public:
MOCK_METHOD1(audit_trail_create, int(audit_trail_h *handle));
MOCK_METHOD0(audit_trail_destroy, int());
- MOCK_METHOD2(audit_trail_foreach_dac, int(audit_trail_string_cb callback, void *user_data));
+
+ MOCK_METHOD2(audit_trail_foreach_dac, int(audit_trail_dac_cb callback, void *user_data));
MOCK_METHOD0(audit_trail_clear_dac, int());
- MOCK_METHOD3(audit_trail_add_dac_cb, int(audit_trail_string_cb callback, void* user_data, int* id));
+ MOCK_METHOD3(audit_trail_add_dac_cb, int(audit_trail_dac_cb callback, void* user_data, int* id));
MOCK_METHOD1(audit_trail_remove_dac_cb, int(int id));
MOCK_METHOD1(audit_trail_enable_dac, int(bool en));
MOCK_METHOD1(audit_trail_is_enabled_dac, int(bool *en));
- MOCK_METHOD2(audit_trail_foreach_mac, int(audit_trail_string_cb callback, void *user_data));
+ MOCK_METHOD2(audit_trail_get_dac_time, int(time_t *time, unsigned short *ms));
+ MOCK_METHOD1(audit_trail_get_dac_subject_name, int(const char **name));
+ MOCK_METHOD2(audit_trail_get_dac_subject_owner, int(uid_t *uid, gid_t *gid));
+ MOCK_METHOD2(audit_trail_get_dac_subject_effective_owner, int(uid_t *euid, gid_t *egid));
+ MOCK_METHOD1(audit_trail_get_dac_subject_pid, int(pid_t *pid));
+ MOCK_METHOD1(audit_trail_get_dac_object_name, int(const char **name));
+ MOCK_METHOD2(audit_trail_get_dac_object_owner, int(uid_t *uid, gid_t *gid));
+ MOCK_METHOD1(audit_trail_get_dac_object_mode, int(mode_t *mode));
+ MOCK_METHOD1(audit_trail_get_dac_action_syscall, int(unsigned int *syscall));
+
+ MOCK_METHOD2(audit_trail_foreach_mac, int(audit_trail_mac_cb callback, void *user_data));
MOCK_METHOD0(audit_trail_clear_mac, int());
- MOCK_METHOD3(audit_trail_add_mac_cb, int(audit_trail_string_cb callback, void* user_data, int* id));
+ MOCK_METHOD3(audit_trail_add_mac_cb, int(audit_trail_mac_cb callback, void* user_data, int* id));
MOCK_METHOD1(audit_trail_remove_mac_cb, int(int id));
MOCK_METHOD1(audit_trail_enable_mac, int(bool en));
MOCK_METHOD1(audit_trail_is_enabled_mac, int(bool *en));
- MOCK_METHOD2(audit_trail_foreach_syscall, int(audit_trail_string_cb callback, void *user_data));
+ MOCK_METHOD2(audit_trail_get_mac_time, int(time_t *time, unsigned short *ms));
+ MOCK_METHOD1(audit_trail_get_mac_subject_name, int(const char **name));
+ MOCK_METHOD1(audit_trail_get_mac_subject_label, int(const char **label));
+ MOCK_METHOD1(audit_trail_get_mac_subject_pid, int(pid_t *pid));
+ MOCK_METHOD1(audit_trail_get_mac_object_name, int(const char **name));
+ MOCK_METHOD1(audit_trail_get_mac_object_label, int(const char **label));
+ MOCK_METHOD1(audit_trail_get_mac_action_syscall, int(unsigned int *syscall));
+ MOCK_METHOD1(audit_trail_get_mac_action_request, int(const char **req));
+
+ MOCK_METHOD2(audit_trail_foreach_syscall, int(audit_trail_syscall_cb callback, void *user_data));
MOCK_METHOD0(audit_trail_clear_syscall, int());
- MOCK_METHOD3(audit_trail_add_syscall_cb, int(audit_trail_string_cb callback, void* user_data, int* id));
+ MOCK_METHOD3(audit_trail_add_syscall_cb, int(audit_trail_syscall_cb callback, void* user_data, int* id));
MOCK_METHOD1(audit_trail_remove_syscall_cb, int(int id));
MOCK_METHOD1(audit_trail_enable_syscall, int(bool en));
MOCK_METHOD1(audit_trail_is_enabled_syscall, int(bool *en));
+ MOCK_METHOD2(audit_trail_get_syscall_time, int(time_t *time, unsigned short *ms));
+ MOCK_METHOD1(audit_trail_get_syscall_subject_name, int(const char **name));
+ MOCK_METHOD2(audit_trail_get_syscall_subject_owner, int(uid_t *uid, gid_t *gid));
+ MOCK_METHOD2(audit_trail_get_syscall_subject_effective_owner, int(uid_t *euid, gid_t *egid));
+ MOCK_METHOD1(audit_trail_get_syscall_subject_pid, int(pid_t *pid));
+ MOCK_METHOD1(audit_trail_get_syscall_action_syscall, int(unsigned int *syscall));
+ MOCK_METHOD1(audit_trail_get_syscall_action_exitcode, int(unsigned int *exit));
+
+ MOCK_METHOD2(audit_trail_foreach_user, int(audit_trail_user_cb callback, void *user_data));
+ MOCK_METHOD0(audit_trail_clear_user, int());
+ MOCK_METHOD3(audit_trail_add_user_cb, int(audit_trail_user_cb callback, void* user_data, int* id));
+ MOCK_METHOD1(audit_trail_remove_user_cb, int(int id));
+ MOCK_METHOD1(audit_trail_enable_user, int(bool en));
+ MOCK_METHOD1(audit_trail_is_enabled_user, int(bool *en));
+ MOCK_METHOD2(audit_trail_get_user_time, int(time_t *time, unsigned short *ms));
+ MOCK_METHOD1(audit_trail_get_user_log_type, int(int *type));
+ MOCK_METHOD1(audit_trail_get_user_log_text, int(const char **text));
};
#endif // AUDITTRAILMOCK_H
#include "mock/dac.h"
#include "mock/mac.h"
#include "mock/syscall.h"
+#include "mock/user.h"
#include "mock/audit-trail-stub.h"
static AuditTrailDefaultImpl atrail;
p_atrail = impl;
}
+
int audit_trail_create(audit_trail_h* handle)
{
int ret = p_atrail->audit_trail_create(handle);
return p->audit_trail_destroy();
}
-int audit_trail_foreach_dac(audit_trail_h handle, audit_trail_string_cb callback, void* user_data)
+
+int audit_trail_foreach_dac(audit_trail_h handle, audit_trail_dac_cb callback, void *user_data)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
return p->audit_trail_foreach_dac(callback, user_data);
}
-
int audit_trail_clear_dac(audit_trail_h handle)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
return p->audit_trail_clear_dac();
}
-
-int audit_trail_add_dac_cb(audit_trail_h handle, audit_trail_string_cb callback, void* user_data, int* id)
+int audit_trail_add_dac_cb(audit_trail_h handle, audit_trail_dac_cb callback, void* user_data, int* id)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
