syscall_auditing();
- result &= start_user_auditing();
+ bool result = start_syscall_auditing() && start_user_auditing();
return result;
-#else
- return true;
-#endif
}
void AuditTrailClient::stop_auditing()
{
- stop_dac_auditing();
- stop_mac_auditing();
-// stop_syscall_auditing();
+ stop_syscall_auditing();
stop_user_auditing();
}
#include <string>
#include <memory>
#include <audit-trail/audit-trail.h>
-//#include <audit-trail/dac.h> // DEPRECATED!
-//#include <audit-trail/mac.h> // DEPRECATED!
-//#include <audit-trail/syscall.h> // DEPRECATED!
-//#include <audit-trail/user.h> // DEPRECATED!
+#include <audit-trail/system-log.h>
+#include <audit-trail/user-log.h>
#include "ireporter.h"
#include "utils.h"
*/
class AuditTrailClient
{
-//TODO: Rework when Audit-Trail API will be finalized
-#if 0
/**
- * @brief DAC log callback
- * @details Called when a new log occurs
- * @param handle [in] pointer to audit_trail_dac structure
- * @param user_data [in] pointer to user defined data
- */
- friend void dacLogCallback(audit_trail_dac_h handle, void* user_data);
-
- /**
- * @brief MAC log callback
- * @details Called when a new log occurs
- * @param handle [in] pointer to audit_trail_mac structure
- * @param user_data [in] pointer to user defined data
- */
- friend void macLogCallback(audit_trail_mac_h handle, void* user_data);
-
- /**
- * @brief System calls log callback
+ * @brief System log callback
* @details Called when a new log occurs
* @param handle [in] pointer to audit_trail_syscall structure
* @param user_data [in] pointer to user defined data
*/
- friend void sysCallLogCallback(audit_trail_syscall_h handle, void* user_data);
+ friend void sysCallLogCallback(audit_system_log_h handle, void* user_data);
/**
* @brief User log callback
* @param handle [in] pointer to audit_trail_user structure
* @param user_data [in] pointer to user defined data
*/
- friend void userLogCallback(audit_trail_user_h handle, void* user_data);
-#endif
+ friend void userLogCallback(audit_trail_h handle, void* user_data);
+
public:
/**
* @brief Constructor
AuditTrailClient& operator=(const AuditTrailClient&) = delete;
/**
- * @brief Start DAC(Discretionary Access Control) auditing
- * @details This API can be used to start to collect DAC logs
- */
- bool start_dac_auditing();
-
- /**
- * @brief Stop DAC(Discretionary Access Control) auditing
- * @details This API can be used to stop to collect DAC logs
- */
- void stop_dac_auditing();
-
- /**
- * @brief Start MAC(Mandatory Access Control) auditing
- * @details This API can be used to start to collect MAC logs
- */
- bool start_mac_auditing();
-
- /**
- * @brief Stop MAC(Mandatory Access Control) auditing
- * @details This API can be used to stop to collect MAC logs
- */
- void stop_mac_auditing();
-
- /**
* @brief Start system calls auditing
* @details This API can be used to start to collect system calls logs
*/
IReporter* m_reporter;
audit_trail_h m_audit_trail;
- int m_dac_cb_id;
- int m_mac_cb_id;
int m_syscall_cb_id;
int m_user_cb_id;
};
--- /dev/null
+/**
+ * @brief Base64 encoder
+ * @date Created 22.11.2016
+ * @author Created 2016 in Samsung Ukraine R&D Center (SURC) under a contract
+ * between LLC "Samsung Electronics Ukraine Company" (Kiev, Ukraine)
+ * and "Samsung Electronics Co", Ltd (Seoul, Republic of Korea).
+ * Copyright: (c) Samsung Electronics Co, Ltd 2016. All rights reserved.
+ * @author Mail to: <A HREF="mailto:d.lomtev@samsung.com">Dmytro Lomtev, d.lomtev@samsung.com</A>
+ */
+#include <string>
+#include <cctype>
+#include <stdexcept>
+
+namespace NMD
+{
+
+using std::string;
+
+string base64_encode(const string& source)
+{
+ static const char list_code[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+ string result;
+
+ for (auto it = source.cbegin(); it != source.cend(); )
+ {
+ int word = ((int)(unsigned char) * it) << 16;
+ int symbols = 2;
+
+ if (++it != source.cend())
+ {
+ word |= ((int)(unsigned char) * it) << 8;
+ symbols++;
+
+ if (++it != source.cend())
+ {
+ word |= ((int)(unsigned char) * it);
+ symbols++;
+ ++it;
+ }
+ }
+
+ for (int i = 0; i < 4; i++)
+ {
+ if (i < symbols)
+ {
+ int index = (word >> (18 - i * 6)) & 0x3f;
+ result.push_back(list_code[index]);
+ }
+ else
+ {
+ result.push_back('=');
+ }
+ }
+ }
+
+ return result;
+}
+
+string base64_decode(const string& source)
+{
+ static const char reverse_table[128] =
+ {
+ 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
+ 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
+ 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 62, 64, 64, 64, 63,
+ 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 64, 64, 64, 64, 64,
+ 64, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
+ 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64, 64, 64, 64, 64,
+ 64, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
+ 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 64, 64, 64, 64, 64
+ };
+
+ string result;
+
+ for (auto i = source.cbegin(); i != source.cend();)
+ {
+ int bits_collected = 0;
+ unsigned int accumulator = 0;
+
+ for (bits_collected = 0; bits_collected < 24 && i != source.cend(); ++i)
+ {
+ const int c = *i;
+ // Skip whitespace and padding. Be liberal in what you accept.
+ if (std::isspace(c) || c == '=') continue;
+
+ if ((c > 127) || (c < 0) || (reverse_table[c] > 63))
+ {
+ throw std::invalid_argument("Source contains characters not legal in a base64 encoded string.");
+ }
+
+ accumulator = (accumulator << 6) | reverse_table[c];
+ bits_collected += 6;
+ }
+
+ if (bits_collected < 8) throw std::invalid_argument("Wrong source length");
+
+ while (bits_collected >= 8)
+ {
+ bits_collected -= 8;
+ result.push_back((char)((accumulator >> bits_collected) & 0xff));
+ }
+ }
+
+ return result;
+}
+
+} // namespace NMD
--- /dev/null
+/**
+ * @brief Base64 encoder
+ * @date Created 22.11.2016
+ * @author Created 2016 in Samsung Ukraine R&D Center (SURC) under a contract
+ * between LLC "Samsung Electronics Ukraine Company" (Kiev, Ukraine)
+ * and "Samsung Electronics Co", Ltd (Seoul, Republic of Korea).
+ * Copyright: (c) Samsung Electronics Co, Ltd 2016. All rights reserved.
+ * @author Mail to: <A HREF="mailto:d.lomtev@samsung.com">Dmytro Lomtev, d.lomtev@samsung.com</A>
+ */
+#ifndef __BASE64_H__
+#define __BASE64_H__
+
+namespace NMD
+{
+
+std::string base64_encode(const std::string& source);
+
+std::string base64_decode(const std::string& source);
+
+} // namespace NMD
+
+#endif
#define IREPORTER_H
#include <string>
+#include <jsoncpp/json/value.h>
/**
* @brief Abstract class that provides send report interface
* @param module name of the module that wants to report
* @param content report content
*/
- virtual void sendReport(const std::string& module, const std::string& content) = 0;
+ virtual void sendReport(const std::string& module, const Json::Value& content) = 0;
};
#endif // IREPORTER_H
#include "logging.h"
#include "samonitor_tag.h"
#include "settings.h"
+#include <jsoncpp/json/writer.h>
ReportAdapter::ReportAdapter(NetworkManager::Connection& conn): connection(conn)
{
}
-void ReportAdapter::sendReport(const std::string& module, const std::string& content) {
- LOG_D(TAG, "Got report of type <%s>: %s", module.c_str(), content.c_str());
+void ReportAdapter::sendReport(const std::string& module, const Json::Value& content) {
+ LOG_D(TAG, "Got report of type <%s>: %s", module.c_str(), Json::FastWriter().write(content).c_str());
if (!NetworkManager::Settings::instance().isLocked()) {
connection.addReportEvent(module, content);
* @param module name of the module that wants to report
* @param content report content
*/
- void sendReport(const std::string& module, const std::string& content) override;
+ void sendReport(const std::string& module, const Json::Value& content) override;
private:
NetworkManager::Connection& connection;
#include <gmock/gmock.h>
#include "audit_trail_stub.h"
-//TODO: Rework when Audit-Trail API will be finalized
-#if 0
-
class AuditTrailMock: public IAuditTrail
{
public:
+ AuditTrailMock(): IAuditTrail()
+ {
+
+ }
+
MOCK_METHOD1(audit_trail_create, int(audit_trail_h *handle));
MOCK_METHOD0(audit_trail_destroy, int());
- MOCK_METHOD2(audit_trail_foreach_dac, int(audit_trail_dac_cb callback, void *user_data));
- MOCK_METHOD0(audit_trail_clear_dac, int());
- MOCK_METHOD3(audit_trail_add_dac_cb, int(audit_trail_dac_cb callback, void* user_data, int* id));
- MOCK_METHOD1(audit_trail_remove_dac_cb, int(int id));
- MOCK_METHOD1(audit_trail_enable_dac, int(bool en));
- MOCK_METHOD1(audit_trail_is_enabled_dac, int(bool *en));
- MOCK_METHOD2(audit_trail_get_dac_time, int(time_t *tm, unsigned short *ms));
- MOCK_METHOD1(audit_trail_get_dac_subject_name, int(const char **name));
- MOCK_METHOD2(audit_trail_get_dac_subject_owner, int(uid_t *uid, gid_t *gid));
- MOCK_METHOD2(audit_trail_get_dac_subject_effective_owner, int(uid_t *euid, gid_t *egid));
- MOCK_METHOD1(audit_trail_get_dac_subject_pid, int(pid_t *pid));
- MOCK_METHOD1(audit_trail_get_dac_object_name, int(const char **name));
- MOCK_METHOD2(audit_trail_get_dac_object_owner, int(uid_t *uid, gid_t *gid));
- MOCK_METHOD1(audit_trail_get_dac_object_mode, int(mode_t *mode));
- MOCK_METHOD1(audit_trail_get_dac_action_syscall, int(unsigned int *syscall));
-
- MOCK_METHOD2(audit_trail_foreach_mac, int(audit_trail_mac_cb callback, void *user_data));
- MOCK_METHOD0(audit_trail_clear_mac, int());
- MOCK_METHOD3(audit_trail_add_mac_cb, int(audit_trail_mac_cb callback, void* user_data, int* id));
- MOCK_METHOD1(audit_trail_remove_mac_cb, int(int id));
- MOCK_METHOD1(audit_trail_enable_mac, int(bool en));
- MOCK_METHOD1(audit_trail_is_enabled_mac, int(bool *en));
