SET(${TARGET_OSQUERY_LIB}_DEPS ${${TARGET_OSQUERY_LIB}_DEPS} PARENT_SCOPE)
ENDMACRO(ADD_OSQUERY_LINK)
-## VIST #####################
+## ViST #####################
MACRO(ADD_VIST_LIBRARY TARGET)
ADD_LIBRARY(${TARGET} OBJECT ${ARGN})
LIST(APPEND ${TARGET_VIST_LIB}_SRCS $<TARGET_OBJECTS:${TARGET}>)
SET(${TARGET_VIST_LIB}_SRCS ${${TARGET_VIST_LIB}_SRCS} PARENT_SCOPE)
ENDMACRO(ADD_VIST_LIBRARY)
+MACRO(ADD_VIST_POLICY_LIBRARY TARGET)
+ ADD_LIBRARY(${TARGET} OBJECT ${ARGN})
+ LIST(APPEND ${TARGET_VIST_POLICY_LIB}_SRCS $<TARGET_OBJECTS:${TARGET}>)
+ SET(${TARGET_VIST_POLICY_LIB}_SRCS ${${TARGET_VIST_POLICY_LIB}_SRCS} PARENT_SCOPE)
+ENDMACRO(ADD_VIST_LIBRARY)
+
MACRO(ADD_VIST_TEST)
LIST(APPEND ${TARGET_VIST_LIB}_TESTS ${ARGN})
SET(${TARGET_VIST_LIB}_TESTS ${${TARGET_VIST_LIB}_TESTS} PARENT_SCOPE)
ENDMACRO(ADD_VIST_TEST)
-MACRO(ADD_VIST_LINK)
- LIST(APPEND ${TARGET_VIST_LIB}_DEPS ${ARGN})
- SET(${TARGET_VIST_LIB}_DEPS ${${TARGET_VIST_LIB}_DEPS} PARENT_SCOPE)
-ENDMACRO(ADD_VIST_LINK)
-
-## policyd #####################
-MACRO(ADD_POLICYD_LIBRARY TARGET)
- ADD_LIBRARY(${TARGET} OBJECT ${ARGN})
- LIST(APPEND ${TARGET_POLICYD_LIB}_SRCS $<TARGET_OBJECTS:${TARGET}>)
- SET(${TARGET_POLICYD_LIB}_SRCS ${${TARGET_POLICYD_LIB}_SRCS} PARENT_SCOPE)
-ENDMACRO(ADD_POLICYD_LIBRARY)
-
-MACRO(ADD_POLICYD_TEST)
- LIST(APPEND ${TARGET_POLICYD_LIB}_TESTS ${ARGN})
- SET(${TARGET_POLICYD_LIB}_TESTS ${${TARGET_POLICYD_LIB}_TESTS} PARENT_SCOPE)
-ENDMACRO(ADD_POLICYD_TEST)
-
## common #############################
MACRO(TARGET_LINK_WHOLE TARGET LIBRARY)
TARGET_LINK_LIBRARIES(${TARGET} "-Wl,-whole-archive")
%files test
%{_bindir}/osquery-test
%{_bindir}/vist-test
-%{_bindir}/policyd-test
## ViST Plugins - ###########################################################
%package plugins
#include <bluetooth-api.h>
#include <bluetooth_internal.h>
-#include <policyd/sdk/global-policy.h>
-#include <policyd/sdk/policy-provider.h>
+#include <vist/policy/sdk/global-policy.h>
+#include <vist/policy/sdk/policy-provider.h>
#include <memory>
((int)(enable) ? BLUETOOTH_DPM_BT_ALLOWED : \
BLUETOOTH_DPM_BT_RESTRICTED)
-using namespace policyd;
+using namespace vist::policy;
class ModeChange : public GlobalPolicy {
public:
#include <arpa/inet.h>
#include <wifi-manager.h>
-#include <policyd/sdk/global-policy.h>
-#include <policyd/sdk/policy-provider.h>
+#include <vist/policy/sdk/global-policy.h>
+#include <vist/policy/sdk/policy-provider.h>
#include <klay/dbus/connection.h>
"/net/netconfig/network", \
"net.netconfig.network"
-using namespace policyd;
+using namespace vist::policy;
class ModeChange : public GlobalPolicy {
public:
# limitations under the License
SET(TARGET_OSQUERY_LIB osquery)
-SET(TARGET_POLICYD_LIB policyd)
+SET(TARGET_VIST_POLICY_LIB vist-policy)
SET(TARGET_VIST_LIB vist)
ADD_SUBDIRECTORY(osquery)
IF(DEFINED GBS_BUILD)
ADD_SUBDIRECTORY(vist)
- ADD_SUBDIRECTORY(policyd)
ENDIF(DEFINED GBS_BUILD)
TARGET_LINK_LIBRARIES(${TARGET_OSQUERY_LIB} ${${TARGET_OSQUERY_LIB}_DEPS})
IF(DEFINED GBS_BUILD)