return p->audit_trail_add_dac_cb(callback, user_data, id);
}
-
int audit_trail_remove_dac_cb(audit_trail_h handle, int id)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
return p->audit_trail_remove_dac_cb(id);
}
-
int audit_trail_enable_dac(audit_trail_h handle, bool en)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
return p->audit_trail_enable_dac(en);
}
-
-int audit_trail_is_enabled_dac(audit_trail_h handle, bool* en)
+int audit_trail_is_enabled_dac(audit_trail_h handle, bool *en)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
return p->audit_trail_is_enabled_dac(en);
}
+int audit_trail_get_dac_time(audit_trail_dac_h handle, time_t *time, unsigned short *ms)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_dac_time(time, ms);
+}
-int audit_trail_foreach_mac(audit_trail_h handle, audit_trail_string_cb callback, void* user_data)
+int audit_trail_get_dac_subject_name(audit_trail_dac_h handle, const char **name)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_foreach_mac(callback, user_data);
+ return p->audit_trail_get_dac_subject_name(name);
+}
+
+int audit_trail_get_dac_subject_owner(audit_trail_dac_h handle, uid_t *uid, gid_t *gid)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_dac_subject_owner(uid, gid);
+}
+
+int audit_trail_get_dac_subject_effective_owner(audit_trail_dac_h handle, uid_t *euid, gid_t *egid)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_dac_subject_effective_owner(euid, egid);
}
+int audit_trail_get_dac_subject_pid(audit_trail_dac_h handle, pid_t *pid)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_dac_subject_pid(pid);
+}
+
+int audit_trail_get_dac_object_name(audit_trail_dac_h handle, const char **name)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_dac_object_name(name);
+}
+
+int audit_trail_get_dac_object_owner(audit_trail_dac_h handle, uid_t *uid, gid_t *gid)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_dac_object_owner(uid, gid);
+}
+
+int audit_trail_get_dac_object_mode(audit_trail_dac_h handle, mode_t *mode)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_dac_object_mode(mode);
+}
+
+int audit_trail_get_dac_action_syscall(audit_trail_dac_h handle, unsigned int *syscall)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_dac_action_syscall(syscall);
+}
+
+
+int audit_trail_foreach_mac(audit_trail_h handle, audit_trail_mac_cb callback, void *user_data)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_foreach_mac(callback, user_data);
+}
int audit_trail_clear_mac(audit_trail_h handle)
{
return p->audit_trail_clear_mac();
}
-
-int audit_trail_add_mac_cb(audit_trail_h handle, audit_trail_string_cb callback, void* user_data, int* id)
+int audit_trail_add_mac_cb(audit_trail_h handle, audit_trail_mac_cb callback, void* user_data, int* id)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
return p->audit_trail_add_mac_cb(callback, user_data, id);
}
-
int audit_trail_remove_mac_cb(audit_trail_h handle, int id)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
return p->audit_trail_remove_mac_cb(id);
}
-
int audit_trail_enable_mac(audit_trail_h handle, bool en)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
return p->audit_trail_enable_mac(en);
}
-
-int audit_trail_is_enabled_mac(audit_trail_h handle, bool* en)
+int audit_trail_is_enabled_mac(audit_trail_h handle, bool *en)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
return p->audit_trail_is_enabled_mac(en);
}
+int audit_trail_get_mac_time(audit_trail_mac_h handle, time_t *time, unsigned short *ms)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_mac_time(time, ms);
+}
-int audit_trail_foreach_syscall(audit_trail_h handle, audit_trail_string_cb callback, void* user_data)
+int audit_trail_get_mac_subject_name(audit_trail_mac_h handle, const char **name)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
- return p->audit_trail_foreach_syscall(callback, user_data);
+ return p->audit_trail_get_mac_subject_name(name);
}
+int audit_trail_get_mac_subject_label(audit_trail_mac_h handle, const char **label)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_mac_subject_label(label);
+}
+
+int audit_trail_get_mac_subject_pid(audit_trail_mac_h handle, pid_t *pid)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_mac_subject_pid(pid);
+}
+
+int audit_trail_get_mac_object_name(audit_trail_mac_h handle, const char **name)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_mac_object_name(name);
+}
+
+int audit_trail_get_mac_object_label(audit_trail_mac_h handle, const char **label)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_mac_object_label(label);
+}
+
+int audit_trail_get_mac_action_syscall(audit_trail_mac_h handle, unsigned int *syscall)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_mac_action_syscall(syscall);
+}
+
+int audit_trail_get_mac_action_request(audit_trail_mac_h handle, const char **req)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_mac_action_request(req);
+}
+
+
+int audit_trail_foreach_syscall(audit_trail_h handle, audit_trail_syscall_cb callback, void *user_data)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_foreach_syscall(callback, user_data);
+}
int audit_trail_clear_syscall(audit_trail_h handle)
{
return p->audit_trail_clear_syscall();
}
-
-int audit_trail_add_syscall_cb(audit_trail_h handle, audit_trail_string_cb callback, void* user_data, int* id)
+int audit_trail_add_syscall_cb(audit_trail_h handle, audit_trail_syscall_cb callback, void* user_data, int* id)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