- MOCK_METHOD2(audit_trail_get_mac_time, int(time_t *tm, unsigned short *ms));
- MOCK_METHOD1(audit_trail_get_mac_subject_name, int(const char **name));
- MOCK_METHOD1(audit_trail_get_mac_subject_label, int(const char **label));
- MOCK_METHOD1(audit_trail_get_mac_subject_pid, int(pid_t *pid));
- MOCK_METHOD1(audit_trail_get_mac_object_name, int(const char **name));
- MOCK_METHOD1(audit_trail_get_mac_object_label, int(const char **label));
- MOCK_METHOD1(audit_trail_get_mac_action_syscall, int(unsigned int *syscall));
- MOCK_METHOD1(audit_trail_get_mac_action_request, int(const char **req));
+ MOCK_METHOD0(audit_trail_clear_system_log, int());
+ MOCK_METHOD2(audit_trail_foreach_system_log, int(audit_system_log_cb callback,
+ void *user_data));
+ MOCK_METHOD3(audit_trail_add_system_log_cb, int(audit_system_log_cb callback, void* user_data,
+ int* id));
+ MOCK_METHOD1(audit_trail_remove_system_log_cb, int(int id));
+ MOCK_METHOD0(audit_trail_clear_user_log, int());
+ MOCK_METHOD2(audit_trail_foreach_user_log, int(audit_user_log_cb callback, void *user_data));
+ MOCK_METHOD3(audit_trail_add_user_log_cb, int(audit_user_log_cb callback, void* user_data, int* id));
+ MOCK_METHOD1(audit_trail_remove_user_log_cb, int(int id));
+};
- MOCK_METHOD2(audit_trail_foreach_syscall, int(audit_trail_syscall_cb callback, void *user_data));
- MOCK_METHOD0(audit_trail_clear_syscall, int());
- MOCK_METHOD3(audit_trail_add_syscall_cb, int(audit_trail_syscall_cb callback, void* user_data, int* id));
- MOCK_METHOD1(audit_trail_remove_syscall_cb, int(int id));
- MOCK_METHOD1(audit_trail_enable_syscall, int(bool en));
- MOCK_METHOD1(audit_trail_is_enabled_syscall, int(bool *en));
- MOCK_METHOD2(audit_trail_get_syscall_time, int(time_t *tm, unsigned short *ms));
- MOCK_METHOD1(audit_trail_get_syscall_subject_name, int(const char **name));
- MOCK_METHOD2(audit_trail_get_syscall_subject_owner, int(uid_t *uid, gid_t *gid));
- MOCK_METHOD2(audit_trail_get_syscall_subject_effective_owner, int(uid_t *euid, gid_t *egid));
- MOCK_METHOD1(audit_trail_get_syscall_subject_pid, int(pid_t *pid));
- MOCK_METHOD1(audit_trail_get_syscall_action_syscall, int(unsigned int *syscall));
- MOCK_METHOD1(audit_trail_get_syscall_action_exitcode, int(unsigned int *exit));
+class AuditTrailSystemLogMock: public IAuditSystemLogStub
+{
+public:
+ MOCK_METHOD2(audit_system_log_get_time, int(time_t *time, unsigned short *ms));
+ MOCK_METHOD1(audit_system_log_get_subject_name, int(const char **name));
+ MOCK_METHOD2(audit_system_log_get_subject_owner, int(uid_t *uid, gid_t *gid));
+ MOCK_METHOD2(audit_system_log_get_subject_effective_owner, int(uid_t *euid, gid_t *egid));
+ MOCK_METHOD1(audit_system_log_get_subject_pid, int(pid_t *pid));
+ MOCK_METHOD1(audit_system_log_get_subject_smack_label, int(const char **label));
+ MOCK_METHOD1(audit_system_log_get_object_type, int(int *type));
+ MOCK_METHOD2(audit_system_log_get_object_owner, int(uid_t *uid, gid_t *gid));
+ MOCK_METHOD2(audit_system_log_get_object_effective_owner, int(uid_t *euid, gid_t *egid));
+ MOCK_METHOD1(audit_system_log_get_object_permission, int(mode_t *mode));
+ MOCK_METHOD1(audit_system_log_get_object_smack_label, int(const char **label));
+ MOCK_METHOD1(audit_system_log_get_object_name, int(const char **name));
+ MOCK_METHOD1(audit_system_log_get_object_pid, int(pid_t *pid));
+ MOCK_METHOD1(audit_system_log_get_object_inode, int(ino_t *inode));
+ MOCK_METHOD1(audit_system_log_object_sockaddr, int(const char **socketaddr));
+ MOCK_METHOD1(audit_system_log_get_action_systemcall, int(unsigned int *systemcall));
+ MOCK_METHOD1(audit_system_log_get_action_arguments, int(unsigned int (*args)[4]));
+ MOCK_METHOD1(audit_system_log_get_action_exitcode, int(int *exitcode));
+};
- MOCK_METHOD2(audit_trail_foreach_user, int(audit_trail_user_cb callback, void *user_data));
- MOCK_METHOD0(audit_trail_clear_user, int());
- MOCK_METHOD3(audit_trail_add_user_cb, int(audit_trail_user_cb callback, void* user_data, int* id));
- MOCK_METHOD1(audit_trail_remove_user_cb, int(int id));
- MOCK_METHOD1(audit_trail_enable_user, int(bool en));
- MOCK_METHOD1(audit_trail_is_enabled_user, int(bool *en));
- MOCK_METHOD2(audit_trail_get_user_time, int(time_t *tm, unsigned short *ms));
- MOCK_METHOD1(audit_trail_get_user_log_type, int(int *type));
- MOCK_METHOD1(audit_trail_get_user_log_text, int(const char **text));
+class AuditTrailUserLogMock: public IAuditUserLogStub
+{
+public:
+ MOCK_METHOD2(audit_user_log_get_time, int(time_t *time, unsigned short *ms));
+ MOCK_METHOD1(audit_user_log_get_pid, int(pid_t *pid));
+ MOCK_METHOD1(audit_user_log_get_type, int(int *type));
+ MOCK_METHOD1(audit_user_log_get_text, int(const char **text));
};
-#endif
#endif // AUDITTRAILMOCK_H
-//#include <audit-trail/dac.h> // DEPRECATED!
-//#include <audit-trail/mac.h> // DEPRECATED!
-//#include <audit-trail/syscall.h> // DEPRECATED!
-//#include <audit-trail/user.h> // DEPRECATED!
#include "audit_trail_stub.h"
-//static AuditTrailDefaultImpl atrail;
-//static IAuditTrail* p_atrail = &atrail;
+static IAuditTrail* p_atrail = nullptr;
-//void audit_trail_set_implementation(IAuditTrail* impl)
-//{
-// p_atrail = impl;
-//}
+void audit_trail_set_implementation(IAuditTrail* impl);
-
-int audit_trail_create(audit_trail_h* handle)
+IAuditTrail::IAuditTrail()
{
-// int ret = p_atrail->audit_trail_create(handle);
-// *handle = p_atrail;
-// return ret;
- return 0;
+ audit_trail_set_implementation(this);
}
-int audit_trail_destroy(audit_trail_h handle)
+IAuditTrail::~IAuditTrail()
{
-// IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
-// return p->audit_trail_destroy();
- return 0;
+ audit_trail_set_implementation(nullptr);
}
-//TODO: Rework when Audit-Trail API will be finalized
-#if 0
-
-int audit_trail_foreach_dac(audit_trail_h handle, audit_trail_dac_cb callback, void *user_data)
+void audit_trail_set_implementation(IAuditTrail* impl)
{
- IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_foreach_dac(callback, user_data);
+ p_atrail = impl;
}
-int audit_trail_clear_dac(audit_trail_h handle)
-{
- IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_clear_dac();
-}
-int audit_trail_add_dac_cb(audit_trail_h handle, audit_trail_dac_cb callback, void* user_data, int* id)
+int audit_trail_create(audit_trail_h* handle)
{
- IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_add_dac_cb(callback, user_data, id);
+ int ret = p_atrail->audit_trail_create(handle);
+ *handle = p_atrail;
+ return ret;
}
-int audit_trail_remove_dac_cb(audit_trail_h handle, int id)
+int audit_trail_destroy(audit_trail_h handle)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_remove_dac_cb(id);
+ return p->audit_trail_destroy();
}
-int audit_trail_enable_dac(audit_trail_h handle, bool en)
-{
- IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_enable_dac(en);
-}
-int audit_trail_is_enabled_dac(audit_trail_h handle, bool *en)
+int audit_system_log_get_time(audit_system_log_h handle,
+ time_t *time, unsigned short *ms)
{
- IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_is_enabled_dac(en);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_time(time, ms);
}
-
-int audit_trail_get_dac_time(audit_trail_dac_h handle, time_t *tm, unsigned short *ms)
+int audit_system_log_get_subject_name(audit_system_log_h handle,
+ const char **name)
{
- return p_atrail->audit_trail_get_dac_time(tm, ms);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_subject_name(name);
}
-
-int audit_trail_get_dac_subject_name(audit_trail_dac_h handle, const char **name)
+int audit_system_log_get_subject_owner(audit_system_log_h handle,
+ uid_t *uid, gid_t *gid)
{
- return p_atrail->audit_trail_get_dac_subject_name(name);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_subject_owner(uid, gid);
}
-
-int audit_trail_get_dac_subject_owner(audit_trail_dac_h handle, uid_t *uid, gid_t *gid)
+int audit_system_log_get_subject_effective_owner(audit_system_log_h handle,
+ uid_t *euid, gid_t *egid)
{
- return p_atrail->audit_trail_get_dac_subject_owner(uid, gid);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_subject_effective_owner(euid, egid);
}
-
-int audit_trail_get_dac_subject_effective_owner(audit_trail_dac_h handle, uid_t *euid, gid_t *egid)
+int audit_system_log_get_subject_pid(audit_system_log_h handle, pid_t *pid)
{
- return p_atrail->audit_trail_get_dac_subject_effective_owner(euid, egid);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_subject_pid(pid);
}
-
-int audit_trail_get_dac_subject_pid(audit_trail_dac_h handle, pid_t *pid)
+int audit_system_log_get_subject_smack_label(audit_system_log_h handle,
+ const char **label)
{
- return p_atrail->audit_trail_get_dac_subject_pid(pid);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_subject_smack_label(label);
}
-
-int audit_trail_get_dac_object_name(audit_trail_dac_h handle, const char **name)
+int audit_system_log_get_object_type(audit_system_log_h handle, int *type)
{
- return p_atrail->audit_trail_get_dac_object_name(name);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_object_type(type);
}
-
-int audit_trail_get_dac_object_owner(audit_trail_dac_h handle, uid_t *uid, gid_t *gid)
+int audit_system_log_get_object_owner(audit_system_log_h handle,
+ uid_t *uid, gid_t *gid)
{
- return p_atrail->audit_trail_get_dac_object_owner(uid, gid);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_object_owner(uid, gid);
}
-
-int audit_trail_get_dac_object_mode(audit_trail_dac_h handle, mode_t *mode)
+int audit_system_log_get_object_effective_owner(audit_system_log_h handle,
+ uid_t *euid, gid_t *egid)
{