-TARGET_LINK_LIBRARIES(${TARGET_OSQUERY_LIB} ${TARGET_POLICYD_LIB})
+TARGET_LINK_LIBRARIES(${TARGET_OSQUERY_LIB} ${TARGET_VIST_POLICY_LIB})
ENDIF(DEFINED GBS_BUILD)
SET_TARGET_PROPERTIES(${TARGET_OSQUERY_LIB} PROPERTIES OUTPUT_NAME ${TARGET_OSQUERY_LIB})
#include <stdexcept>
#include <osquery/sql.h>
-#include <osquery/logger.h>
#include <osquery/tables.h>
-#include <policyd/api.h>
+#include <vist/policy/api.h>
+#include <vist/common/audit/logger.h>
namespace osquery {
namespace tables {
QueryData genPolicy(QueryContext& context) try {
+ INFO(VIST, "Select query about policy table.");
+
QueryData results;
if (context.constraints["name"].exists(EQUALS)) { /// where clause
auto names = context.constraints["name"].getAll(EQUALS);
for (const auto& name : names) {
- auto ret = policyd::API::Get(name);
+ auto ret = vist::policy::API::Get(name);
Row r;
r["name"] = TEXT(name);
results.emplace_back(std::move(r));
}
} else { /// select *;
- auto policies = policyd::API::GetAll();
+ auto policies = vist::policy::API::GetAll();
for (auto& policy : policies) {
Row r;
r["name"] = TEXT(policy.first);
return results;
} catch (...) {
+ ERROR(VIST, "Failed to select query on policy.");
Row r;
return { r };
}
QueryData updatePolicy(QueryContext& context, const PluginRequest& request) try {
+ INFO(VIST, "Update query about policy table.");
if (request.count("json_value_array") == 0)
throw std::runtime_error("Wrong request format. Not found json value.");
std::string name = document[0].GetString();
int value = std::stoi(document[1].GetString());
- policyd::API::Admin::Set(name, policyd::PolicyValue(value));
+ vist::policy::API::Admin::Set(name, vist::policy::PolicyValue(value));
Row r;
r["status"] = "success";
#include <osquery/sql.h>
#include <osquery/tables.h>
-#include <policyd/api.h>
+#include <vist/policy/api.h>
#include <vist/common/audit/logger.h>
namespace {
namespace tables {
QueryData genPolicyAdmin(QueryContext& context) try {
- INFO(VIST, "Select query about policy-admin.");
+ INFO(VIST, "Select query about policy-admin table.");
QueryData results;
- auto admins = policyd::API::Admin::GetAll();
+ auto admins = vist::policy::API::Admin::GetAll();
for (auto& admin : admins) {
Row r;
}
QueryData insertPolicyAdmin(QueryContext& context, const PluginRequest& request) try {
- INFO(VIST, "Insert query about policy-admin.");
+ INFO(VIST, "Insert query about policy-admin table.");
if (request.count("json_value_array") == 0)
throw std::runtime_error("Wrong request format. Not found json value.");
auto admin = parseAdmin(request.at("json_value_array"));
DEBUG(VIST, "Admin info [name]: " << admin.first << ", [uid]: " << admin.second);
- policyd::API::Admin::Enroll(admin.first, admin.second);
+ vist::policy::API::Admin::Enroll(admin.first, admin.second);
Row r;
r["status"] = "success";
}
QueryData deletePolicyAdmin(QueryContext& context, const PluginRequest& request) try {
- INFO(VIST, "Delete query about policy-admin.");
+ INFO(VIST, "Delete query about policy-admin table.");
if (request.count("json_value_array") == 0)