return p->audit_trail_add_syscall_cb(callback, user_data, id);
}
-
int audit_trail_remove_syscall_cb(audit_trail_h handle, int id)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
return p->audit_trail_remove_syscall_cb(id);
}
-
int audit_trail_enable_syscall(audit_trail_h handle, bool en)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
return p->audit_trail_enable_syscall(en);
}
-
-int audit_trail_is_enabled_syscall(audit_trail_h handle, bool* en)
+int audit_trail_is_enabled_syscall(audit_trail_h handle, bool *en)
{
IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
return p->audit_trail_is_enabled_syscall(en);
}
+int audit_trail_get_syscall_time(audit_trail_syscall_h handle, time_t *time, unsigned short *ms)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_syscall_time(time, ms);
+}
+
+int audit_trail_get_syscall_subject_name(audit_trail_syscall_h handle, const char **name)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_syscall_subject_name(name);
+}
+
+int audit_trail_get_syscall_subject_owner(audit_trail_syscall_h handle, uid_t *uid, gid_t *gid)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_syscall_subject_owner(uid, gid);
+}
+
+int audit_trail_get_syscall_subject_effective_owner(audit_trail_syscall_h handle, uid_t *euid, gid_t *egid)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_syscall_subject_effective_owner(euid, egid);
+}
+
+int audit_trail_get_syscall_subject_pid(audit_trail_syscall_h handle, pid_t *pid)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_syscall_subject_pid(pid);
+}
+
+int audit_trail_get_syscall_action_syscall(audit_trail_syscall_h handle, unsigned int *syscall)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_syscall_action_syscall(syscall);
+}
+
+int audit_trail_get_syscall_action_exitcode(audit_trail_syscall_h handle, unsigned int *exit)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_syscall_action_exitcode(exit);
+}
+
+
+int audit_trail_foreach_user(audit_trail_h handle, audit_trail_user_cb callback, void *user_data)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_foreach_user(callback, user_data);
+}
+
+int audit_trail_clear_user(audit_trail_h handle)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_clear_user();
+}
+
+int audit_trail_add_user_cb(audit_trail_h handle, audit_trail_user_cb callback, void* user_data, int* id)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_add_user_cb(callback, user_data, id);
+}
+
+int audit_trail_remove_user_cb(audit_trail_h handle, int id)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_remove_user_cb(id);
+}
+
+int audit_trail_enable_user(audit_trail_h handle, bool en)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_enable_user(en);
+}
+
+int audit_trail_is_enabled_user(audit_trail_h handle, bool *en)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_is_enabled_user(en);
+}
+
+int audit_trail_get_user_time(audit_trail_user_h handle, time_t *time, unsigned short *ms)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_user_time(time, ms);
+}
+
+int audit_trail_get_user_log_type(audit_trail_user_h handle, int *type)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_user_log_type(type);
+}
+
+int audit_trail_get_user_log_text(audit_trail_user_h handle, const char **text)
+{
+ IAuditTrail* p = reinterpret_cast<IAuditTrail*>(handle);
+ return p->audit_trail_get_user_log_text(text);
+}
#ifndef AUDITTRAILSTUB_H
#define AUDITTRAILSTUB_H
-
#include "mock/dac.h"
#include "mock/mac.h"
#include "mock/syscall.h"
+#include "mock/user.h"
class IAuditTrail
{
public:
virtual int audit_trail_create(audit_trail_h *handle) = 0;
virtual int audit_trail_destroy() = 0;
- virtual int audit_trail_foreach_dac(audit_trail_string_cb callback, void *user_data) = 0;
+
+ virtual int audit_trail_foreach_dac(audit_trail_dac_cb callback, void *user_data) = 0;
virtual int audit_trail_clear_dac() = 0;
- virtual int audit_trail_add_dac_cb(audit_trail_string_cb callback, void* user_data, int* id) = 0;
+ virtual int audit_trail_add_dac_cb(audit_trail_dac_cb callback, void* user_data, int* id) = 0;
virtual int audit_trail_remove_dac_cb(int id) = 0;
virtual int audit_trail_enable_dac(bool en) = 0;
virtual int audit_trail_is_enabled_dac(bool *en) = 0;
- virtual int audit_trail_foreach_mac(audit_trail_string_cb callback, void *user_data) = 0;
+ virtual int audit_trail_get_dac_time(time_t *time, unsigned short *ms) = 0;
+ virtual int audit_trail_get_dac_subject_name(const char **name) = 0;
+ virtual int audit_trail_get_dac_subject_owner(uid_t *uid, gid_t *gid) = 0;
+ virtual int audit_trail_get_dac_subject_effective_owner(uid_t *euid, gid_t *egid) = 0;
+ virtual int audit_trail_get_dac_subject_pid(pid_t *pid) = 0;
+ virtual int audit_trail_get_dac_object_name(const char **name) = 0;
+ virtual int audit_trail_get_dac_object_owner(uid_t *uid, gid_t *gid) = 0;
+ virtual int audit_trail_get_dac_object_mode(mode_t *mode) = 0;
+ virtual int audit_trail_get_dac_action_syscall(unsigned int *syscall) = 0;
+
+ virtual int audit_trail_foreach_mac(audit_trail_mac_cb callback, void *user_data) = 0;
virtual int audit_trail_clear_mac() = 0;
- virtual int audit_trail_add_mac_cb(audit_trail_string_cb callback, void* user_data, int* id) = 0;
+ virtual int audit_trail_add_mac_cb(audit_trail_mac_cb callback, void* user_data, int* id) = 0;
virtual int audit_trail_remove_mac_cb(int id) = 0;
virtual int audit_trail_enable_mac(bool en) = 0;
