Rework audit listener to generate rv event

Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>

diff --git a/src/listeners/audit.c b/src/listeners/audit.c
index ad90e6022ca63952b61552b01f0c2f826886117e..dc58342c7bcbde23c0c571a00d268c7e5cc253d3 100644 (file)
--- a/src/listeners/audit.c
+++ b/src/listeners/audit.c
@@ -28,6 +28,9 @@
 
 #include "log.h"
 #include "module.h"
+#include "event.h"
+#include "event_processor.h"
+#include "resource_violation_event.h"
 
 struct audit_listener {
         struct faultd_module module;
@@ -54,11 +57,6 @@ enum {
        KEY_UNKNOWN,
 };
 
-struct event {
-       time_t timestamp;
-       int pid;
-};
-
 static int str2key(char *p, int len)
 {
        if (strncmp(p, "pid", len) == 0)
@@ -67,7 +65,8 @@ static int str2key(char *p, int len)
        return KEY_UNKNOWN;
 }
 
-static int parse_event(char *message, int len, struct event *event)
+static int parse_event(char *message, int len,
+                       struct resource_violation_event *event)
 {
        char *p = message;
        char *e;
@@ -78,8 +77,8 @@ static int parse_event(char *message, int len, struct event *event)
                return -1;
 
        ++p;
-       event->timestamp = strtol(p, &p, 10);
-        event->pid = 0;
+       event->detection_time = strtol(p, &p, 10);
+        event->service.pid = 0;
 
        while ((p = strchr(p, ' ')) != 0) {
                ++p;
@@ -91,7 +90,7 @@ static int parse_event(char *message, int len, struct event *event)
 
                switch (key) {
                case KEY_PID:
-                       event->pid = strtol(p, &p, 10);
+                       event->service.pid = strtol(p, &p, 10);
                        break;
                default:
                        break;
@@ -105,8 +104,11 @@ static int audit_handler(sd_event_source *s, int fd, uint32_t revents, void *use
 {
        struct audit_reply reply;
        int ret;
-       struct event ev;
-
+        struct rv_ev_data rv_ev_data = {
+                .resource_type = FAULTD_RESOURCE_FD,
+        };
+        struct faultd_event *ev;
+        
        ret = audit_get_reply(fd, &reply, GET_REPLY_NONBLOCKING, 0);
        if (ret < 0) {
                log_error("Could not get reply.\n");
@@ -117,15 +119,44 @@ static int audit_handler(sd_event_source *s, int fd, uint32_t revents, void *use
                return 0;
 
        reply.message[reply.len] = '\0';
-       ret = parse_event(reply.message, reply.len, &ev);
+       ret = parse_event(reply.message, reply.len, &rv_ev_data);
        if (ret < 0) {
                log_error("Could not parse event\n");
                return ret;
        }
 
-       log_debug("timestamp = %ld, pid = %d\n", ev.timestamp, ev.pid);
+        log_debug("Got audit event: timestamp = %ld, pid = %d",
+                  rv_ev_data.detection_time, rv_ev_data.service.pid);
+
+        ret = system_service_init(rv_ev_data.service.pid, NULL,
+                                  &rv_ev_data.service);
+        if (ret) {
+                log_info("Got resource violation but not from service. Dropping.");
+                return 0;
+        }
+
+        ret = faultd_event_create(RESOURCE_VIOLATION_EVENT_ID, &rv_ev_data, &ev);
+        if (ret) {
+                log_error("Unable to allocate event");
+                goto cleanup_service;
+        }
+
+        ret = event_processor_report_event(ev);
+        if (ret) {
+                log_error("Unable to report event");
+                goto put_event;
+        }
 
        return 0;
+
+put_event:
+        faultd_event_put(ev);
+        return ret;
+
+cleanup_service:
+        system_service_cleanup(&rv_ev_data.service);
+
+        return ret;
 }
 
 static int audit_listener_init(struct faultd_module *module, sd_event *event)