- return p_atrail->audit_trail_get_dac_object_mode(mode);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_object_effective_owner(euid, egid);
}
-
-int audit_trail_get_dac_action_syscall(audit_trail_dac_h handle, unsigned int *syscall)
+int audit_system_log_get_object_permission(audit_system_log_h handle, mode_t *mode)
{
- return p_atrail->audit_trail_get_dac_action_syscall(syscall);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_object_permission(mode);
}
-
-
-int audit_trail_foreach_mac(audit_trail_h handle, audit_trail_mac_cb callback, void *user_data)
+int audit_system_log_get_object_smack_label(audit_system_log_h handle, const char **label)
{
- IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_foreach_mac(callback, user_data);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_object_smack_label(label);
}
-
-int audit_trail_clear_mac(audit_trail_h handle)
-{
- IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_clear_mac();
-}
-
-int audit_trail_add_mac_cb(audit_trail_h handle, audit_trail_mac_cb callback, void* user_data, int* id)
-{
- IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_add_mac_cb(callback, user_data, id);
-}
-
-int audit_trail_remove_mac_cb(audit_trail_h handle, int id)
-{
- IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_remove_mac_cb(id);
-}
-
-int audit_trail_enable_mac(audit_trail_h handle, bool en)
+int audit_system_log_get_object_name(audit_system_log_h handle, const char **name)
{
- IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_enable_mac(en);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_object_name(name);
}
-
-int audit_trail_is_enabled_mac(audit_trail_h handle, bool *en)
+int audit_system_log_get_object_pid(audit_system_log_h handle, pid_t *pid)
{
- IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_is_enabled_mac(en);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_object_pid(pid);
}
-
-int audit_trail_get_mac_time(audit_trail_mac_h handle, time_t *tm, unsigned short *ms)
+int audit_system_log_get_object_inode(audit_system_log_h handle, ino_t *inode)
{
- return p_atrail->audit_trail_get_mac_time(tm, ms);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_object_inode(inode);
}
-
-int audit_trail_get_mac_subject_name(audit_trail_mac_h handle, const char **name)
+int audit_system_log_object_sockaddr(audit_system_log_h handle, const char **socketaddr)
{
- return p_atrail->audit_trail_get_mac_subject_name(name);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_object_sockaddr(socketaddr);
}
-
-int audit_trail_get_mac_subject_label(audit_trail_mac_h handle, const char **label)
+int audit_system_log_get_action_systemcall(audit_system_log_h handle, unsigned int *systemcall)
{
- return p_atrail->audit_trail_get_mac_subject_label(label);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_action_systemcall(systemcall);
}
-
-int audit_trail_get_mac_subject_pid(audit_trail_mac_h handle, pid_t *pid)
+int audit_system_log_get_action_arguments(audit_system_log_h handle, unsigned int (*args)[4])
{
- return p_atrail->audit_trail_get_mac_subject_pid(pid);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_action_arguments(args);
}
-
-int audit_trail_get_mac_object_name(audit_trail_mac_h handle, const char **name)
-{
- return p_atrail->audit_trail_get_mac_object_name(name);
-}
-
-int audit_trail_get_mac_object_label(audit_trail_mac_h handle, const char **label)
+int audit_system_log_get_action_exitcode(audit_system_log_h handle, int *exitcode)
{
- return p_atrail->audit_trail_get_mac_object_label(label);
+ IAuditSystemLogStub* p = reinterpret_cast<IAuditSystemLogStub*>(handle);
+ return p->audit_system_log_get_action_exitcode(exitcode);
}
-
-int audit_trail_get_mac_action_syscall(audit_trail_mac_h handle, unsigned int *syscall)
-{
- return p_atrail->audit_trail_get_mac_action_syscall(syscall);
-}
-
-int audit_trail_get_mac_action_request(audit_trail_mac_h handle, const char **req)
-{
- return p_atrail->audit_trail_get_mac_action_request(req);
-}
-
-
-int audit_trail_foreach_syscall(audit_trail_h handle, audit_trail_syscall_cb callback, void *user_data)
-{
- IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_foreach_syscall(callback, user_data);
-}
-
-int audit_trail_clear_syscall(audit_trail_h handle)
-{
- IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_clear_syscall();
-}
-
-int audit_trail_add_syscall_cb(audit_trail_h handle, audit_trail_syscall_cb callback, void* user_data, int* id)
+int audit_trail_clear_system_log(audit_trail_h handle)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_add_syscall_cb(callback, user_data, id);
+ return p->audit_trail_clear_system_log();
}
-
-int audit_trail_remove_syscall_cb(audit_trail_h handle, int id)
+int audit_trail_foreach_system_log(audit_trail_h handle,
+ audit_system_log_cb callback, void *user_data)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_remove_syscall_cb(id);
+ return p->audit_trail_foreach_system_log(callback, user_data);
}
-
-int audit_trail_enable_syscall(audit_trail_h handle, bool en)
+int audit_trail_add_system_log_cb(audit_trail_h handle,
+ audit_system_log_cb callback, void* user_data,
+ int* id)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_enable_syscall(en);
+ return p->audit_trail_add_system_log_cb(callback, user_data, id);
}
-
-int audit_trail_is_enabled_syscall(audit_trail_h handle, bool *en)
+int audit_trail_remove_system_log_cb(audit_trail_h handle,
+ int id)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_is_enabled_syscall(en);
-}
-
-int audit_trail_get_syscall_time(audit_trail_syscall_h handle, time_t *tm, unsigned short *ms)
-{
- return p_atrail->audit_trail_get_syscall_time(tm, ms);
-}
-
-int audit_trail_get_syscall_subject_name(audit_trail_syscall_h handle, const char **name)
-{
- return p_atrail->audit_trail_get_syscall_subject_name(name);
-}
-
-int audit_trail_get_syscall_subject_owner(audit_trail_syscall_h handle, uid_t *uid, gid_t *gid)
-{
- return p_atrail->audit_trail_get_syscall_subject_owner(uid, gid);
+ return p->audit_trail_remove_system_log_cb(id);
}
-
-int audit_trail_get_syscall_subject_effective_owner(audit_trail_syscall_h handle, uid_t *euid, gid_t *egid)
+int audit_user_log_get_time(audit_user_log_h handle,
+ time_t *time, unsigned short *ms)
{
- return p_atrail->audit_trail_get_syscall_subject_effective_owner(euid, egid);
+ IAuditUserLogStub* p = reinterpret_cast<IAuditUserLogStub*>(handle);
+ return p->audit_user_log_get_time(time, ms);
}
-
-int audit_trail_get_syscall_subject_pid(audit_trail_syscall_h handle, pid_t *pid)
+int audit_user_log_get_pid(audit_user_log_h handle, pid_t *pid)
{
- return p_atrail->audit_trail_get_syscall_subject_pid(pid);
+ IAuditUserLogStub* p = reinterpret_cast<IAuditUserLogStub*>(handle);
+ return p->audit_user_log_get_pid(pid);
}
-
-int audit_trail_get_syscall_action_syscall(audit_trail_syscall_h handle, unsigned int *syscall)
+int audit_user_log_get_type(audit_user_log_h handle, int *type)
{
- return p_atrail->audit_trail_get_syscall_action_syscall(syscall);
+ IAuditUserLogStub* p = reinterpret_cast<IAuditUserLogStub*>(handle);
+ return p->audit_user_log_get_type(type);
}
-
-int audit_trail_get_syscall_action_exitcode(audit_trail_syscall_h handle, unsigned int *exit)
+int audit_user_log_get_text(audit_user_log_h handle, const char **text)
{
- return p_atrail->audit_trail_get_syscall_action_exitcode(exit);
-}
-
-
-int audit_trail_foreach_user(audit_trail_h handle, audit_trail_user_cb callback, void *user_data)
-{
- IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_foreach_user(callback, user_data);
-}
-
-int audit_trail_clear_user(audit_trail_h handle)
-{
- IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_clear_user();
+ IAuditUserLogStub* p = reinterpret_cast<IAuditUserLogStub*>(handle);
+ return p->audit_user_log_get_text(text);
}
-
-int audit_trail_add_user_cb(audit_trail_h handle, audit_trail_user_cb callback, void* user_data, int* id)
+int audit_trail_clear_user_log(audit_trail_h handle)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_add_user_cb(callback, user_data, id);
+ return p->audit_trail_clear_user_log();
}
-
-int audit_trail_remove_user_cb(audit_trail_h handle, int id)
+int audit_trail_foreach_user_log(audit_trail_h handle,
+ audit_user_log_cb callback, void *user_data)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_remove_user_cb(id);
+ return p->audit_trail_foreach_user_log(callback, user_data);
}
-
-int audit_trail_enable_user(audit_trail_h handle, bool en)
+int audit_trail_add_user_log_cb(audit_trail_h handle,
+ audit_user_log_cb callback, void* user_data,
+ int* id)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_enable_user(en);
+ return p->audit_trail_add_user_log_cb(callback, user_data, id);
}
-
-int audit_trail_is_enabled_user(audit_trail_h handle, bool *en)
+int audit_trail_remove_user_log_cb(audit_trail_h handle,
+ int id)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_is_enabled_user(en);
-}
-
-int audit_trail_get_user_time(audit_trail_user_h handle, time_t *tm, unsigned short *ms)
-{
- return p_atrail->audit_trail_get_user_time(tm, ms);
-}
-
-int audit_trail_get_user_log_type(audit_trail_user_h handle, int *type)
-{
- return p_atrail->audit_trail_get_user_log_type(type);
-}
-
-int audit_trail_get_user_log_text(audit_trail_user_h handle, const char **text)
-{
- return p_atrail->audit_trail_get_user_log_text(text);
+ return p->audit_trail_remove_user_log_cb(id);
}
-#endif
#define AUDITTRAILSTUB_H
#include <audit-trail/audit-trail.h>
-//#include <audit-trail/dac.h> // DEPRECATED!
-//#include <audit-trail/mac.h> // DEPRECATED!
-//#include <audit-trail/syscall.h> // DEPRECATED!
-//#include <audit-trail/user.h> // DEPRECATED!