virtual int audit_trail_is_enabled_mac(bool *en) = 0;
- virtual int audit_trail_foreach_syscall(audit_trail_string_cb callback, void *user_data) = 0;
+ virtual int audit_trail_get_mac_time(time_t *time, unsigned short *ms) = 0;
+ virtual int audit_trail_get_mac_subject_name(const char **name) = 0;
+ virtual int audit_trail_get_mac_subject_label(const char **label) = 0;
+ virtual int audit_trail_get_mac_subject_pid(pid_t *pid) = 0;
+ virtual int audit_trail_get_mac_object_name(const char **name) = 0;
+ virtual int audit_trail_get_mac_object_label(const char **label) = 0;
+ virtual int audit_trail_get_mac_action_syscall(unsigned int *syscall) = 0;
+ virtual int audit_trail_get_mac_action_request(const char **req) = 0;
+
+ virtual int audit_trail_foreach_syscall(audit_trail_syscall_cb callback, void *user_data) = 0;
virtual int audit_trail_clear_syscall() = 0;
- virtual int audit_trail_add_syscall_cb(audit_trail_string_cb callback, void* user_data, int* id) = 0;
+ virtual int audit_trail_add_syscall_cb(audit_trail_syscall_cb callback, void* user_data, int* id) = 0;
virtual int audit_trail_remove_syscall_cb(int id) = 0;
virtual int audit_trail_enable_syscall(bool en) = 0;
virtual int audit_trail_is_enabled_syscall(bool *en) = 0;
+ virtual int audit_trail_get_syscall_time(time_t *time, unsigned short *ms) = 0;
+ virtual int audit_trail_get_syscall_subject_name(const char **name) = 0;
+ virtual int audit_trail_get_syscall_subject_owner(uid_t *uid, gid_t *gid) = 0;
+ virtual int audit_trail_get_syscall_subject_effective_owner(uid_t *euid, gid_t *egid) = 0;
+ virtual int audit_trail_get_syscall_subject_pid(pid_t *pid) = 0;
+ virtual int audit_trail_get_syscall_action_syscall(unsigned int *syscall) = 0;
+ virtual int audit_trail_get_syscall_action_exitcode(unsigned int *exit) = 0;
+
+ virtual int audit_trail_foreach_user(audit_trail_user_cb callback, void *user_data) = 0;
+ virtual int audit_trail_clear_user() = 0;
+ virtual int audit_trail_add_user_cb(audit_trail_user_cb callback, void* user_data, int* id) = 0;
+ virtual int audit_trail_remove_user_cb(int id) = 0;
+ virtual int audit_trail_enable_user(bool en) = 0;
+ virtual int audit_trail_is_enabled_user(bool *en) = 0;
+ virtual int audit_trail_get_user_time(time_t *time, unsigned short *ms) = 0;
+ virtual int audit_trail_get_user_log_type(int *type) = 0;
+ virtual int audit_trail_get_user_log_text(const char **text) = 0;
};
void audit_trail_set_implementation(IAuditTrail* impl);
{
return 0;
}
- int audit_trail_foreach_dac(audit_trail_string_cb callback, void *user_data) override
+
+ int audit_trail_foreach_dac(audit_trail_dac_cb callback, void *user_data) override
{
return 0;
}
{
return 0;
}
- int audit_trail_add_dac_cb(audit_trail_string_cb callback, void* user_data, int* id) override
+ int audit_trail_add_dac_cb(audit_trail_dac_cb callback, void* user_data, int* id) override
{
return 0;
}
*en = true;
return 0;
}
- int audit_trail_foreach_mac(audit_trail_string_cb callback, void *user_data) override
+ int audit_trail_get_dac_time(time_t *time, unsigned short *ms) override
+ {
+ *time = 0; *ms = 0;
+ return 0;
+ }
+ int audit_trail_get_dac_subject_name(const char **name) override
+ {
+ *name = "";
+ return 0;
+ }
+ int audit_trail_get_dac_subject_owner(uid_t *uid, gid_t *gid) override
+ {
+ *uid = 0; *gid = 0;
+ return 0;
+ }
+ int audit_trail_get_dac_subject_effective_owner(uid_t *euid, gid_t *egid) override
+ {
+ *euid = 0; *egid = 0;
+ return 0;
+ }
+ int audit_trail_get_dac_subject_pid(pid_t *pid) override
+ {
+ *pid = 0;
+ return 0;
+ }
+ int audit_trail_get_dac_object_name(const char **name) override
+ {
+ *name = "";
+ return 0;
+ }
+ int audit_trail_get_dac_object_owner(uid_t *uid, gid_t *gid) override
+ {
+ *uid = 0; *gid = 0;
+ return 0;
+ }
+ int audit_trail_get_dac_object_mode(mode_t *mode) override
+ {
+ *mode = 0;
+ return 0;
+ }
+ int audit_trail_get_dac_action_syscall(unsigned int *syscall) override
+ {
+ *syscall = 0;
+ return 0;
+ }
+
+ int audit_trail_foreach_mac(audit_trail_mac_cb callback, void *user_data) override
{
return 0;
}
{
return 0;
}
- int audit_trail_add_mac_cb(audit_trail_string_cb callback, void* user_data, int* id) override
+ int audit_trail_add_mac_cb(audit_trail_mac_cb callback, void* user_data, int* id) override
{
return 0;
}
*en = true;
return 0;
}
- int audit_trail_foreach_syscall(audit_trail_string_cb callback, void *user_data) override
+ int audit_trail_get_mac_time(time_t *time, unsigned short *ms) override
+ {
+ *time = 0; *ms = 0;
+ return 0;
+ }
+ int audit_trail_get_mac_subject_name(const char **name) override
+ {
+ *name = "";
+ return 0;
+ }
+ int audit_trail_get_mac_subject_label(const char **label) override
+ {
+ *label = "";
+ return 0;
+ }
+ int audit_trail_get_mac_subject_pid(pid_t *pid) override
+ {
+ *pid = 0;
+ return 0;
+ }
+ int audit_trail_get_mac_object_name(const char **name) override
+ {
+ *name = "";
+ return 0;
+ }
+ int audit_trail_get_mac_object_label(const char **label) override
+ {
+ *label = "";
+ return 0;
+ }
+ int audit_trail_get_mac_action_syscall(unsigned int *syscall) override
+ {
+ *syscall = 0;
+ return 0;
+ }
+ int audit_trail_get_mac_action_request(const char **req) override
+ {
+ *req = "";
+ return 0;
+ }
+
+ int audit_trail_foreach_syscall(audit_trail_syscall_cb callback, void *user_data) override
{
return 0;
}
{
return 0;
}
- int audit_trail_add_syscall_cb(audit_trail_string_cb callback, void* user_data, int* id) override
+ int audit_trail_add_syscall_cb(audit_trail_syscall_cb callback, void* user_data, int* id) override
