Add never rules to optimized rule list

Change-Id: I4a51c6805f4a0954f6e596d85ac0d62f08a804dc
Signed-off-by: seolheui kim <s414.kim@samsung.com>

diff --git a/lib/audit-rule/rule.cpp b/lib/audit-rule/rule.cpp
index ab4bd05818a72ac81e23c7c11da733a56ddee427..bb49fa204f603ca0f854e951c49337a0b8ba9be6 100644 (file)
--- a/lib/audit-rule/rule.cpp
+++ b/lib/audit-rule/rule.cpp
@@ -115,7 +115,7 @@ void Rule::set(Filter filter)
 
 void Rule::setMask()
 {
-       std::fill_n(ruleData()->mask, AUDIT_BITMASK_SIZE, ~0);
+       std::fill_n(ruleData()->mask, AUDIT_BITMASK_SIZE/2, ~0);
 }
 
 void Rule::setMask(unsigned int syscall)
@@ -138,7 +138,7 @@ void Rule::setMask(const std::vector<unsigned int> &mask)
 
 void Rule::unsetMask()
 {
-       std::fill_n(ruleData()->mask, AUDIT_BITMASK_SIZE, 0);
+       std::fill_n(ruleData()->mask, AUDIT_BITMASK_SIZE/2, 0);
 }
 
 void Rule::unsetMask(unsigned int syscall)

diff --git a/server/rule-apply-engine.cpp b/server/rule-apply-engine.cpp
index e78e0a4f6ce3ce9b24b3bf34504592ea6bd5ef22..5fb62dfe0d284b8504049550ff196eea648c8526 100644 (file)
--- a/server/rule-apply-engine.cpp
+++ b/server/rule-apply-engine.cpp
@@ -13,11 +13,18 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License
  */
-
+#include <asm/unistd.h>
 #include "rule-apply-engine.h"
 
+namespace {
+const unsigned int alwaysSyscalls[] = {
+//TBD : to be added always syscall
+};
+}
+
 RuleApplyEngine::RuleApplyEngine()
 {
+       addNeverRules();
 }
 
 RuleApplyEngine::~RuleApplyEngine()
@@ -35,6 +42,7 @@ void RuleApplyEngine::addRule(Audit &audit, const std::vector<char> &data)
 
        removeAll(audit);
        optimize(rule);
+       applyNeverRules();
        addAll(audit);
 }
 
@@ -50,11 +58,16 @@ void RuleApplyEngine::removeRule(Audit &audit, const std::vector<char> &data)
 
        removeAll(audit);
        optimizedList.clear();
+       addNeverRules();
 
        for (auto r : adminList) {
                optimize(r);
        }
-       addAll(audit);
+
+       if (optimizedList.size() > 1) {
+               applyNeverRules();
+               addAll(audit);
+       }
 }
 
 RuleApplyEngine::RuleList RuleApplyEngine::getRules() const
@@ -80,7 +93,7 @@ void RuleApplyEngine::optimize(Rule &rule)
 {
        rule.unsetCondition(FieldType::Tag);
 
-       for (auto r = optimizedList.begin(); r != optimizedList.end(); r++) {
+       for (auto r = optimizedList.begin()+1; r != optimizedList.end(); r++) {
                if (*r == rule)
                        return;
 
@@ -92,3 +105,22 @@ void RuleApplyEngine::optimize(Rule &rule)
        if (!rule.getMask().empty())
                optimizedList.emplace_back(rule);
 }
+
+void RuleApplyEngine::addNeverRules()
+{
+       if (optimizedList.empty()) {
+               Rule syscallNeverRule(Action::Never);
+               optimizedList.emplace_front(syscallNeverRule);
+       }
+}
+
+void RuleApplyEngine::applyNeverRules()
+{
+       optimizedList[0].setMask();
+       for (auto syscall : alwaysSyscalls) {
+               optimizedList[0].unsetMask(syscall);
+       }
+       for (auto r = optimizedList.begin()+1; r != optimizedList.end(); r++) {
+               optimizedList[0].unsetMask(r->getMask());
+       }
+}

diff --git a/server/rule-apply-engine.h b/server/rule-apply-engine.h
index 0270f0ceaeadcbadb8d86c551273ca37aa834b64..92808de5a728f841e9c97cfa674c947d714f4147 100644 (file)
--- a/server/rule-apply-engine.h
+++ b/server/rule-apply-engine.h
@@ -38,6 +38,8 @@ private:
        void addAll(Audit &audit);
 
        void optimize(Rule &r);
+       void addNeverRules();
+       void applyNeverRules();
 private:
        RuleList optimizedList;
        RuleList adminList;