-
-//TODO: Rework when Audit-Trail API will be finalized
-#if 0
+#include <audit-trail/user-log.h>
+#include <audit-trail/system-log.h>
class IAuditTrail
{
public:
- virtual ~IAuditTrail() = default;
+ IAuditTrail();
+ virtual ~IAuditTrail();
virtual int audit_trail_create(audit_trail_h *handle) = 0;
virtual int audit_trail_destroy() = 0;
-
- virtual int audit_trail_foreach_dac(audit_trail_dac_cb callback, void *user_data) = 0;
- virtual int audit_trail_clear_dac() = 0;
- virtual int audit_trail_add_dac_cb(audit_trail_dac_cb callback, void* user_data, int* id) = 0;
- virtual int audit_trail_remove_dac_cb(int id) = 0;
- virtual int audit_trail_enable_dac(bool en) = 0;
- virtual int audit_trail_is_enabled_dac(bool *en) = 0;
- virtual int audit_trail_get_dac_time(time_t *tm, unsigned short *ms) = 0;
- virtual int audit_trail_get_dac_subject_name(const char **name) = 0;
- virtual int audit_trail_get_dac_subject_owner(uid_t *uid, gid_t *gid) = 0;
- virtual int audit_trail_get_dac_subject_effective_owner(uid_t *euid, gid_t *egid) = 0;
- virtual int audit_trail_get_dac_subject_pid(pid_t *pid) = 0;
- virtual int audit_trail_get_dac_object_name(const char **name) = 0;
- virtual int audit_trail_get_dac_object_owner(uid_t *uid, gid_t *gid) = 0;
- virtual int audit_trail_get_dac_object_mode(mode_t *mode) = 0;
- virtual int audit_trail_get_dac_action_syscall(unsigned int *syscall) = 0;
-
- virtual int audit_trail_foreach_mac(audit_trail_mac_cb callback, void *user_data) = 0;
- virtual int audit_trail_clear_mac() = 0;
- virtual int audit_trail_add_mac_cb(audit_trail_mac_cb callback, void* user_data, int* id) = 0;
- virtual int audit_trail_remove_mac_cb(int id) = 0;
- virtual int audit_trail_enable_mac(bool en) = 0;
- virtual int audit_trail_is_enabled_mac(bool *en) = 0;
- virtual int audit_trail_get_mac_time(time_t *tm, unsigned short *ms) = 0;
- virtual int audit_trail_get_mac_subject_name(const char **name) = 0;
- virtual int audit_trail_get_mac_subject_label(const char **label) = 0;
- virtual int audit_trail_get_mac_subject_pid(pid_t *pid) = 0;
- virtual int audit_trail_get_mac_object_name(const char **name) = 0;
- virtual int audit_trail_get_mac_object_label(const char **label) = 0;
- virtual int audit_trail_get_mac_action_syscall(unsigned int *syscall) = 0;
- virtual int audit_trail_get_mac_action_request(const char **req) = 0;
-
- virtual int audit_trail_foreach_syscall(audit_trail_syscall_cb callback, void *user_data) = 0;
- virtual int audit_trail_clear_syscall() = 0;
- virtual int audit_trail_add_syscall_cb(audit_trail_syscall_cb callback, void* user_data, int* id) = 0;
- virtual int audit_trail_remove_syscall_cb(int id) = 0;
- virtual int audit_trail_enable_syscall(bool en) = 0;
- virtual int audit_trail_is_enabled_syscall(bool *en) = 0;
- virtual int audit_trail_get_syscall_time(time_t *tm, unsigned short *ms) = 0;
- virtual int audit_trail_get_syscall_subject_name(const char **name) = 0;
- virtual int audit_trail_get_syscall_subject_owner(uid_t *uid, gid_t *gid) = 0;
- virtual int audit_trail_get_syscall_subject_effective_owner(uid_t *euid, gid_t *egid) = 0;
- virtual int audit_trail_get_syscall_subject_pid(pid_t *pid) = 0;
- virtual int audit_trail_get_syscall_action_syscall(unsigned int *syscall) = 0;
- virtual int audit_trail_get_syscall_action_exitcode(unsigned int *exit) = 0;
-
- virtual int audit_trail_foreach_user(audit_trail_user_cb callback, void *user_data) = 0;
- virtual int audit_trail_clear_user() = 0;
- virtual int audit_trail_add_user_cb(audit_trail_user_cb callback, void* user_data, int* id) = 0;
- virtual int audit_trail_remove_user_cb(int id) = 0;
- virtual int audit_trail_enable_user(bool en) = 0;
- virtual int audit_trail_is_enabled_user(bool *en) = 0;
- virtual int audit_trail_get_user_time(time_t *tm, unsigned short *ms) = 0;
- virtual int audit_trail_get_user_log_type(int *type) = 0;
- virtual int audit_trail_get_user_log_text(const char **text) = 0;
+ virtual int audit_trail_clear_system_log() = 0;
+ virtual int audit_trail_foreach_system_log(audit_system_log_cb callback,
+ void *user_data) = 0;
+ virtual int audit_trail_add_system_log_cb(audit_system_log_cb callback, void* user_data,
+ int* id) = 0;
+ virtual int audit_trail_remove_system_log_cb(int id) = 0;
+ virtual int audit_trail_clear_user_log() = 0;
+ virtual int audit_trail_foreach_user_log(audit_user_log_cb callback, void *user_data) = 0;
+ virtual int audit_trail_add_user_log_cb(audit_user_log_cb callback, void* user_data, int* id) = 0;
+ virtual int audit_trail_remove_user_log_cb(int id) = 0;
};
-void audit_trail_set_implementation(IAuditTrail* impl);
-
-class AuditTrailDefaultImpl: public IAuditTrail
+class IAuditSystemLogStub
{
public:
- int audit_trail_create(audit_trail_h *handle) override
- {
- *handle = this;
- return 0;
- }
- int audit_trail_destroy() override
- {
- return 0;
- }
-
- int audit_trail_foreach_dac(audit_trail_dac_cb callback, void *user_data) override
- {
- return 0;
- }
- int audit_trail_clear_dac() override
- {
- return 0;
- }
- int audit_trail_add_dac_cb(audit_trail_dac_cb callback, void* user_data, int* id) override
- {
- return 0;
- }
- int audit_trail_remove_dac_cb(int id) override
- {
- return 0;
- }
- int audit_trail_enable_dac(bool en) override
- {
- return 0;
- }
- int audit_trail_is_enabled_dac(bool *en) override
- {
- *en = true;
- return 0;
- }
- int audit_trail_get_dac_time(time_t *tm, unsigned short *ms) override
- {
- *tm = 0; *ms = 0;
- return 0;
- }
- int audit_trail_get_dac_subject_name(const char **name) override
- {
- *name = nullptr;
- return 0;
- }
- int audit_trail_get_dac_subject_owner(uid_t *uid, gid_t *gid) override
- {
- *uid = 0; *gid = 0;
- return 0;
- }
- int audit_trail_get_dac_subject_effective_owner(uid_t *euid, gid_t *egid) override
- {
- *euid = 0; *egid = 0;
- return 0;
- }
- int audit_trail_get_dac_subject_pid(pid_t *pid) override
- {
- *pid = 0;
- return 0;
- }
- int audit_trail_get_dac_object_name(const char **name) override
- {
- *name = nullptr;
- return 0;
- }
- int audit_trail_get_dac_object_owner(uid_t *uid, gid_t *gid) override
- {
- *uid = 0; *gid = 0;
- return 0;
- }
- int audit_trail_get_dac_object_mode(mode_t *mode) override
- {
- *mode = 0;
- return 0;
- }
- int audit_trail_get_dac_action_syscall(unsigned int *syscall) override
- {
- *syscall = 0;
- return 0;
- }
-
- int audit_trail_foreach_mac(audit_trail_mac_cb callback, void *user_data) override
- {
- return 0;
- }
- int audit_trail_clear_mac() override
- {
- return 0;
- }
- int audit_trail_add_mac_cb(audit_trail_mac_cb callback, void* user_data, int* id) override
- {
- return 0;
- }
- int audit_trail_remove_mac_cb(int id) override
- {
- return 0;
- }
- int audit_trail_enable_mac(bool en) override
- {
- return 0;
- }
- int audit_trail_is_enabled_mac(bool *en) override
- {
- *en = true;
- return 0;
- }
- int audit_trail_get_mac_time(time_t *tm, unsigned short *ms) override
- {
- *tm = 0; *ms = 0;
- return 0;
- }
- int audit_trail_get_mac_subject_name(const char **name) override
- {
- *name = nullptr;
- return 0;
- }
- int audit_trail_get_mac_subject_label(const char **label) override
- {
- *label = nullptr;
- return 0;
- }
- int audit_trail_get_mac_subject_pid(pid_t *pid) override
- {
- *pid = 0;
- return 0;
- }
- int audit_trail_get_mac_object_name(const char **name) override
- {
- *name = nullptr;
- return 0;
- }
- int audit_trail_get_mac_object_label(const char **label) override
- {
- *label = nullptr;
- return 0;
- }
- int audit_trail_get_mac_action_syscall(unsigned int *syscall) override
- {
- *syscall = 0;
- return 0;
- }
- int audit_trail_get_mac_action_request(const char **req) override
- {
- *req = nullptr;
- return 0;
- }
-
- int audit_trail_foreach_syscall(audit_trail_syscall_cb callback, void *user_data) override
- {
- return 0;
- }
- int audit_trail_clear_syscall() override
- {
- return 0;
- }
- int audit_trail_add_syscall_cb(audit_trail_syscall_cb callback, void* user_data, int* id) override
- {
- return 0;
- }
- int audit_trail_remove_syscall_cb(int id) override
- {
- return 0;
- }
- int audit_trail_enable_syscall(bool en) override
- {
- return 0;
- }
- int audit_trail_is_enabled_syscall(bool *en) override
- {
- *en = true;
- return 0;
- }
- int audit_trail_get_syscall_time(time_t *tm, unsigned short *ms) override
- {
- *tm = 0; *ms = 0;
- return 0;
- }
- int audit_trail_get_syscall_subject_name(const char **name) override
- {
- *name = nullptr;
- return 0;
- }
- int audit_trail_get_syscall_subject_owner(uid_t *uid, gid_t *gid) override
- {
- *uid = 0; *gid = 0;
- return 0;
- }
- int audit_trail_get_syscall_subject_effective_owner(uid_t *euid, gid_t *egid) override
- {
- *euid = 0; *egid = 0;
- return 0;
- }
- int audit_trail_get_syscall_subject_pid(pid_t *pid) override
- {
- *pid = 0;
- return 0;
- }
- int audit_trail_get_syscall_action_syscall(unsigned int *syscall) override
- {
- *syscall = 0;
- return 0;
- }
- int audit_trail_get_syscall_action_exitcode(unsigned int *exit) override
- {
- *exit = 0;
- return 0;
- }
-
- int audit_trail_foreach_user(audit_trail_user_cb callback, void *user_data) override
- {
- return 0;
- }
- int audit_trail_clear_user() override
- {
- return 0;
- }
- int audit_trail_add_user_cb(audit_trail_user_cb callback, void* user_data, int* id) override
- {
- return 0;
- }
- int audit_trail_remove_user_cb(int id) override
- {
- return 0;
- }
- int audit_trail_enable_user(bool en) override
- {
- return 0;
- }
- int audit_trail_is_enabled_user(bool *en) override
- {
- *en = true;
- return 0;
- }
- int audit_trail_get_user_time(time_t *tm, unsigned short *ms) override
- {
- *tm = 0; *ms = 0;
- return 0;
- }
- int audit_trail_get_user_log_type(int *type) override
- {
- *type = 0;
- return 0;
- }
- int audit_trail_get_user_log_text(const char **text) override
- {
- *text = nullptr;
- return 0;
- }
+ virtual ~IAuditSystemLogStub() = default;
+ virtual int audit_system_log_get_time(time_t *time, unsigned short *ms) = 0;
+ virtual int audit_system_log_get_subject_name(const char **name) = 0;
+ virtual int audit_system_log_get_subject_owner(uid_t *uid, gid_t *gid) = 0;
+ virtual int audit_system_log_get_subject_effective_owner(uid_t *euid, gid_t *egid) = 0;
+ virtual int audit_system_log_get_subject_pid(pid_t *pid) = 0;
+ virtual int audit_system_log_get_subject_smack_label(const char **label) = 0;
+ virtual int audit_system_log_get_object_type(int *type) = 0;
+ virtual int audit_system_log_get_object_owner(uid_t *uid, gid_t *gid) = 0;
+ virtual int audit_system_log_get_object_effective_owner(uid_t *euid, gid_t *egid) = 0;