{
return 0;
}
*en = true;
return 0;
}
+ int audit_trail_get_syscall_time(time_t *time, unsigned short *ms) override
+ {
+ *time = 0; *ms = 0;
+ return 0;
+ }
+ int audit_trail_get_syscall_subject_name(const char **name) override
+ {
+ *name = "";
+ return 0;
+ }
+ int audit_trail_get_syscall_subject_owner(uid_t *uid, gid_t *gid) override
+ {
+ *uid = 0; *gid = 0;
+ return 0;
+ }
+ int audit_trail_get_syscall_subject_effective_owner(uid_t *euid, gid_t *egid) override
+ {
+ *euid = 0; *egid = 0;
+ return 0;
+ }
+ int audit_trail_get_syscall_subject_pid(pid_t *pid) override
+ {
+ *pid = 0;
+ return 0;
+ }
+ int audit_trail_get_syscall_action_syscall(unsigned int *syscall) override
+ {
+ *syscall = 0;
+ return 0;
+ }
+ int audit_trail_get_syscall_action_exitcode(unsigned int *exit) override
+ {
+ *exit = 0;
+ return 0;
+ }
+
+ int audit_trail_foreach_user(audit_trail_user_cb callback, void *user_data) override
+ {
+ return 0;
+ }
+ int audit_trail_clear_user() override
+ {
+ return 0;
+ }
+ int audit_trail_add_user_cb(audit_trail_user_cb callback, void* user_data, int* id) override
+ {
+ return 0;
+ }
+ int audit_trail_remove_user_cb(int id) override
+ {
+ return 0;
+ }
+ int audit_trail_enable_user(bool en) override
+ {
+ return 0;
+ }
+ int audit_trail_is_enabled_user(bool *en) override
+ {
+ *en = true;
+ return 0;
+ }
+ int audit_trail_get_user_time(time_t *time, unsigned short *ms) override
+ {
+ *time = 0; *ms = 0;
+ return 0;
+ }
+ int audit_trail_get_user_log_type(int *type) override
+ {
+ *type = 0;
+ return 0;
+ }
+ int audit_trail_get_user_log_text(const char **text) override
+ {
+ *text = "";
+ return 0;
+ }
};
#endif // AUDITTRAILSTUB_H
#endif
/**
+ * @addtogroup Common
+ * @{
+ */
+
+/**
* @brief The audit-trail handle
* @details The audit-trail handle is an abstraction of the logical
* connection between the audit-trail manager and it's client.
#ifndef __CAPI_AUDIT_TRAIL_COMMON_H__
#define __CAPI_AUDIT_TRAIL_COMMON_H__
+/**
+ * @file common.h
+ * @brief This file defines common data types required to audit-trail APIs.
+ */
+
#ifndef AUDIT_TRAIL_API
#define AUDIT_TRAIL_API
#endif // API
#endif
/**
- * @addtogroup CAPI_AUDIT_TRAIL_MODULE
+ * @addtogroup Common
* @{
*/
AUDIT_TRAIL_ERROR_NOT_SUPPORTED,
AUDIT_TRAIL_ERROR_OUT_OF_MEMORY,
AUDIT_TRAIL_ERROR_NOT_PERMITTED,
- AUDIT_TRAIL_ERROR_NO_DATA
+ AUDIT_TRAIL_ERROR_NO_DATA,
} audit_trail_error_type_e;
/**
- * @brief Called to get all strings in an array
- * @since_tizen 5.0
- * @param[in] log Each string in an array
- * @param[in] user_data The user data passed from the function
- * @see audit_trail_add_log_cb
- * @see audit_trail_remove_log_cb
- * @see audit_trail_foreach_smack
- */
-typedef void (*audit_trail_string_cb)(const char* log, void* user_data);
-
-/**
* @}
*/
#ifndef __CAPI_AUDIT_TRAIL_DAC_H__
#define __CAPI_AUDIT_TRAIL_DAC_H__
+#include <time.h>
+#include <unistd.h>
+#include <sys/stat.h>
+
#include "audit-trail.h"
/**
#endif
/**
+ * @addtogroup DAC Discretionary Access Control
+ * @{
+ */
+
+/**
+ * @brief The audit-trail DAC log handle
+ * @details The audit-trail DAC log handle is an abstraction of the DAC log
+ * data. This can be used to get information of each log.
+ * This must be used in audit_trail_dac_cb() and not be freed,
+ * because this will be freed internally.
+ * @since_tizen 5.0
+ * @see audit_trail_dac_cb()
+ */
+typedef void* audit_trail_dac_h;
+
+/**
+ * @brief Called to get all DAC logs in an array
+ * @since_tizen 5.0
+ * @param[in] handle The handle of each DAC logs
+ * @param[in] user_data The user data passed from the function
+ * @see audit_trail_add_dac_cb
+ * @see audit_trail_remove_dac_cb
+ * @see audit_trail_foreach_dac
+ */
+typedef void (*audit_trail_dac_cb)(audit_trail_dac_h handle, void* user_data);
+
+/**
* @brief Retrieves all DAC logs that occured in system.
- * @details This API calls audit_trail_string_cb() once for each DAC
+ * @details This API calls audit_trail_dac_cb() once for each DAC
* (Discretionary Access Control) logs collected by audit-trail
* when DAC auditing is enabled.
* @since_tizen 5.0
* @see audit_trail_destroy()
* @see audit_trail_enable_dac()
*/
-AUDIT_TRAIL_API int audit_trail_foreach_dac(audit_trail_h handle, audit_trail_string_cb callback, void *user_data);
+AUDIT_TRAIL_API int audit_trail_foreach_dac(audit_trail_h handle, audit_trail_dac_cb callback, void *user_data);
/**
* @brief Clears all DAC logs saved in audit-trail.
* @see audit_trail_remove_dac_cb()
*/
AUDIT_TRAIL_API int audit_trail_add_dac_cb(audit_trail_h handle,
- audit_trail_string_cb callback, void* user_data,
+ audit_trail_dac_cb callback, void* user_data,
int* id);
/**
AUDIT_TRAIL_API int audit_trail_is_enabled_dac(audit_trail_h handle, bool *en);
/**
+ * @brief Get the time of the DAC log
+ * @details This API can be used to get when the DAC log occured.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail DAC log handle
+ * @param[out] time The time as UNIX epoch timestamp
+ * @param[out] ms milliseconds of the time
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_dac_time(audit_trail_dac_h handle, time_t *time, unsigned short *ms);
+
+/**
+ * @brief Get the subject name of the DAC log
+ * @details This API can be used to get the subject names in each DAC logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail DAC log handle
+ * @param[out] name The subject name
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @post The subject name must not be freed.
