SET(SOURCES client.cpp
discretionary-access-control.cpp
mandatory-access-control.cpp
+ system-call.cpp
audit-trail/dac.cpp
audit-trail/mac.cpp
+ audit-trail/syscall.cpp
audit-trail/audit-trail.cpp
)
SET(CAPI_INCLUDE_FILES audit-trail/common.h
audit-trail/dac.h
audit-trail/mac.h
+ audit-trail/syscall.h
audit-trail/audit-trail.h
)
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <cstring>
+
+#include "debug.h"
+#include "syscall.h"
+
+#include "client.h"
+#include "rmi/system-call.h"
+
+using namespace AuditTrail;
+
+int audit_trail_foreach_syscall(audit_trail_h handle, audit_trail_string_cb callback, void *user_data)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &client = GetAuditTrailContext(handle);
+ SystemCall systemCall = client.createInterface<SystemCall>();
+
+ int iter = systemCall.createIterator();
+ do {
+ std::string log(systemCall.getIteratorValue(iter));
+ if (log.size() > 0) {
+ callback(log.c_str(), user_data);
+ }
+ } while (systemCall.nextIterator(iter));
+ systemCall.destroyIterator(iter);
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_clear_syscall(audit_trail_h handle)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &client = GetAuditTrailContext(handle);
+ SystemCall systemCall = client.createInterface<SystemCall>();
+ systemCall.clear();
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_add_syscall_cb(audit_trail_h handle, audit_trail_string_cb callback, void* user_data, int *id)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &context = GetAuditTrailContext(handle);
+ int ret = context.subscribeNotification("SystemCall", callback, user_data);
+ if (ret < 0)
+ return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
+
+ *id = ret;
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_remove_syscall_cb(audit_trail_h handle, int callback_id)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(callback_id >= 0, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &context = GetAuditTrailContext(handle);
+ int ret = context.unsubscribeNotification(callback_id);
+ if (ret)
+ return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
--- /dev/null
+/*
+ * Copyright (c) 2075 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __CAPI_AUDIT_TRAIL_SYSTEM_CALL_H__
+#define __CAPI_AUDIT_TRAIL_SYSTEM_CALL_H__
+
+#include <audit-trail/audit-trail.h>
+
+/**
+ * @file dac.h
+ * @brief This file provides APIs to get system call logs
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Retrieves all system call logs that occured in system.
+ * @details This API calls audit_trail_strimg_cb() once for each system call
+ * logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail handle
+ * @param[in] callback The iteration callback function
+ * @param[in] user_data The user data passed to the callback function
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ */
+AUDIT_TRAIL_API int audit_trail_foreach_syscall(audit_trail_h handle, audit_trail_string_cb callback, void *user_data);
+
+/**
+ * @brief Clears all system call logs saved in audit-trail.
+ * @details This API removes all system call logs
+ * collected by audit-trail.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail handle
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ * @see audit_trail_foreach_syscall()
+ */
+AUDIT_TRAIL_API int audit_trail_clear_syscall(audit_trail_h handle);
+
+/**
+ * @brief Adds a system call log callback.
+ * @details This API can be used to receive system call logs of system.
+ * The callback specified to this function is automatically called
+ * when a new log occurs.
+ * @since_tizen 5.0
+ * @param[in] context The audit_trail handle
+ * @param[in] callback The callback to get system call logs
+ * @param[in] user_data The user data passed to the callback function
+ * @param[out] id Callback identifier
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ * @see audit_trail_remove_syscall_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_add_syscall_cb(audit_trail_h handle,
+ audit_trail_string_cb callback, void* user_data,
+ int* id);
+
+/**
+ * @brief Removes the system call log callback.
+ * @details This API can be used to remove the system call logs callback.