+ virtual int audit_system_log_get_object_permission(mode_t *mode) = 0;
+ virtual int audit_system_log_get_object_smack_label(const char **label) = 0;
+ virtual int audit_system_log_get_object_name(const char **name) = 0;
+ virtual int audit_system_log_get_object_pid(pid_t *pid) = 0;
+ virtual int audit_system_log_get_object_inode(ino_t *inode) = 0;
+ virtual int audit_system_log_object_sockaddr(const char **socketaddr) = 0;
+ virtual int audit_system_log_get_action_systemcall(unsigned int *systemcall) = 0;
+ virtual int audit_system_log_get_action_arguments(unsigned int (*args)[4]) = 0;
+ virtual int audit_system_log_get_action_exitcode(int *exitcode) = 0;
};
-#endif
+class IAuditUserLogStub
+{
+public:
+ virtual ~IAuditUserLogStub() = default;
+ virtual int audit_user_log_get_time(time_t *time, unsigned short *ms) = 0;
+ virtual int audit_user_log_get_pid(pid_t *pid) = 0;
+ virtual int audit_user_log_get_type(int *type) = 0;
+ virtual int audit_user_log_get_text(const char **text) = 0;
+};
#endif // AUDITTRAILSTUB_H
{
public:
~IReporterMock(){}
- MOCK_METHOD2(sendReport, void(const std::string& module, const std::string& content));
+ MOCK_METHOD2(sendReport, void(const std::string& module, const Json::Value& content));
};
}
using ::testing::Invoke;
using ::testing::InvokeArgument;
using ::testing::Eq;
+using ::testing::WithArg;
using ::testing::WithArgs;
-//TODO: Rework when Audit-Trail API will be finalized
-#if 0
-
-typedef void (*LogCallback)(void* log, void* user_data);
-
namespace
{
-const std::string REPORT{"report log"};
-const char* EMPTY = "";
+const int SYSCALL_CB_ID = 1;
+const int USER_CB_ID = 2;
+
+const time_t TEST_SYS_TIME = 1234567;
+const unsigned short TEST_SYS_MS = 123;
+const char* TEST_SYS_SUBJ_NAME = "subj_name";
+const uid_t TEST_SYS_SUBJ_UID = 1;
+const gid_t TEST_SYS_SUBJ_GID = 2;
+const uid_t TEST_SYS_SUBJ_EUID = 3;
+const gid_t TEST_SYS_SUBJ_EGID = 4;
+const pid_t TEST_SYS_SUBJ_PID = 5;
+const char* TEST_SYS_SUBJ_LABEL = "subj_label";
+const int TEST_SYS_OBJ_TYPE = 6;
+const uid_t TEST_SYS_OBJ_UID = 7;
+const gid_t TEST_SYS_OBJ_GID = 8;
+const uid_t TEST_SYS_OBJ_EUID = 9;
+const gid_t TEST_SYS_OBJ_EGID = 10;
+const mode_t TEST_SYS_OBJ_PERM = 11;
+const char* TEST_SYS_OBJ_LABEL = "obj_label";
+const char* TEST_SYS_OBJ_NAME = "obj_name";
+const pid_t TEST_SYS_OBJ_PID = 12;
+const ino_t TEST_SYS_OBJ_INODE = 13;
+const int TEST_SYS_SYSCALL = 14;
+const unsigned int TEST_SYS_ARGS[4] = {15, 16, 17, 18};
+const int TEST_SYS_EXITCOD = 19;
+
+const time_t TEST_USER_TIME = 987654;
+const unsigned short TEST_USER_MS = 20;
+const pid_t TEST_USER_PID = 21;
+const int TEST_USER_TYPE = 22;
+const char* TEST_USER_TEXT = "user-text";
-const int DAC_CB_ID = 1;
-const int MAC_CB_ID = 2;
-const int SYSCALL_CB_ID = 3;
-const int USER_CB_ID = 4;
}
-/**
- * @brief Adapter used to invoke callback with predefined report log
- * @param cb [in] callback to invoke
- * @param user_data [in] user specific data supplied to callback
- */
-void InvokeCallbackWithReportAdapter(LogCallback cb, void* user_data)
+ACTION_P(invokeCallbackWith, h) { arg0(h, arg1); }
+
+void argsAssign(unsigned int (*args)[4])
{
- cb((void*)REPORT.c_str(), user_data);
+ for (int i = 0; i < 4; i++) {
+ (*args)[i] = TEST_SYS_ARGS[i];
+ }
}
/**
TEST(Test_AuditTrailClient, start_auditing)
{
AuditTrailMock atrail;
- audit_trail_set_implementation(&atrail);
+ AuditTrailSystemLogMock sysLog;
+ AuditTrailUserLogMock userLog;
NetworkManager::IReporterMock reporter;
- EXPECT_CALL(reporter, sendReport(_, _)).Times(5);
-
- {
- EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
-
- EXPECT_CALL(atrail, audit_trail_enable_dac(true)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_enable_mac(true)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_enable_user(true)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
-
- EXPECT_CALL(atrail, audit_trail_is_enabled_dac(_))
- .WillOnce(DoAll(SetArgPointee<0>(true), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_is_enabled_mac(_))
- .WillOnce(DoAll(SetArgPointee<0>(true), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_is_enabled_user(_))
- .WillOnce(DoAll(SetArgPointee<0>(true), Return(AUDIT_TRAIL_ERROR_NONE)));
-
- EXPECT_CALL(atrail, audit_trail_add_dac_cb(_, _, _))
- .WillOnce(DoAll(SetArgPointee<2>(DAC_CB_ID),
- WithArgs<0, 1>(Invoke(InvokeCallbackWithReportAdapter)),
- Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_dac_time(_, _))
- .WillOnce(DoAll(SetArgPointee<0>(0), SetArgPointee<1>(0), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_dac_subject_name(_))
- .WillOnce(DoAll(SetArgPointee<0>(EMPTY), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_dac_subject_owner(_, _))
- .WillOnce(DoAll(SetArgPointee<0>(0), SetArgPointee<1>(0), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_dac_subject_effective_owner(_, _))
- .WillOnce(DoAll(SetArgPointee<0>(0), SetArgPointee<1>(0), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_dac_subject_pid(_))
- .WillOnce(DoAll(SetArgPointee<0>(0), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_dac_object_name(_))
- .WillOnce(DoAll(SetArgPointee<0>(EMPTY), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_dac_object_owner(_, _))
- .WillOnce(DoAll(SetArgPointee<0>(0), SetArgPointee<1>(0), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_dac_object_mode(_))
- .WillOnce(DoAll(SetArgPointee<0>(0) , Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_dac_action_syscall(_))
- .WillOnce(DoAll(SetArgPointee<0>(0), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_remove_dac_cb(Eq(DAC_CB_ID))).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
-
- EXPECT_CALL(atrail, audit_trail_add_mac_cb(_, _, _))
- .WillOnce(DoAll(SetArgPointee<2>(MAC_CB_ID),
- WithArgs<0, 1>(Invoke(InvokeCallbackWithReportAdapter)),
- Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_mac_time(_, _))
- .WillOnce(DoAll(SetArgPointee<0>(0), SetArgPointee<1>(0), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_mac_subject_name(_))
- .WillOnce(DoAll(SetArgPointee<0>(EMPTY), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_mac_subject_label(_))
- .WillOnce(DoAll(SetArgPointee<0>(EMPTY), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_mac_subject_pid(_))
- .WillOnce(DoAll(SetArgPointee<0>(0), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_mac_object_name(_))
- .WillOnce(DoAll(SetArgPointee<0>(EMPTY), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_mac_object_label(_))
- .WillOnce(DoAll(SetArgPointee<0>(EMPTY), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_mac_action_syscall(_))
- .WillOnce(DoAll(SetArgPointee<0>(0), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_mac_action_request(_))
- .WillOnce(DoAll(SetArgPointee<0>(EMPTY), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_remove_mac_cb(Eq(MAC_CB_ID))).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
-
- EXPECT_CALL(atrail, audit_trail_add_user_cb(_, _, _))
- .WillOnce(DoAll(SetArgPointee<2>(USER_CB_ID),
- WithArgs<0, 1>(Invoke(InvokeCallbackWithReportAdapter)),
- WithArgs<0, 1>(Invoke(InvokeCallbackWithReportAdapter)),
- WithArgs<0, 1>(Invoke(InvokeCallbackWithReportAdapter)),
- Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_user_time(_, _))
- .WillRepeatedly(DoAll(SetArgPointee<0>(0), SetArgPointee<1>(0), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_user_log_type(_))
- .WillOnce(DoAll(SetArgPointee<0>(1111), Return(AUDIT_TRAIL_ERROR_NONE)))
- .WillOnce(DoAll(SetArgPointee<0>(1112), Return(AUDIT_TRAIL_ERROR_NONE)))
- .WillOnce(DoAll(SetArgPointee<0>(1113), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_user_log_text(_))
- .WillRepeatedly(DoAll(SetArgPointee<0>(EMPTY), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_remove_user_cb(Eq(USER_CB_ID))).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
-
- EXPECT_CALL(atrail, audit_trail_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- }
+ EXPECT_CALL(reporter, sendReport(Eq(std::string{"syscall"}), _)).Times(1);
+ EXPECT_CALL(reporter, sendReport(Eq(std::string{"user"}), _)).Times(1);
+ EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(atrail, audit_trail_add_system_log_cb(_, _, _))
+ .WillOnce(DoAll(SetArgPointee<2>(SYSCALL_CB_ID),
+ invokeCallbackWith(reinterpret_cast<audit_system_log_h>(&sysLog)),
+ Return(AUDIT_TRAIL_ERROR_NONE)));
+ EXPECT_CALL(atrail, audit_trail_remove_system_log_cb(Eq(SYSCALL_CB_ID)))
+ .Times(1);
+ EXPECT_CALL(atrail, audit_trail_add_user_log_cb(_, _, _))
+ .WillOnce(DoAll(SetArgPointee<2>(USER_CB_ID),
+ invokeCallbackWith(reinterpret_cast<audit_user_log_h>(&userLog)),
+ Return(AUDIT_TRAIL_ERROR_NONE)));
+ EXPECT_CALL(atrail, audit_trail_remove_user_log_cb(Eq(USER_CB_ID)))
+ .Times(1);
+
+ EXPECT_CALL(sysLog, audit_system_log_get_time(_, _))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_SYS_TIME),
+ SetArgPointee<1>(TEST_SYS_MS),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(sysLog, audit_system_log_get_subject_name(_))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_SYS_SUBJ_NAME),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(sysLog, audit_system_log_get_subject_owner(_, _))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_SYS_SUBJ_UID),
+ SetArgPointee<1>(TEST_SYS_SUBJ_GID),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(sysLog, audit_system_log_get_subject_effective_owner(_, _))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_SYS_SUBJ_EUID),
+ SetArgPointee<1>(TEST_SYS_SUBJ_EGID),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(sysLog, audit_system_log_get_subject_pid(_))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_SYS_SUBJ_PID),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(sysLog, audit_system_log_get_subject_smack_label(_))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_SYS_SUBJ_LABEL),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(sysLog, audit_system_log_get_object_type(_))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_SYS_OBJ_TYPE),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(sysLog, audit_system_log_get_object_owner(_, _))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_SYS_OBJ_UID),
+ SetArgPointee<1>(TEST_SYS_OBJ_GID),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(sysLog, audit_system_log_get_object_effective_owner(_, _))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_SYS_OBJ_EUID),