+ */
+AUDIT_TRAIL_API int audit_trail_get_dac_subject_name(audit_trail_dac_h handle, const char **name);
+
+/**
+ * @brief Get subject owner's user and group ID of the DAC log
+ * @details This API can be used to get subject owner's user ID and group ID
+ * in each DAC logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail DAC log handle
+ * @param[out] uid The subject user ID
+ * @param[out] gid The subject group ID
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_dac_subject_owner(audit_trail_dac_h handle, uid_t *uid, gid_t *gid);
+
+/**
+ * @brief Get subject effective owner's user and group ID of the DAC log
+ * @details This API can be used to get subject effective owner's user and
+ * group ID in each DAC logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail DAC log handle
+ * @param[out] euid The subject effective user ID
+ * @param[out] egid The subject effective group ID
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_dac_subject_effective_owner(audit_trail_dac_h handle, uid_t *euid, gid_t *egid);
+
+/**
+ * @brief Get the subject process ID of the DAC log
+ * @details This API can be used to get the subject process ID in
+ * each DAC logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail DAC log handle
+ * @param[out] pid The subject process ID
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_dac_subject_pid(audit_trail_dac_h handle, pid_t *pid);
+
+/**
+ * @brief Get the object name of the DAC log
+ * @details This API can be used to get the object names in each DAC logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail DAC log handle
+ * @param[out] name The object name
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @post The object name must not be freed.
+ */
+AUDIT_TRAIL_API int audit_trail_get_dac_object_name(audit_trail_dac_h handle, const char **name);
+
+/**
+ * @brief Get object owner's user and group ID of the DAC log
+ * @details This API can be used to get object owner's user ID and group ID
+ * in each DAC logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail DAC log handle
+ * @param[out] uid The object user ID if exists, otherwise UINT_MAX
+ * @param[out] gid The object group ID if exists, otherwise UINT_MAX
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_dac_object_owner(audit_trail_dac_h handle, uid_t *uid, gid_t *gid);
+
+/**
+ * @brief Get object file mode bits of the DAC log
+ * @details This API can be used to get object file mode bits in each DAC
+ * logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail DAC log handle
+ * @param[out] mode The object file mode bits if exists, otherwise UINT_MAX
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_dac_object_mode(audit_trail_dac_h handle, mode_t *mode);
+
+/**
+ * @brief Get the system call number of the DAC log
+ * @details This API can be used to get the system call number in each DAC
+ * logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail DAC log handle
+ * @param[out] syscall the system call number
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_dac_action_syscall(audit_trail_dac_h handle, unsigned int *syscall);
+
+/**
* @}
*/
#ifndef __CAPI_AUDIT_TRAIL_MAC_H__
#define __CAPI_AUDIT_TRAIL_MAC_H__
+#include <time.h>
+#include <unistd.h>
+
#include "audit-trail.h"
/**
#endif
/**
+ * @addtogroup MAC Mandatory Access Control
+ * @{
+ */
+
+/**
+ * @brief The audit-trail MAC log handle
+ * @details The audit-trail MAC log handle is an abstraction of the MAC log
+ * data. This can be used to get information of each log.
+ * This must be used only in audit_trail_mac_cb() and not be freed,
+ * because this will be freed internally.
+ * @since_tizen 5.0
+ * @see audit_trail_mac_cb()
+ */
+typedef void* audit_trail_mac_h;
+
+/**
+ * @brief Called to get all MAC logs in an array
+ * @since_tizen 5.0
+ * @param[in] handle The handle of each MAC logs
+ * @param[in] user_data The user data passed from the function
+ * @see audit_trail_add_mac_cb
+ * @see audit_trail_remove_mac_cb
+ * @see audit_trail_foreach_mac
+ */
+typedef void (*audit_trail_mac_cb)(audit_trail_mac_h handle, void* user_data);
+
+/**
* @brief Retrieves all MAC logs that occured in system.
- * @details This API calls audit_trail_string_cb() once for each MAC
+ * @details This API calls audit_trail_mac_cb() once for each MAC
* (Mandatory Access Control) logs collected by audit-trail
* when MAC auditing is enabled.
* @since_tizen 5.0
* @see audit_trail_destroy()
* @see audit_trail_enable_mac()
*/
-AUDIT_TRAIL_API int audit_trail_foreach_mac(audit_trail_h handle, audit_trail_string_cb callback, void *user_data);
+AUDIT_TRAIL_API int audit_trail_foreach_mac(audit_trail_h handle, audit_trail_mac_cb callback, void *user_data);
/**
* @brief Clears all MAC logs saved in audit-trail.
* @see audit_trail_remove_mac_cb()
*/
AUDIT_TRAIL_API int audit_trail_add_mac_cb(audit_trail_h handle,
- audit_trail_string_cb callback, void* user_data,
+ audit_trail_mac_cb callback, void* user_data,
int* id);
/**
AUDIT_TRAIL_API int audit_trail_is_enabled_mac(audit_trail_h handle, bool *en);
/**
+ * @brief Get the time of the MAC log
+ * @details This API can be used to get when the MAC log occured.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail MAC log handle
+ * @param[out] time The time as UNIX epoch timestamp
+ * @param[out] ms milliseconds of the time
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_mac_time(audit_trail_mac_h handle, time_t *time, unsigned short *ms);
+
+/**
+ * @brief Get the subject name of the MAC log
+ * @details This API can be used to get the subject names in each MAC logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail MAC log handle
+ * @param[out] name The subject name
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @post The subject name must not be freed.
+ */
+AUDIT_TRAIL_API int audit_trail_get_mac_subject_name(audit_trail_mac_h handle, const char **name);
+
+/**
+ * @brief Get the subject label of the MAC log
+ * @details This API can be used to get the subject labels in each MAC logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail MAC log handle
+ * @param[out] label The subject label
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @post The subject label must not be freed.