+ * @since_tizen 5.0
+ * @param[in] context The audit trail handle
+ * @param[in] id Callback identifier
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @pre The context must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ * @see audit_trail_add_syscall_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_remove_syscall_cb(audit_trail_h handle, int id);
+
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __CAPI_AUDIT_TRAIL_SYSTEM_CALL_H__ */
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include "rmi/system-call.h"
+
+namespace AuditTrail {
+
+SystemCall::SystemCall(AuditTrailControlContext& ctx) :
+ context(ctx)
+{
+}
+
+SystemCall::~SystemCall()
+{
+}
+
+int SystemCall::createIterator()
+{
+ try {
+ return context->methodCall<int>("SystemCall::createIterator");
+ } catch (runtime::Exception& e) {}
+ return -1;
+}
+
+std::string SystemCall::getIteratorValue(int iterator)
+{
+ try {
+ return context->methodCall<std::string>("SystemCall::getIteratorValue", iterator);
+ } catch (runtime::Exception& e) {}
+ return "";
+}
+
+bool SystemCall::nextIterator(int iterator)
+{
+ try {
+ return context->methodCall<bool>("SystemCall::nextIterator", iterator);
+ } catch (runtime::Exception& e) {}
+ return false;
+}
+
+int SystemCall::destroyIterator(int iterator)
+{
+ try {
+ return context->methodCall<int>("SystemCall::destroyIterator", iterator);
+ } catch (runtime::Exception& e) {}
+ return -1;
+}
+
+int SystemCall::clear()
+{
+ try {
+ return context->methodCall<int>("SystemCall::clear");
+ } catch (runtime::Exception& e) {}
+ return 0;
+}
+
+} // namespace AuditTrail
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __AUDIT_TRAIL_SYSTEM_CALL_H__
+#define __AUDIT_TRAIL_SYSTEM_CALL_H__
+
+#include "context.h"
+
+namespace AuditTrail {
+
+/**
+ * This class provides APIs to receive the logs
+ */
+
+class SystemCall final {
+public:
+ SystemCall(AuditTrailControlContext& ctxt);
+ ~SystemCall();
+
+ int createIterator();
+ std::string getIteratorValue(int iterator);
+ bool nextIterator(int iterator);
+ int destroyIterator(int iterator);
+
+ int clear();
+
+private:
+ AuditTrailControlContext& context;
+};
+
+} // namespace AuditTrail
+#endif // __AUDIT_TRAIL_SYSTEM_CALL_H__
#
SET(SERVER_SRCS main.cpp
server.cpp
+ system-call.cpp
mandatory-access-control.cpp
discretionary-access-control.cpp
)
#include "rmi/discretionary-access-control.h"
#include "rmi/mandatory-access-control.h"
+#include "rmi/system-call.h"
#include "server.h"
std::unique_ptr<AuditTrail::DiscretionaryAccessControl> dac;
std::unique_ptr<AuditTrail::MandatoryAccessControl> mac;
+std::unique_ptr<AuditTrail::SystemCall> systemCall;
} // namespace
}
});
- audit.getRules();
-
dac.reset(new AuditTrail::DiscretionaryAccessControl(*this));
mac.reset(new AuditTrail::MandatoryAccessControl(*this));
+ systemCall.reset(new AuditTrail::SystemCall(*this));
}
Server::~Server()
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <fstream>
+
+#include <unistd.h>
+#include <asm/unistd.h>
+
+#include "rmi/system-call.h"
+
+#define AUDIT_RULE_KEY "SystemCall"
+#define PRIVILEGE_PLATFORM "http://tizen.org/privilege/internal/default/platform"
+
+namespace AuditTrail {
+
+namespace {
+
+std::vector<std::string> systemCallLogs;
+
+std::unordered_map<int, unsigned long long> iteratorMap;
+int newIteratorId = 0;
+
+const std::string keyString = " key=\"" AUDIT_RULE_KEY "\"";
+
+} // namespace
+
+
+SystemCall::SystemCall(AuditTrailControlContext &ctx) :
+ context(ctx)
+{
+ context.expose(this, "", (int)(SystemCall::createIterator)());
+ context.expose(this, "", (std::string)(SystemCall::getIteratorValue)(int));
+ context.expose(this, "", (bool)(SystemCall::nextIterator)(int));
