projects / platform / core / security / audit-trail.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 360851a)
Plugin : Change not to leave logs about that open() failed by ENOENT 21/184321/2
authorSungbae Yoo <sungbae.yoo@samsung.com>
Tue, 17 Jul 2018 07:53:09 +0000 (16:53 +0900)
committerGerrit Code Review <gerrit@review.ap-northeast-2.compute.internal>
Mon, 23 Jul 2018 06:34:15 +0000 (06:34 +0000)
Library traversal tries a bunch of trials to find arch-dependent libraries.
It causes a lot of false-positive logs so we decided not to do that.

Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I29307439f555511747f3de7410eab254eff35452

plugins/base-rule-set.cpp patch | blob | history
plugins/base-rule-set.h patch | blob | history
plugins/nispom.cpp patch | blob | history
plugins/stig.cpp patch | blob | history

diff --git a/plugins/base-rule-set.cpp b/plugins/base-rule-set.cpp
index bb0f2e3faa23b6d5df66f4468178b67e07bab88d..4ba9f5f0d9c44ce4c13907180cc3c1b0f1569b61 100644 (file)
--- a/plugins/base-rule-set.cpp
+++ b/plugins/base-rule-set.cpp
@@ -628,3 +628,16 @@ void BaseRuleSet::changeNetConfig(Result result)
                "/opt/etc/wpa_supplicant",
        }, Rule::Perm::w | Rule::Perm::a, result);
 }
+
+void BaseRuleSet::neverAccessFailedByNoEntry()
+{
+       Rule rule(Action::Never);
+#ifdef __NR_open
+       rule + __NR_open;
+#endif
+       rule + __NR_openat;
+
+       rule << SyscallExit(-ENOENT);
+
+       add(rule);
+}
diff --git a/plugins/base-rule-set.h b/plugins/base-rule-set.h
index 19d282a289b69b6ada49af8721ea81bd73b27d7d..add47a838c9bf29ccf014d4d4a31d13762febe25 100644 (file)
--- a/plugins/base-rule-set.h
+++ b/plugins/base-rule-set.h
@@ -61,6 +61,8 @@ protected:
 
        void changeNetConfig(Result result = All);
 
+       void neverAccessFailedByNoEntry();
+
 private:
        void addDir(const std::vector<std::string>& dirs, unsigned int perm,
                                        Result result);
diff --git a/plugins/nispom.cpp b/plugins/nispom.cpp
index 7899d907db04a27a4ece2e947a314eac94f06564..7f2b66e795e884fb2901fecc357e067f6505b7f4 100644 (file)
--- a/plugins/nispom.cpp
+++ b/plugins/nispom.cpp
@@ -27,6 +27,7 @@ void Nispom::initialize()
 {
        useAudit();
 
+       neverAccessFailedByNoEntry();
        accessFile(Result::FailedOnly);
        moveFile(Result::FailedOnly);
        createSpecialFile(Result::FailedOnly);
diff --git a/plugins/stig.cpp b/plugins/stig.cpp
index b81e2871545750e28feb1d14cff5cf4dda2db4bc..bd56694b58856ca476ce3eecf0eadc2bae32f92d 100644 (file)
--- a/plugins/stig.cpp
+++ b/plugins/stig.cpp
@@ -25,6 +25,7 @@ private:
 
 void Stig::initialize()
 {
+       neverAccessFailedByNoEntry();
        accessFile(Result::FailedOnly);
        moveFile();
        changeFileDAC();
Domain: Security / Access Control;