+ SetArgPointee<1>(TEST_SYS_OBJ_EGID),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(sysLog, audit_system_log_get_object_permission(_))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_SYS_OBJ_PERM),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(sysLog, audit_system_log_get_object_smack_label(_))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_SYS_OBJ_LABEL),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(sysLog, audit_system_log_get_object_name(_))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_SYS_OBJ_NAME),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(sysLog, audit_system_log_get_object_pid(_))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_SYS_OBJ_PID),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(sysLog, audit_system_log_get_object_inode(_))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_SYS_OBJ_INODE),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(sysLog, audit_system_log_get_action_systemcall(_))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_SYS_SYSCALL),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(sysLog, audit_system_log_get_action_arguments(_))
+ .WillOnce(
+ DoAll(
+ WithArg<0>(Invoke(argsAssign)),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(sysLog, audit_system_log_get_action_exitcode(_))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_SYS_EXITCOD),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(userLog, audit_user_log_get_time(_, _))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_USER_TIME),
+ SetArgPointee<1>(TEST_USER_MS),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(userLog, audit_user_log_get_pid(_))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_USER_PID),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(userLog, audit_user_log_get_type(_))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_USER_TYPE),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+ EXPECT_CALL(userLog, audit_user_log_get_text(_))
+ .WillOnce(
+ DoAll(
+ SetArgPointee<0>(TEST_USER_TEXT),
+ Return(AUDIT_TRAIL_ERROR_NONE)
+ )
+ );
+
+ EXPECT_CALL(atrail, audit_trail_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
AuditTrailClient aclient(&reporter);
EXPECT_TRUE(aclient.start_auditing());
}
/**
- * @brief TEST for syscall auditing usecase
+ * @brief TEST of situation when log info can not be collected
* 1. Create objects and mocks
- * 2. Run start syscall auditing
+ * 2. Run start auditing
* 3. Simulate callback invocation
- * 4. Stop syscall auditing
- * 5. Check expectations
+ * 4. Simulate errors
+ * 5. Stop auditing
+ * 6. Check expectations
*/
-TEST(Test_AuditTrailClient, syscall_auditing)
+TEST(Test_AuditTrailClient, collect_log_info_fail_simulation)
{
AuditTrailMock atrail;
- audit_trail_set_implementation(&atrail);
- NetworkManager::IReporterMock reporter;
+ AuditTrailSystemLogMock sysLog;
+ AuditTrailUserLogMock userLog;
- {
- EXPECT_CALL(atrail, audit_trail_enable_syscall(true)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_is_enabled_syscall(_))
- .WillOnce(DoAll(SetArgPointee<0>(true), Return(AUDIT_TRAIL_ERROR_NONE)));
-
- EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
-
- EXPECT_CALL(atrail, audit_trail_add_syscall_cb(_, _, _))
- .WillOnce(DoAll(SetArgPointee<2>(SYSCALL_CB_ID),
- WithArgs<0, 1>(Invoke(InvokeCallbackWithReportAdapter)),
- Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_syscall_time(_, _))
- .WillOnce(DoAll(SetArgPointee<0>(0), SetArgPointee<1>(0), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_syscall_subject_name(_))
- .WillOnce(DoAll(SetArgPointee<0>(EMPTY), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_syscall_subject_owner(_, _))
- .WillOnce(DoAll(SetArgPointee<0>(0), SetArgPointee<1>(0), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_syscall_subject_effective_owner(_, _))
- .WillOnce(DoAll(SetArgPointee<0>(0), SetArgPointee<1>(0), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_syscall_subject_pid(_))
- .WillOnce(DoAll(SetArgPointee<0>(0), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_syscall_action_syscall(_))
- .WillOnce(DoAll(SetArgPointee<0>(0), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_get_syscall_action_exitcode(_))
- .WillOnce(DoAll(SetArgPointee<0>(0), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_remove_syscall_cb(Eq(SYSCALL_CB_ID))).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
-
- EXPECT_CALL(atrail, audit_trail_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- }
-
- EXPECT_CALL(reporter, sendReport(_, _)).Times(1);
-
- AuditTrailClient aclient(&reporter);
- EXPECT_TRUE(aclient.start_syscall_auditing());
- EXPECT_NO_THROW(aclient.stop_syscall_auditing());
-}
-
-/**
- * @brief TEST for AuditTrailClient when audit_trail_create fails
- * 1. Create objects and mocks
- * 2. Create AuditTrailClient
- * 3. Expect it fails with exception
- */
-TEST(Test_AuditTrailClient, audit_trail_create_fault)
-{
- AuditTrailMock atrail;
- audit_trail_set_implementation(&atrail);
NetworkManager::IReporterMock reporter;
- EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_CONNECTION_REFUSED));
-
- EXPECT_ANY_THROW(AuditTrailClient aclient(&reporter));
-}
-
-/**
- * @brief TEST for AuditTrailClient when audit_trail_enable_dac fails
- * 1. Create objects and mocks
- * 2. Create AuditTrailClient
- * 3. Expect it fails for start_auditing call
- */
-TEST(Test_AuditTrailClient, start_auditing_enable_dac_fails)
-{
- AuditTrailMock atrail;
- audit_trail_set_implementation(&atrail);
-
- {
- ::testing::InSequence dummy;
-
- EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
-
- EXPECT_CALL(atrail, audit_trail_enable_dac(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_CONNECTION_REFUSED));
- EXPECT_CALL(atrail, audit_trail_enable_mac(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_is_enabled_mac(_))
- .WillOnce(DoAll(SetArgPointee<0>(true),Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_add_mac_cb(_,_,_))
- .WillOnce(DoAll(SetArgPointee<2>(MAC_CB_ID), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_enable_user(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_is_enabled_user(_))
- .WillOnce(DoAll(SetArgPointee<0>(true),Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_add_user_cb(_,_,_))
- .WillOnce(DoAll(SetArgPointee<2>(USER_CB_ID), Return(AUDIT_TRAIL_ERROR_NONE)));
-
- EXPECT_CALL(atrail, audit_trail_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- }
-
- NetworkManager::IReporterMock reporter;
+ EXPECT_CALL(reporter, sendReport(_, _)).Times(0);
+ EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(atrail, audit_trail_add_system_log_cb(_, _, _))
+ .WillOnce(DoAll(SetArgPointee<2>(SYSCALL_CB_ID),
+ invokeCallbackWith(reinterpret_cast<audit_system_log_h>(&sysLog)),
+ Return(AUDIT_TRAIL_ERROR_NONE)));
+ EXPECT_CALL(atrail, audit_trail_remove_system_log_cb(Eq(SYSCALL_CB_ID)))
+ .Times(1);
+ EXPECT_CALL(atrail, audit_trail_add_user_log_cb(_, _, _))
+ .WillOnce(DoAll(SetArgPointee<2>(USER_CB_ID),
+ invokeCallbackWith(reinterpret_cast<audit_user_log_h>(&userLog)),
+ Return(AUDIT_TRAIL_ERROR_NONE)));
+ EXPECT_CALL(atrail, audit_trail_remove_user_log_cb(Eq(USER_CB_ID)))
+ .Times(1);
+
+ EXPECT_CALL(sysLog, audit_system_log_get_time(_, _))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(sysLog, audit_system_log_get_subject_name(_))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(sysLog, audit_system_log_get_subject_owner(_, _))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(sysLog, audit_system_log_get_subject_effective_owner(_, _))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(sysLog, audit_system_log_get_subject_pid(_))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(sysLog, audit_system_log_get_subject_smack_label(_))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(sysLog, audit_system_log_get_object_type(_))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(sysLog, audit_system_log_get_object_owner(_, _))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(sysLog, audit_system_log_get_object_effective_owner(_, _))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(sysLog, audit_system_log_get_object_permission(_))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(sysLog, audit_system_log_get_object_smack_label(_))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(sysLog, audit_system_log_get_object_name(_))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(sysLog, audit_system_log_get_object_pid(_))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(sysLog, audit_system_log_get_object_inode(_))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(sysLog, audit_system_log_get_action_systemcall(_))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(sysLog, audit_system_log_get_action_arguments(_))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(sysLog, audit_system_log_get_action_exitcode(_))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(userLog, audit_user_log_get_time(_, _))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(userLog, audit_user_log_get_pid(_))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(userLog, audit_user_log_get_type(_))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+ EXPECT_CALL(userLog, audit_user_log_get_text(_))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NO_DATA));
+
+
+ EXPECT_CALL(atrail, audit_trail_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
AuditTrailClient aclient(&reporter);
- EXPECT_FALSE(aclient.start_auditing());
+ EXPECT_TRUE(aclient.start_auditing());
+ EXPECT_NO_THROW(aclient.stop_auditing());
}
/**
- * @brief TEST for AuditTrailClient when audit_trail_enable_mac fails
+ * @brief TEST of start auditinf failure when system log callback setup fails
* 1. Create objects and mocks
- * 2. Create AuditTrailClient
- * 3. Expect it fails for start_auditing call
+ * 2. Run start auditing
+ * 3. Simulate errors
+ * 4. Stop auditing
+ * 5. Check expectations
*/
-TEST(Test_AuditTrailClient, start_auditing_enable_mac_fails)
+TEST(Test_AuditTrailClient, start_auditing_fails)
{
AuditTrailMock atrail;
- audit_trail_set_implementation(&atrail);
-
- {
- ::testing::InSequence dummy;
-
- EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
-
- EXPECT_CALL(atrail, audit_trail_enable_dac(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_is_enabled_dac(_))
- .WillOnce(DoAll(SetArgPointee<0>(true),Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_add_dac_cb(_,_,_))
- .WillOnce(DoAll(SetArgPointee<2>(DAC_CB_ID), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_enable_mac(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_CONNECTION_REFUSED));
- EXPECT_CALL(atrail, audit_trail_enable_user(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_is_enabled_user(_))