throw std::runtime_error("Wrong request format. Not found json value.");
auto admin = parseAdmin(request.at("json_value_array"), false);
DEBUG(VIST, "Admin info [name]: " << admin.first << ", [uid]: " << admin.second);
- policyd::API::Admin::Disenroll(admin.first, admin.second);
+ vist::policy::API::Admin::Disenroll(admin.first, admin.second);
Row r;
r["status"] = "success";
#include <gtest/gtest.h>
-#include <policyd/api.h>
+#include <vist/policy/api.h>
+
+using namespace vist;
class PolicyTests : public testing::Test {};
TEST_F(PolicyTests, get_all) {
- auto policies = policyd::API::GetAll();
+ auto policies = policy::API::GetAll();
EXPECT_TRUE(policies.size() > 0);
}
TEST_F(PolicyTests, get_admin_all) {
- auto admins = policyd::API::Admin::GetAll();
+ auto admins = policy::API::Admin::GetAll();
EXPECT_EQ(admins.size(), 0);
- policyd::API::Admin::Enroll("testAdmin", 0);
- admins = policyd::API::Admin::GetAll();
+ policy::API::Admin::Enroll("testAdmin", 0);
+ admins = policy::API::Admin::GetAll();
EXPECT_EQ(admins.size(), 1);
- policyd::API::Admin::Enroll("testAdmin", 1);
- admins = policyd::API::Admin::GetAll();
+ policy::API::Admin::Enroll("testAdmin", 1);
+ admins = policy::API::Admin::GetAll();
EXPECT_EQ(admins.size(), 2);
- policyd::API::Admin::Disenroll("testAdmin", 0);
- admins = policyd::API::Admin::GetAll();
+ policy::API::Admin::Disenroll("testAdmin", 0);
+ admins = policy::API::Admin::GetAll();
EXPECT_EQ(admins.size(), 1);
- policyd::API::Admin::Disenroll("testAdmin", 1);
- admins = policyd::API::Admin::GetAll();
+ policy::API::Admin::Disenroll("testAdmin", 1);
+ admins = policy::API::Admin::GetAll();
EXPECT_EQ(admins.size(), 0);
}
+++ /dev/null
-# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-SET(TARGET_POLICYD_TEST policyd-test)
-
-SET(${TARGET_POLICYD_LIB}_SRCS "")
-SET(${TARGET_POLICYD_LIB}_TESTS "")
-
-SET(DEPENDENCY klay)
-
-PKG_CHECK_MODULES(POLICYD_DEPS REQUIRED ${DEPENDENCY})
-
-INCLUDE_DIRECTORIES(SYSTEM . ${POLICYD_DEPS_INCLUDE_DIRS})
-
-ADD_DEFINITIONS(-DDB_PATH="${DB_INSTALL_DIR}/.vist.db"
- -DPLUGIN_INSTALL_DIR="${PLUGIN_INSTALL_DIR}"
- -DSCRIPT_INSTALL_DIR="${SCRIPT_INSTALL_DIR}")
-
-ADD_SUBDIRECTORY(core)
-ADD_SUBDIRECTORY(sdk)
-
-ADD_LIBRARY(${TARGET_POLICYD_LIB} STATIC ${${TARGET_POLICYD_LIB}_SRCS})
-
-TARGET_LINK_LIBRARIES(${TARGET_POLICYD_LIB} ${POLICYD_DEPS_LIBRARIES} pthread dl)
-
-SET_TARGET_PROPERTIES(${TARGET_POLICYD_LIB} PROPERTIES COMPILE_FLAGS "-fPIE")
-SET_TARGET_PROPERTIES(${TARGET_POLICYD_LIB} PROPERTIES LINK_FLAGS "-pie")
-
-ADD_EXECUTABLE(${TARGET_POLICYD_TEST} ../vist/main/tests.cpp
- ${${TARGET_POLICYD_LIB}_TESTS})
-
-TARGET_LINK_LIBRARIES(${TARGET_POLICYD_TEST} ${TARGET_POLICYD_LIB}
- gtest
- pthread)
-ADD_TEST(${TARGET_POLICYD_TEST} ${TARGET_POLICYD_TEST})
-INSTALL(TARGETS ${TARGET_POLICYD_TEST}
- DESTINATION ${CMAKE_INSTALL_BINDIR}
- PERMISSIONS OWNER_READ
- OWNER_WRITE
- OWNER_EXECUTE
- GROUP_READ
- GROUP_EXECUTE
- WORLD_READ
- WORLD_EXECUTE)
+++ /dev/null
-# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-FILE(GLOB SDK_TESTS "tests/*.cpp")