+ context.expose(this, "", (int)(SystemCall::destroyIterator)(int));
+ context.expose(this, PRIVILEGE_PLATFORM, (int)(SystemCall::clear)());
+
+ context.createNotification("SystemCall");
+
+ netlink::AuditRule allSyscall;
+
+ allSyscall.setKey(AUDIT_RULE_KEY);
+ allSyscall.setAllSystemCalls();
+
+ try {
+ context.addAuditRule(allSyscall);
+ } catch (runtime::Exception& e) {
+ INFO("Failed to add audit rule");
+ }
+
+ context.setAuditHandler([&ctx] (int type, std::vector<char> &buf) {
+ if (type == AUDIT_SYSCALL) {
+ std::string log(buf.begin(), buf.end());
+ ssize_t keyPos = log.size() - keyString.size();
+
+ if (log.substr(keyPos) == keyString) {
+ log = log.substr(0, keyPos);
+ systemCallLogs.push_back(log);
+ ctx.notify("SystemCall", log);
+ }
+ }
+ });
+}
+
+SystemCall::~SystemCall()
+{
+}
+
+int SystemCall::createIterator()
+{
+ int iteratorId = -1;
+ iteratorMap.erase(newIteratorId);
+ iteratorMap.insert({newIteratorId, 0});
+
+ iteratorId = newIteratorId;
+
+ if (++newIteratorId < 0) {
+ newIteratorId = 0;
+ }
+ return iteratorId;
+}
+
+std::string SystemCall::getIteratorValue(int iterator)
+{
+ auto it = iteratorMap.find(iterator);
+ if (it == iteratorMap.end()) {
+ return "";
+ }
+
+ if (it->second >= systemCallLogs.size()) {
+ return "";
+ }
+
+ return systemCallLogs[it->second];
+}
+
+bool SystemCall::nextIterator(int iterator)
+{
+ auto it = iteratorMap.find(iterator);
+ if (it != iteratorMap.end()) {
+ if (it->second + 1 < systemCallLogs.size()) {
+ it->second++;
+ return true;
+ }
+ }
+ return false;
+}
+
+int SystemCall::destroyIterator(int iterator)
+{
+ auto it = iteratorMap.find(iterator);
+ if (it != iteratorMap.end()) {
+ iteratorMap.erase(it);
+ return 0;
+ }
+ return -1;
+}
+
+int SystemCall::clear()
+{
+ systemCallLogs.clear();
+ return 0;
+}
+
+} // namespace AuditTrail
#include <audit-trail/dac.h>
#include <audit-trail/mac.h>
+#include <audit-trail/syscall.h>
#include <audit-trail/audit-trail.h>
GMainLoop *gmainloop = NULL;
std::cout << "Usage: " << name << " [Option]" << std::endl
<< std::endl
<< "Options :" << std::endl
- << " -s, --show=[dac|mac] show the audit logs" << std::endl
- << " -c, --clear=[dac|mac] clear the audit logs" << std::endl
+ << " -s, --show=[dac|mac|syscall] show the audit logs" << std::endl
+ << " -c, --clear=[dac|mac|syscall] clear the audit logs" << std::endl
<< " -m, --monitor monitor for all audit logs" << std::endl
<< " -h, --help show this" << std::endl
<< std::endl;
audit_trail_foreach_dac(auditTrail, foreachLog, NULL);
} else if (word == "mac") {
audit_trail_foreach_mac(auditTrail, foreachLog, NULL);
+ } else if (word == "syscall") {
+ audit_trail_foreach_syscall(auditTrail, foreachLog, NULL);
}
}
audit_trail_clear_dac(auditTrail);
} else if (word == "mac") {
audit_trail_clear_mac(auditTrail);
+ } else if (word == "syscall") {
+ audit_trail_clear_syscall(auditTrail);
}
}
int monitorLog()
{
- int macCbId, dacCbId;
+ int macCbId, dacCbId, syscallCbId;
audit_trail_h auditTrail;
audit_trail_create(&auditTrail);
audit_trail_add_dac_cb(auditTrail, logCallback, (void*)"\x1B[33m[DAC] ", &dacCbId);
audit_trail_add_mac_cb(auditTrail, logCallback, (void*)"\x1B[31m[MAC] ", &macCbId);
+ audit_trail_add_syscall_cb(auditTrail, logCallback, (void*)"[SystemCall] ", &syscallCbId);
std::cout << "=== Monitoring start ===" << std::endl << std::endl;
audit_trail_remove_dac_cb(auditTrail, dacCbId);
audit_trail_remove_mac_cb(auditTrail, macCbId);
+ audit_trail_remove_syscall_cb(auditTrail, syscallCbId);
std::cout << std::endl << "=== Monitoring end ===" << std::endl;
projects / platform / core / security / audit-trail.git / commitdiff