- .WillOnce(DoAll(SetArgPointee<0>(true),Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_add_user_cb(_,_,_))
- .WillOnce(DoAll(SetArgPointee<2>(USER_CB_ID), Return(AUDIT_TRAIL_ERROR_NONE)));
-
- EXPECT_CALL(atrail, audit_trail_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- }
+ AuditTrailSystemLogMock sysLog;
+ AuditTrailUserLogMock userLog;
NetworkManager::IReporterMock reporter;
- AuditTrailClient aclient(&reporter);
- EXPECT_FALSE(aclient.start_auditing());
-}
-
-/**
- * @brief TEST for AuditTrailClient when audit_trail_enable_user fails
- * 1. Create objects and mocks
- * 2. Create AuditTrailClient
- * 3. Expect it fails for start_auditing call
- */
-TEST(Test_AuditTrailClient, start_auditing_enable_user_fails)
-{
- AuditTrailMock atrail;
- audit_trail_set_implementation(&atrail);
-
- {
- ::testing::InSequence dummy;
-
- EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
-
- EXPECT_CALL(atrail, audit_trail_enable_dac(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_is_enabled_dac(_))
- .WillOnce(DoAll(SetArgPointee<0>(true),Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_add_dac_cb(_,_,_))
- .WillOnce(DoAll(SetArgPointee<2>(DAC_CB_ID), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_enable_mac(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_is_enabled_mac(_))
- .WillOnce(DoAll(SetArgPointee<0>(true),Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_add_mac_cb(_,_,_))
- .WillOnce(DoAll(SetArgPointee<2>(MAC_CB_ID), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_enable_user(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_CONNECTION_REFUSED));
-
- EXPECT_CALL(atrail, audit_trail_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- }
+ EXPECT_CALL(reporter, sendReport(_, _)).Times(0);
+ EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(atrail, audit_trail_add_system_log_cb(_, _, _))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_INVALID_PARAMETER));
+ EXPECT_CALL(atrail, audit_trail_remove_system_log_cb(_))
+ .Times(0);
+ EXPECT_CALL(atrail, audit_trail_add_user_log_cb(_, _, _))
+ .Times(0);
+ EXPECT_CALL(atrail, audit_trail_remove_user_log_cb(_))
+ .Times(0);
- NetworkManager::IReporterMock reporter;
+ EXPECT_CALL(atrail, audit_trail_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
AuditTrailClient aclient(&reporter);
EXPECT_FALSE(aclient.start_auditing());
+ EXPECT_NO_THROW(aclient.stop_auditing());
}
/**
- * @brief TEST for AuditTrailClient when audit_trail_is_enabled_dac fails
+ * @brief TEST of start auditinf failure when user log callback setup fails
* 1. Create objects and mocks
- * 2. Create AuditTrailClient
- * 3. Expect it fails for start_auditing call
+ * 2. Run start auditing
+ * 3. Simulate errors
+ * 4. Stop auditing
+ * 5. Check expectations
*/
-TEST(Test_AuditTrailClient, start_auditing_is_enabled_dac_fails)
+TEST(Test_AuditTrailClient, start_auditing_fails_user_log)
{
AuditTrailMock atrail;
- audit_trail_set_implementation(&atrail);
-
- {
- ::testing::InSequence dummy;
-
- EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
-
- EXPECT_CALL(atrail, audit_trail_enable_dac(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_is_enabled_dac(_))
- .WillOnce(DoAll(SetArgPointee<0>(false),Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_enable_mac(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_is_enabled_mac(_))
- .WillOnce(DoAll(SetArgPointee<0>(true),Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_add_mac_cb(_,_,_))
- .WillOnce(DoAll(SetArgPointee<2>(MAC_CB_ID), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_enable_user(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_is_enabled_user(_))
- .WillOnce(DoAll(SetArgPointee<0>(true),Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_add_user_cb(_,_,_))
- .WillOnce(DoAll(SetArgPointee<2>(USER_CB_ID), Return(AUDIT_TRAIL_ERROR_NONE)));
-
- EXPECT_CALL(atrail, audit_trail_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- }
+ AuditTrailSystemLogMock sysLog;
+ AuditTrailUserLogMock userLog;
NetworkManager::IReporterMock reporter;
- AuditTrailClient aclient(&reporter);
- EXPECT_FALSE(aclient.start_auditing());
-}
-
-/**
- * @brief TEST for AuditTrailClient when audit_trail_is_enabled_mac fails
- * 1. Create objects and mocks
- * 2. Create AuditTrailClient
- * 3. Expect it fails for start_auditing call
- */
-TEST(Test_AuditTrailClient, start_auditing_is_enabled_mac_fails)
-{
- AuditTrailMock atrail;
- audit_trail_set_implementation(&atrail);
-
- {
- ::testing::InSequence dummy;
-
- EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
-
- EXPECT_CALL(atrail, audit_trail_enable_dac(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_is_enabled_dac(_))
- .WillOnce(DoAll(SetArgPointee<0>(true),Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_add_dac_cb(_,_,_))
- .WillOnce(DoAll(SetArgPointee<2>(DAC_CB_ID), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_enable_mac(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_is_enabled_mac(_))
- .WillOnce(DoAll(SetArgPointee<0>(false),Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_enable_user(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_is_enabled_user(_))
- .WillOnce(DoAll(SetArgPointee<0>(true),Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_add_user_cb(_,_,_))
- .WillOnce(DoAll(SetArgPointee<2>(USER_CB_ID), Return(AUDIT_TRAIL_ERROR_NONE)));
-
- EXPECT_CALL(atrail, audit_trail_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- }
+ EXPECT_CALL(reporter, sendReport(_, _)).Times(0);
+ EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(atrail, audit_trail_add_system_log_cb(_, _, _))
+ .WillOnce(DoAll(SetArgPointee<2>(SYSCALL_CB_ID),
+ Return(AUDIT_TRAIL_ERROR_NONE)));
+ EXPECT_CALL(atrail, audit_trail_remove_system_log_cb(Eq(SYSCALL_CB_ID)))
+ .Times(1);
+ EXPECT_CALL(atrail, audit_trail_add_user_log_cb(_, _, _))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_INVALID_PARAMETER));
+ EXPECT_CALL(atrail, audit_trail_remove_user_log_cb(_))
+ .Times(0);
- NetworkManager::IReporterMock reporter;
+ EXPECT_CALL(atrail, audit_trail_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
AuditTrailClient aclient(&reporter);
EXPECT_FALSE(aclient.start_auditing());
+ EXPECT_NO_THROW(aclient.stop_auditing());
}
/**
- * @brief TEST for AuditTrailClient when audit_trail_is_enabled_user fails
- * 1. Create objects and mocks
- * 2. Create AuditTrailClient
- * 3. Expect it fails for start_auditing call
+ * @brief TEST of audit_trail_create return an error
*/
-TEST(Test_AuditTrailClient, start_auditing_is_enabled_user_fails)
+TEST(Test_AuditTrailClient, simulate_failure_of_audit_trail_create)
{
AuditTrailMock atrail;
- audit_trail_set_implementation(&atrail);
-
- {
- ::testing::InSequence dummy;
-
- EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
-
- EXPECT_CALL(atrail, audit_trail_enable_dac(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_is_enabled_dac(_))
- .WillOnce(DoAll(SetArgPointee<0>(true),Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_add_dac_cb(_,_,_))
- .WillOnce(DoAll(SetArgPointee<2>(DAC_CB_ID), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_enable_mac(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_is_enabled_mac(_))
- .WillOnce(DoAll(SetArgPointee<0>(true),Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_add_mac_cb(_,_,_))
- .WillOnce(DoAll(SetArgPointee<2>(MAC_CB_ID), Return(AUDIT_TRAIL_ERROR_NONE)));
- EXPECT_CALL(atrail, audit_trail_enable_user(true))
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(atrail, audit_trail_is_enabled_user(_))
- .WillOnce(DoAll(SetArgPointee<0>(false),Return(AUDIT_TRAIL_ERROR_NONE)));
-
- EXPECT_CALL(atrail, audit_trail_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- }
NetworkManager::IReporterMock reporter;
- AuditTrailClient aclient(&reporter);
- EXPECT_FALSE(aclient.start_auditing());
-}
+ EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_INVALID_PARAMETER));
-/**
- * @brief TEST for AuditTrailClient DAC log callback
- * 1. Create objects and mocks
- * 2. Create AuditTrailClient
- * 3. Expect it fails for audit_trail_get_dac_ calls
- */
-#define DAC_LOG_CALLBACK(_name, _r1, _r2, _r3, _r4, _r5, _r6, _r7, _r8, _r9) \
- TEST(Test_AuditTrailClient, dac_log_callback_fails_##_name) \
- { \
- AuditTrailMock atrail; \
- audit_trail_set_implementation(&atrail); \
- { \
- EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE)); \
- \
- EXPECT_CALL(atrail, audit_trail_enable_dac(true)) \
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE)); \
- \
- EXPECT_CALL(atrail, audit_trail_is_enabled_dac(_)) \
- .WillOnce(DoAll(SetArgPointee<0>(true), Return(AUDIT_TRAIL_ERROR_NONE))); \
- \
- EXPECT_CALL(atrail, audit_trail_add_dac_cb(_, _, _)) \
- .WillOnce(DoAll(SetArgPointee<2>(DAC_CB_ID), \
- WithArgs<0, 1>(Invoke(InvokeCallbackWithReportAdapter)), \
- Return(AUDIT_TRAIL_ERROR_NONE))); \
- \
- switch (_name) \
- { \
- case 9: \
- EXPECT_CALL(atrail, audit_trail_get_dac_action_syscall(_)).WillOnce(Return(_r9)); \
- case 8: \
- EXPECT_CALL(atrail, audit_trail_get_dac_object_mode(_)).WillOnce(Return(_r8)); \
- case 7: \
- EXPECT_CALL(atrail, audit_trail_get_dac_object_owner(_, _)).WillOnce(Return(_r7)); \
- case 6: \
- EXPECT_CALL(atrail, audit_trail_get_dac_object_name(_)).WillOnce(Return(_r6)); \
- case 5: \
- EXPECT_CALL(atrail, audit_trail_get_dac_subject_pid(_)).WillOnce(Return(_r5)); \
- case 4: \
- EXPECT_CALL(atrail, audit_trail_get_dac_subject_effective_owner(_, _)).WillOnce(Return(_r4)); \
- case 3: \
- EXPECT_CALL(atrail, audit_trail_get_dac_subject_owner(_, _)).WillOnce(Return(_r3)); \
- case 2: \
- EXPECT_CALL(atrail, audit_trail_get_dac_subject_name(_)).WillOnce(Return(_r2)); \
- case 1: \
- EXPECT_CALL(atrail, audit_trail_get_dac_time(_, _)).WillOnce(Return(_r1)); \
- } \
- \
- EXPECT_CALL(atrail, audit_trail_remove_dac_cb(Eq(DAC_CB_ID))).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE)); \
- \
- EXPECT_CALL(atrail, audit_trail_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE)); \
- } \
- \
- NetworkManager::IReporterMock reporter; \
- \
- AuditTrailClient aclient(&reporter); \
- EXPECT_TRUE(aclient.start_dac_auditing()); \
- EXPECT_NO_THROW(aclient.stop_dac_auditing()); \
-} \
-
-DAC_LOG_CALLBACK(1, 1, 0, 0, 0, 0, 0, 0, 0, 0)
-DAC_LOG_CALLBACK(2, 0, 1, 0, 0, 0, 0, 0, 0, 0)
-DAC_LOG_CALLBACK(3, 0, 0, 1, 0, 0, 0, 0, 0, 0)
-DAC_LOG_CALLBACK(4, 0, 0, 0, 1, 0, 0, 0, 0, 0)
-DAC_LOG_CALLBACK(5, 0, 0, 0, 0, 1, 0, 0, 0, 0)
-DAC_LOG_CALLBACK(6, 0, 0, 0, 0, 0, 1, 0, 0, 0)
-DAC_LOG_CALLBACK(7, 0, 0, 0, 0, 0, 0, 1, 0, 0)
