instance.object.uid = std::stoul(value);
} else if (name == "ogid") {
instance.object.gid = std::stoul(value);
+ } else if (name == "dev") {
+ instance.object.dev = value;
} else if (name == "key") { /* tag */
if (value != "(null)" && instance.tag != "smack") {
instance.tag = value;
std::string label;
std::string name;
std::string socketAddr;
+ std::string dev;
pid_t pid = UINT_MAX;
ino_t inode = UINT_MAX;
} object;
return AUDIT_TRAIL_ERROR_NONE;
}
+int audit_system_log_get_object_dev(audit_system_log_h handle, dev_t *dev)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(dev, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ const auto &log = GetSystemLog(handle).log;
+ std::string devString = log.object.dev;
+ std::string delimiter = ":";
+ unsigned int majorNum, minorNum;
+
+ if (devString.size() != 0) {
+ majorNum = std::stoul(devString.substr(0, devString.find(delimiter)), 0, 16);
+ minorNum = std::stoul(devString.substr(devString.find(delimiter) + 1), 0, 16);
+ *dev = makedev(majorNum, minorNum);
+ } else {
+ return AUDIT_TRAIL_ERROR_NO_DATA;
+ }
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
int audit_system_log_get_action_systemcall(audit_system_log_h handle, unsigned int *systemcall)
{
RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
*/
AUDIT_TRAIL_API int audit_system_log_get_object_sockaddr(audit_system_log_h handle, struct sockaddr *addr, int *family);
+/**
+ * @brief Get the object dev field from the system audit log
+ * @details This API can be used to get the object the minor and major ID of the device
+ * in each system audit logs.
+ * @since_tizen 5.0
+ * @param[in] handle The system audit log handle
+ * @param[out] dev The object the minor and major ID of the device
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #AUDIT_TRAIL_ERROR_NO_DATA no data
+ */
+AUDIT_TRAIL_API int audit_system_log_get_object_dev(audit_system_log_h handle, dev_t *dev);
+
/**
* @brief Get which systemcalls made the system log
* @details This API can be used to get the systemcall caused a system log in
log.object.type, log.object.uid, log.object.gid,
log.object.mode, log.object.label,
log.object.name, log.object.socketAddr,
- log.object.pid, log.object.inode,
+ log.object.dev, log.object.pid, log.object.inode,
log.action.systemCall, log.action.exitCode,
log.action.args[0], log.action.args[1],
log.action.args[2], log.action.args[3]);
ino_t obj_inode;
struct sockaddr_un addr_un;
struct sockaddr_in addr_in;
+ dev_t obj_dev;
audit_system_log_get_object_type(log, &obj_type);
audit_system_log_get_object_name(log, &obj_name);
audit_system_log_get_object_pid(log, &obj_pid);
audit_system_log_get_object_permission(log, &obj_mode);
audit_system_log_get_object_inode(log, &obj_inode);
+ audit_system_log_get_object_dev(log, &obj_dev);
audit_system_log_get_object_sockaddr(log, NULL, &sock_family);
if (sock_family == AF_UNIX) {
case OBJECT_TYPE_FILE:
str << "type=file" << ",name=" << obj_name << ",label=" << obj_label
<< ",inode=" << obj_inode << ",mode=" << CONVERT_OCT(obj_mode)
- << ",uid=" << obj_uid << ",gid=" << obj_gid;
+ << ",uid=" << obj_uid << ",gid=" << obj_gid << ",dev=" << CONVERT_HEX(major(obj_dev)) << ":" << CONVERT_HEX(minor(obj_dev));
break;
case OBJECT_TYPE_SOCKET:
{
projects / platform / core / security / audit-trail.git / commitdiff