+ */
+AUDIT_TRAIL_API int audit_trail_get_mac_subject_label(audit_trail_mac_h handle, const char **label);
+
+/**
+ * @brief Get the subject process ID of the MAC log
+ * @details This API can be used to get the subject process ID in
+ * each MAC logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail MAC log handle
+ * @param[out] pid The subject process ID
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_mac_subject_pid(audit_trail_mac_h handle, pid_t *pid);
+
+/**
+ * @brief Get the object name of the MAC log
+ * @details This API can be used to get the object names in each MAC logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail MAC log handle
+ * @param[out] name The object name
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @post The object name must not be freed.
+ */
+AUDIT_TRAIL_API int audit_trail_get_mac_object_name(audit_trail_mac_h handle, const char **name);
+
+/**
+ * @brief Get the object label of the MAC log
+ * @details This API can be used to get the object labels in each MAC logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail MAC log handle
+ * @param[out] label The object label
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @post The object label must not be freed.
+ */
+AUDIT_TRAIL_API int audit_trail_get_mac_object_label(audit_trail_mac_h handle, const char **label);
+
+/**
+ * @brief Get the function name of the MAC log
+ * @details This API can be used to get the function that causes a MAC log.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail MAC log handle
+ * @param[out] syscall the system call number
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @post The function name must not be freed.
+ */
+AUDIT_TRAIL_API int audit_trail_get_mac_action_syscall(audit_trail_mac_h handle, unsigned int *syscall);
+
+/**
+ * @brief Get what operation is requested by the function of the MAC log
+ * @details This API can be used to get what operation such as rwx (Read,
+ * Write, eXcute) is requested by the function that causes a NAC
+ * log.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail MAC log handle
+ * @param[out] req The requested operation
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @post The requested operation must not be freed.
+ */
+AUDIT_TRAIL_API int audit_trail_get_mac_action_request(audit_trail_mac_h handle, const char **req);
+
+/**
* @}
*/
/*
- * Copyright (c) 2075 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#ifndef __CAPI_AUDIT_TRAIL_SYSTEM_CALL_H__
#define __CAPI_AUDIT_TRAIL_SYSTEM_CALL_H__
+#include <time.h>
+#include <unistd.h>
+
#include "audit-trail.h"
/**
#endif
/**
+ * @addtogroup System-call
+ * @{
+ */
+
+/**
+ * @brief The audit-trail system call log handle
+ * @details The audit-trail system call log handle is an abstraction of the system call log
+ * data. This can be used to get information of each log.
+ * This must be used in audit_trail_syscall_cb() and not be freed,
+ * because this will be freed internally.
+ * internally.
+ * @since_tizen 5.0
+ * @see audit_trail_syscall_cb()
+ */
+typedef void* audit_trail_syscall_h;
+
+/**
+ * @brief Called to get all system call logs in an array
+ * @since_tizen 5.0
+ * @param[in] handle The handle of each system call logs
+ * @param[in] user_data The user data passed from the function
+ * @see audit_trail_add_syscall_cb
+ * @see audit_trail_remove_syscall_cb
+ * @see audit_trail_foreach_syscall
+ */
+typedef void (*audit_trail_syscall_cb)(audit_trail_syscall_h handle, void* user_data);
+
+/**
* @brief Retrieves all system call logs that occured in system.
- * @details This API calls audit_trail_strimg_cb() once for each system call
- * logs collected by audit-trail when system call auditing is enabled.
+ * @details This API calls audit_trail_syscall_cb() once for each system
+ * call logs collected by audit-trail when system call auditing
+ * is enabled.
* @since_tizen 5.0
* @param[in] handle The audit-trail handle
* @param[in] callback The iteration callback function
* @see audit_trail_destroy()
* @see audit_trail_enable_syscall()
*/
-AUDIT_TRAIL_API int audit_trail_foreach_syscall(audit_trail_h handle, audit_trail_string_cb callback, void *user_data);
+AUDIT_TRAIL_API int audit_trail_foreach_syscall(audit_trail_h handle, audit_trail_syscall_cb callback, void *user_data);
/**
* @brief Clears all system call logs saved in audit-trail.
* @see audit_trail_remove_syscall_cb()
*/
AUDIT_TRAIL_API int audit_trail_add_syscall_cb(audit_trail_h handle,
- audit_trail_string_cb callback, void* user_data,
+ audit_trail_syscall_cb callback, void* user_data,
int* id);
/**
* @see audit_trail_destroy()
*/
AUDIT_TRAIL_API int audit_trail_is_enabled_syscall(audit_trail_h handle, bool *en);
+
+/**
+ * @brief Get the time of the system call log
+ * @details This API can be used to get when the system call log occured.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail system call log handle
+ * @param[out] time The time as UNIX epoch timestamp
+ * @param[out] ms milliseconds of the time
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_syscall_time(audit_trail_syscall_h handle, time_t *time, unsigned short *ms);
+
+/**
+ * @brief Get the subject name of the system call log
+ * @details This API can be used to get the subject names in each system call logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail system call log handle
+ * @param[out] name The subject name
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @post The subject name must not be freed.