-DAC_LOG_CALLBACK(8, 0, 0, 0, 0, 0, 0, 0, 1, 0)
-DAC_LOG_CALLBACK(9, 0, 0, 0, 0, 0, 0, 0, 0, 1)
-
-/**
- * @brief TEST for AuditTrailClient MAC log callback
- * 1. Create objects and mocks
- * 2. Create AuditTrailClient
- * 3. Expect it fails for audit_trail_get_mac_ calls
- */
-#define MAC_LOG_CALLBACK(_name, _r1, _r2, _r3, _r4, _r5, _r6, _r7, _r8) \
- TEST(Test_AuditTrailClient, mac_log_callback_fails_##_name) \
- { \
- AuditTrailMock atrail; \
- audit_trail_set_implementation(&atrail); \
- { \
- EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE)); \
- \
- EXPECT_CALL(atrail, audit_trail_enable_mac(true)) \
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE)); \
- \
- EXPECT_CALL(atrail, audit_trail_is_enabled_mac(_)) \
- .WillOnce(DoAll(SetArgPointee<0>(true), Return(AUDIT_TRAIL_ERROR_NONE))); \
- \
- EXPECT_CALL(atrail, audit_trail_add_mac_cb(_, _, _)) \
- .WillOnce(DoAll(SetArgPointee<2>(MAC_CB_ID), \
- WithArgs<0, 1>(Invoke(InvokeCallbackWithReportAdapter)), \
- Return(AUDIT_TRAIL_ERROR_NONE))); \
- \
- switch (_name) \
- { \
- case 8: \
- EXPECT_CALL(atrail, audit_trail_get_mac_action_request(_)).WillOnce(Return(_r8)); \
- case 7: \
- EXPECT_CALL(atrail, audit_trail_get_mac_action_syscall(_)).WillOnce(Return(_r7)); \
- case 6: \
- EXPECT_CALL(atrail, audit_trail_get_mac_object_label(_)).WillOnce(Return(_r6)); \
- case 5: \
- EXPECT_CALL(atrail, audit_trail_get_mac_object_name(_)).WillOnce(Return(_r5)); \
- case 4: \
- EXPECT_CALL(atrail, audit_trail_get_mac_subject_pid(_)).WillOnce(Return(_r4)); \
- case 3: \
- EXPECT_CALL(atrail, audit_trail_get_mac_subject_label(_)).WillOnce(Return(_r3)); \
- case 2: \
- EXPECT_CALL(atrail, audit_trail_get_mac_subject_name(_)).WillOnce(Return(_r2)); \
- case 1: \
- EXPECT_CALL(atrail, audit_trail_get_mac_time(_, _)).WillOnce(Return(_r1)); \
- } \
- \
- EXPECT_CALL(atrail, audit_trail_remove_mac_cb(Eq(MAC_CB_ID))).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE)); \
- \
- EXPECT_CALL(atrail, audit_trail_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE)); \
- } \
- \
- NetworkManager::IReporterMock reporter; \
- \
- AuditTrailClient aclient(&reporter); \
- EXPECT_TRUE(aclient.start_mac_auditing()); \
- EXPECT_NO_THROW(aclient.stop_mac_auditing()); \
-} \
-
-MAC_LOG_CALLBACK(1, 1, 0, 0, 0, 0, 0, 0, 0)
-MAC_LOG_CALLBACK(2, 0, 1, 0, 0, 0, 0, 0, 0)
-MAC_LOG_CALLBACK(3, 0, 0, 1, 0, 0, 0, 0, 0)
-MAC_LOG_CALLBACK(4, 0, 0, 0, 1, 0, 0, 0, 0)
-MAC_LOG_CALLBACK(5, 0, 0, 0, 0, 1, 0, 0, 0)
-MAC_LOG_CALLBACK(6, 0, 0, 0, 0, 0, 1, 0, 0)
-MAC_LOG_CALLBACK(7, 0, 0, 0, 0, 0, 0, 1, 0)
-MAC_LOG_CALLBACK(8, 0, 0, 0, 0, 0, 0, 0, 1)
-
-/**
- * @brief TEST for AuditTrailClient syscall log callback
- * 1. Create objects and mocks
- * 2. Create AuditTrailClient
- * 3. Expect it fails for audit_trail_get_syscall_ calls
- */
-#define SYSCALL_LOG_CALLBACK(_name, _r1, _r2, _r3, _r4, _r5, _r6, _r7) \
- TEST(Test_AuditTrailClient, syscall_log_callback_fails_##_name) \
- { \
- AuditTrailMock atrail; \
- audit_trail_set_implementation(&atrail); \
- { \
- EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE)); \
- \
- EXPECT_CALL(atrail, audit_trail_enable_syscall(true)) \
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE)); \
- \
- EXPECT_CALL(atrail, audit_trail_is_enabled_syscall(_)) \
- .WillOnce(DoAll(SetArgPointee<0>(true), Return(AUDIT_TRAIL_ERROR_NONE))); \
- \
- EXPECT_CALL(atrail, audit_trail_add_syscall_cb(_, _, _)) \
- .WillOnce(DoAll(SetArgPointee<2>(SYSCALL_CB_ID), \
- WithArgs<0, 1>(Invoke(InvokeCallbackWithReportAdapter)), \
- Return(AUDIT_TRAIL_ERROR_NONE))); \
- \
- switch (_name) \
- { \
- case 7: \
- EXPECT_CALL(atrail, audit_trail_get_syscall_action_exitcode(_)).WillOnce(Return(_r7)); \
- case 6: \
- EXPECT_CALL(atrail, audit_trail_get_syscall_action_syscall(_)).WillOnce(Return(_r6)); \
- case 5: \
- EXPECT_CALL(atrail, audit_trail_get_syscall_subject_pid(_)).WillOnce(Return(_r5)); \
- case 4: \
- EXPECT_CALL(atrail, audit_trail_get_syscall_subject_effective_owner(_, _)).WillOnce(Return(_r4)); \
- case 3: \
- EXPECT_CALL(atrail, audit_trail_get_syscall_subject_owner(_, _)).WillOnce(Return(_r3)); \
- case 2: \
- EXPECT_CALL(atrail, audit_trail_get_syscall_subject_name(_)).WillOnce(Return(_r2)); \
- case 1: \
- EXPECT_CALL(atrail, audit_trail_get_syscall_time(_, _)).WillOnce(Return(_r1)); \
- } \
- \
- EXPECT_CALL(atrail, audit_trail_remove_syscall_cb(Eq(SYSCALL_CB_ID))).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE)); \
- \
- EXPECT_CALL(atrail, audit_trail_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE)); \
- } \
- \
- NetworkManager::IReporterMock reporter; \
- \
- AuditTrailClient aclient(&reporter); \
- EXPECT_TRUE(aclient.start_syscall_auditing()); \
- EXPECT_NO_THROW(aclient.stop_syscall_auditing()); \
-} \
-
-SYSCALL_LOG_CALLBACK(1, 1, 0, 0, 0, 0, 0, 0)
-SYSCALL_LOG_CALLBACK(2, 0, 1, 0, 0, 0, 0, 0)
-SYSCALL_LOG_CALLBACK(3, 0, 0, 1, 0, 0, 0, 0)
-SYSCALL_LOG_CALLBACK(4, 0, 0, 0, 1, 0, 0, 0)
-SYSCALL_LOG_CALLBACK(5, 0, 0, 0, 0, 1, 0, 0)
-SYSCALL_LOG_CALLBACK(6, 0, 0, 0, 0, 0, 1, 0)
-SYSCALL_LOG_CALLBACK(7, 0, 0, 0, 0, 0, 0, 1)
-
-/**
- * @brief TEST for AuditTrailClient user log callback
- * 1. Create objects and mocks
- * 2. Create AuditTrailClient
- * 3. Expect it fails for audit_trail_get_user_ calls
- */
-#define USER_LOG_CALLBACK(_name, _r1, _r2, _r3) \
- TEST(Test_AuditTrailClient, user_log_user_fails_##_name) \
- { \
- AuditTrailMock atrail; \
- audit_trail_set_implementation(&atrail); \
- { \
- EXPECT_CALL(atrail, audit_trail_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE)); \
- \
- EXPECT_CALL(atrail, audit_trail_enable_user(true)) \
- .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE)); \
- \
- EXPECT_CALL(atrail, audit_trail_is_enabled_user(_)) \
- .WillOnce(DoAll(SetArgPointee<0>(true), Return(AUDIT_TRAIL_ERROR_NONE))); \
- \
- EXPECT_CALL(atrail, audit_trail_add_user_cb(_, _, _)) \
- .WillOnce(DoAll(SetArgPointee<2>(USER_CB_ID), \
- WithArgs<0, 1>(Invoke(InvokeCallbackWithReportAdapter)), \
- Return(AUDIT_TRAIL_ERROR_NONE))); \
- \
- switch (_name) \
- { \
- case 3: \
- EXPECT_CALL(atrail, audit_trail_get_user_log_text(_)).WillOnce(Return(_r3)); \
- case 2: \
- EXPECT_CALL(atrail, audit_trail_get_user_log_type(_)).WillOnce(Return(_r2)); \
- case 1: \
- EXPECT_CALL(atrail, audit_trail_get_user_time(_, _)).WillOnce(Return(_r1)); \
- } \
- \
- EXPECT_CALL(atrail, audit_trail_remove_user_cb(Eq(USER_CB_ID))).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE)); \
- \
- EXPECT_CALL(atrail, audit_trail_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE)); \
- } \
- \
- NetworkManager::IReporterMock reporter; \
- \
- AuditTrailClient aclient(&reporter); \
- EXPECT_TRUE(aclient.start_user_auditing()); \
- EXPECT_NO_THROW(aclient.stop_user_auditing()); \
-} \
-
-USER_LOG_CALLBACK(1, 1, 0, 0)
-USER_LOG_CALLBACK(2, 0, 1, 0)
-USER_LOG_CALLBACK(3, 0, 0, 1)
-#endif
+ EXPECT_ANY_THROW(AuditTrailClient a(&reporter));
+}
--- /dev/null
+/**
+ * @brief test testing function used in tests
+ * @date Created 22.11.2016
+ * @author Created 2016 in Samsung Ukraine R&D Center (SURC) under a contract
+ * between LLC "Samsung Electronics Ukraine Company" (Kiev, Ukraine)
+ * and "Samsung Electronics Co", Ltd (Seoul, Republic of Korea).
+ * Copyright: (c) Samsung Electronics Co, Ltd 2016. All rights reserved.
+ * @author Mail to: <A HREF="mailto:d.lomtev@samsung.com">Dmytro Lomtev, d.lomtev@samsung.com</A>
+ */
+#include <string>
+#include <gtest/gtest.h>
+#include "base64.h"
+
+const std::string test_str_plain_1{"Text string to make base64 encode _ 1"};
+const std::string test_str_plain_2{"Text string to make base64 encode __ 2"};
+const std::string test_str_plain_3{"Text string to make base64 encode ___ 3"};
+
+const std::string test_str_encoded_1{"VGV4dCBzdHJpbmcgdG8gbWFrZSBiYXNlNjQgZW5jb2RlIF8gMQ=="};
+const std::string test_str_encoded_2{"VGV4dCBzdHJpbmcgdG8gbWFrZSBiYXNlNjQgZW5jb2RlIF9fIDI="};
+const std::string test_str_encoded_3{"VGV4dCBzdHJpbmcgdG8gbWFrZSBiYXNlNjQgZW5jb2RlIF9fXyAz"};
+
+using namespace NMD;
+
+TEST(base64, test)
+{
+ try
+ {
+ ASSERT_EQ(test_str_encoded_1, base64_encode(test_str_plain_1));
+ ASSERT_EQ(test_str_plain_1, base64_decode(test_str_encoded_1));
+
+ ASSERT_EQ(test_str_encoded_2, base64_encode(test_str_plain_2));
+ ASSERT_EQ(test_str_plain_2, base64_decode(test_str_encoded_2));
+
+ ASSERT_EQ(test_str_encoded_3, base64_encode(test_str_plain_3));
+ ASSERT_EQ(test_str_plain_3, base64_decode(test_str_encoded_3));
+ }
+ catch (std::exception& e)
+ {
+ FAIL() << e.what();
+ }
+}
#include "connection.h"
#include "eventlistener.h"
#include "restservicemock.h"
+#include <jsoncpp/json/reader.h>
using namespace NetworkManager;
using ::testing::_;
using ::testing::Eq;
using ::testing::Return;
+using ::testing::ReturnNull;
using ::testing::Throw;
using ::testing::DoAll;
using ::testing::Invoke;
+using ::testing::WithArg;
using ::testing::WithArgs;
#define TAG "Tests"
const std::string TEST_DEVICE_ID{"device-id"};
const std::string TEST_EVENT_TYPE{"report"};
-const std::string TEST_EVENT_DATA1{"{sdfssdfsdfffsdfsdfsd}"};
-const std::string TEST_EVENT_DATA2{"{--------------------}"};
+//const std::string TEST_EVENT_DATA1{"{sdfssdfsdfffsdfsdfsd}"};
+//const std::string TEST_EVENT_DATA2{"{--------------------}"};
+const std::string TEST_EVENT_DATA1{"{\"value\": 1}"};
+const std::string TEST_EVENT_DATA2{"{\"value\": 2}"};
const std::string TEST_UPDATES{ R"-([
{"type":"policy","uri":"policy-uri"},
{"type":"action","uri":"action-uri"},
RestServiceMock rest;
settings.setDeviceId("");
Connection conn(settings, &rest);
+ Json::Reader reader;
ReportComposer rc;
- rc.addEvent(std::make_pair(TEST_EVENT_TYPE, TEST_EVENT_DATA1));
- rc.addEvent(std::make_pair(TEST_EVENT_TYPE, TEST_EVENT_DATA2));
+ Json::Value data1, data2;
+ ASSERT_TRUE(reader.parse(TEST_EVENT_DATA1, data1));
+ ASSERT_TRUE(reader.parse(TEST_EVENT_DATA2, data2));
+ rc.addEvent(std::make_pair(TEST_EVENT_TYPE, data1));
+ rc.addEvent(std::make_pair(TEST_EVENT_TYPE, data2));
SessionInfo checkSessState{"", ""};
EXPECT_CALL(rest, registerDevice(Eq(checkSessState)))
.Times(1);
std::thread t(&Connection::loop, &conn);
- conn.addReportEvent(TEST_EVENT_TYPE, TEST_EVENT_DATA1);
- conn.addReportEvent(TEST_EVENT_TYPE, TEST_EVENT_DATA2);
+ conn.addReportEvent(TEST_EVENT_TYPE, std::move(data1));
+ conn.addReportEvent(TEST_EVENT_TYPE, std::move(data2));
std::this_thread::sleep_for(std::chrono::milliseconds(70));
projects / platform / core / security / suspicious-activity-monitor.git / commitdiff