+ */
+AUDIT_TRAIL_API int audit_trail_get_syscall_subject_name(audit_trail_syscall_h handle, const char **name);
+
+/**
+ * @brief Get subject owner's user and group ID of the system call log
+ * @details This API can be used to get subject owner's user ID and group ID
+ * in each system call logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail system call log handle
+ * @param[out] uid The subject user ID
+ * @param[out] gid The subject group ID
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_syscall_subject_owner(audit_trail_syscall_h handle, uid_t *uid, gid_t *gid);
+
+/**
+ * @brief Get subject effective owner's user and group ID of the system call log
+ * @details This API can be used to get subject effective owner's user and
+ * group ID in each system call logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail system call log handle
+ * @param[out] euid The subject effective user ID
+ * @param[out] egid The subject effective group ID
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_syscall_subject_effective_owner(audit_trail_syscall_h handle, uid_t *euid, gid_t *egid);
+
+/**
+ * @brief Get the subject process ID of the system call log
+ * @details This API can be used to get the subject process ID in
+ * each system call logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail system call log handle
+ * @param[out] pid The subject process ID
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_syscall_subject_pid(audit_trail_syscall_h handle, pid_t *pid);
+
+/**
+ * @brief Get the system call number of the system call log
+ * @details This API can be used to get the system call number in each system call
+ * logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail system call log handle
+ * @param[out] syscall the system call number
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_syscall_action_syscall(audit_trail_syscall_h handle, unsigned int *syscall);
+
+/**
+ * @brief Get the exit code returned by system call of the system call log
+ * @details This API can be used to get the exit codes returned by each
+ * system call
+ * logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail system call log handle
+ * @param[out] exit The exit code
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_syscall_action_exitcode(audit_trail_syscall_h handle, unsigned int *exit);
+
/**
* @}
*/
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __CAPI_AUDIT_TRAIL_USER_H__
+#define __CAPI_AUDIT_TRAIL_USER_H__
+
+#include <time.h>
+#include <unistd.h>
+
+#include "audit-trail.h"
+
+/**
+ * @file user.h
+ * @brief This file provides APIs to get user space logs
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @addtogroup User-space
+ * @{
+ */
+
+/**
+ * @brief The audit-trail user space log handle
+ * @details The audit-trail user space log handle is an abstraction of the user space log
+ * data. This can be used to get information of each log.
+ * This must be used in audit_trail_user_cb() and not be freed,
+ * because this will be freed internally.
+ * internally.
+ * @since_tizen 5.0
+ * @see audit_trail_user_cb()
+ */
+typedef void* audit_trail_user_h;
+
+/**
+ * @brief Called to get all user space logs in an array
+ * @since_tizen 5.0
+ * @param[in] handle The handle of each user space logs
+ * @param[in] user_data The user data passed from the function
+ * @see audit_trail_add_user_cb
+ * @see audit_trail_remove_user_cb
+ * @see audit_trail_foreach_user
+ */
+typedef void (*audit_trail_user_cb)(audit_trail_user_h handle, void* user_data);
+
+/**
+ * @brief Retrieves all user space logs that occured in system.
+ * @details This API calls audit_trail_user_cb() once for each system
+ * call logs collected by audit-trail when user auditing
+ * is enabled.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail handle
+ * @param[in] callback The iteration callback function
+ * @param[in] user_data The user data passed to the callback function
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ * @see audit_trail_enable_user()
+ */
+AUDIT_TRAIL_API int audit_trail_foreach_user(audit_trail_h handle, audit_trail_user_cb callback, void *user_data);
+
+/**
+ * @brief Clears all user space logs saved in audit-trail.
+ * @details This API removes all user space logs
+ * collected by audit-trail.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail handle
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ * @see audit_trail_foreach_user()
+ */
+AUDIT_TRAIL_API int audit_trail_clear_user(audit_trail_h handle);
+
+/**
+ * @brief Adds a user space log callback.
+ * @details This API can be used to receive user space logs of system.
+ * The callback specified to this function is automatically called
+ * when a new log occurs.
+ * @since_tizen 5.0
+ * @param[in] context The audit_trail handle
+ * @param[in] callback The callback to get user space logs
+ * @param[in] user_data The user data passed to the callback function
+ * @param[out] id Callback identifier
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @pre The handle must be created by audit_trail_create().
+ * @pre System call auditing must be enabled by
+ * audit_trail_enable_user().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ * @see audit_trail_enable_user()
+ * @see audit_trail_remove_user_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_add_user_cb(audit_trail_h handle,
+ audit_trail_user_cb callback, void* user_data,
+ int* id);
+
+/**
+ * @brief Removes the user space log callback.
+ * @details This API can be used to remove the user space logs callback.
+ * @since_tizen 5.0
+ * @param[in] context The audit trail handle
+ * @param[in] id Callback identifier
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @pre The context must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ * @see audit_trail_add_user_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_remove_user_cb(audit_trail_h handle, int id);
+
+/**
+ * @brief Enables user auditing.
+ * @details This API can be used to enable to collect the user space logs.
+ * Any user space log will not be collected until auditing is
+ * enabled
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail handle
+ * @param[in] en True enables user auditing, Otherwise disables
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ * @see audit_trail_foreach_user()
+ * @see audit_trail_add_user_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_enable_user(audit_trail_h handle, bool en);
+
+/**
+ * @brief Retrieves if user auditing is enabled.
+ * @details This API can be used to know if user auditing is
+ * enabled now.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail handle
+ * @param[out] en If true, user auditing was enabled, Otherwise disabled
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ */
+AUDIT_TRAIL_API int audit_trail_is_enabled_user(audit_trail_h handle, bool *en);
+
+/**
+ * @brief Get the time of the user space log
+ * @details This API can be used to get when the user space log occured.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail user space log handle
+ * @param[out] time The time as UNIX epoch timestamp
+ * @param[out] ms milliseconds of the time
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_user_time(audit_trail_user_h handle, time_t *time, unsigned short *ms);
+
+/**
+ * @brief Get the type number of the user space log
+ * @details This API can be used to get the exit codes returned by each
+ * user logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail user space log handle
+ * @param[out] type The type number
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_trail_get_user_log_type(audit_trail_user_h handle, int *type);
+
+/**
+ * @brief Get the text of the user space log
+ * @details This API can be used to get the text data in each user space
+ * logs, which was not parsed.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail user space log handle
+ * @param[out] text The text data of log
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @post The subject name must not be freed.
+ */
+AUDIT_TRAIL_API int audit_trail_get_user_log_text(audit_trail_user_h handle, const char **text);
+
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __CAPI_AUDIT_TRAIL_USER_H__ */
#include <mock/dac.h>
#include <mock/mac.h>
#include <mock/syscall.h>
+#include <mock/user.h>
#include <mock/audit-trail.h>
#else
#include <audit-trail/dac.h>
#include <audit-trail/mac.h>
#include <audit-trail/syscall.h>
-#include <audit-trail/audit-trail.h>
#include <audit-trail/user.h>
+#include <audit-trail/audit-trail.h>
#endif
#include "proxythread.h"
#include "reporthandler.h"
projects / platform / core / security / suspicious-activity-monitor.git / commitdiff