-ADD_POLICYD_TEST(${SDK_TESTS})
SET(TARGET_VIST_TEST vist-test)
SET(${TARGET_VIST_LIB}_SRCS "")
-SET(${TARGET_VIST_LIB}_DEPS "")
SET(${TARGET_VIST_LIB}_TESTS "")
-INCLUDE_DIRECTORIES(. common)
+SET(DEPENDENCY klay)
+
+PKG_CHECK_MODULES(VIST_DEPS REQUIRED ${DEPENDENCY})
+
+INCLUDE_DIRECTORIES(SYSTEM . common ${VIST_DEPS_INCLUDE_DIRS})
+
+ADD_DEFINITIONS(-DDB_PATH="${DB_INSTALL_DIR}/.vist.db"
+ -DPLUGIN_INSTALL_DIR="${PLUGIN_INSTALL_DIR}"
+ -DSCRIPT_INSTALL_DIR="${SCRIPT_INSTALL_DIR}")
ADD_SUBDIRECTORY(client)
ADD_SUBDIRECTORY(common)
ADD_SUBDIRECTORY(notification)
+ADD_SUBDIRECTORY(policy)
ADD_SUBDIRECTORY(service)
ADD_LIBRARY(${TARGET_VIST_LIB} STATIC ${${TARGET_VIST_LIB}_SRCS})
-TARGET_LINK_LIBRARIES(${TARGET_VIST_LIB} ${${TARGET_VIST_LIB}_DEPS}
+TARGET_LINK_LIBRARIES(${TARGET_VIST_LIB} ${VSIT_DEPS_LIBRARIES}
+ ${TARGET_VIST_POLICY_LIB}
${TARGET_OSQUERY_LIB})
ADD_EXECUTABLE(${TARGET_VIST_DAEMON} main/main.cpp)
TARGET_LINK_LIBRARIES(${TARGET_VIST_DAEMON} ${TARGET_VIST_LIB})
TARGET_LINK_WHOLE(${TARGET_VIST_DAEMON} ${TARGET_OSQUERY_LIB})
+SET_TARGET_PROPERTIES(${TARGET_VIST_DAEMON} PROPERTIES COMPILE_FLAGS "-fPIE")
+SET_TARGET_PROPERTIES(${TARGET_VIST_DAEMON} PROPERTIES LINK_FLAGS "-pie")
INSTALL(TARGETS ${TARGET_VIST_DAEMON}
DESTINATION ${CMAKE_INSTALL_BINDIR}
PERMISSIONS OWNER_READ
ADD_EXECUTABLE(${TARGET_VIST_TEST} main/tests.cpp
${${TARGET_VIST_LIB}_TESTS})
TARGET_LINK_LIBRARIES(${TARGET_VIST_TEST} ${TARGET_VIST_LIB}
- gtest)
+ gtest)
TARGET_LINK_WHOLE(${TARGET_VIST_TEST} ${TARGET_OSQUERY_LIB})
ADD_TEST(${TARGET_VIST_TEST} ${TARGET_VIST_TEST})
INSTALL(TARGETS ${TARGET_VIST_TEST}
+++ /dev/null
-# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License
-
-FILE(GLOB COMMON_TESTS "ipc/tests/*.cpp")
-ADD_VIST_TEST(${COMMON_TESTS})
} else if (pid == 0) {
TestServer server;
server.init();
-
}
std::this_thread::sleep_for(std::chrono::seconds(1));
# limitations under the License.
#
-ADD_POLICYD_LIBRARY(policyd_core api.cpp
- policy-manager.cpp
- policy-loader.cpp
- policy-storage.cpp)
+SET(${TARGET_VIST_POLICY_LIB}_SRCS "")
-FILE(GLOB SDK_TESTS "tests/*.cpp")
-ADD_POLICYD_TEST(${SDK_TESTS})
+ADD_VIST_POLICY_LIBRARY(vist_policy_core core/api.cpp
+ core/policy-manager.cpp
+ core/policy-loader.cpp
+ core/policy-storage.cpp)
+
+FILE(GLOB POLICY_CORE_TESTS "core/tests/*.cpp")
+ADD_VIST_TEST(${POLICY_CORE_TESTS})
+
+FILE(GLOB POLICY_SDK_TESTS "sdk/tests/*.cpp")
+ADD_VIST_TEST(${POLICY_SDK_TESTS})
+
+ADD_LIBRARY(${TARGET_VIST_POLICY_LIB} STATIC ${${TARGET_VIST_POLICY_LIB}_SRCS})
+TARGET_LINK_LIBRARIES(${TARGET_VIST_POLICY_LIB} pthread dl)
#pragma once
-#include <policyd/sdk/policy-value.h>
+#include <vist/policy/sdk/policy-value.h>
#include <string>
#include <map>
#include <unordered_map>
-namespace policyd {
+namespace vist {
+namespace policy {
struct API {
static PolicyValue Get(const std::string& policy);
};
};
-} // namespace policyd
+} // namespace policy
+} // namespace vist
* limitations under the License
*/
-#include <policyd/api.h>
+#include <vist/policy/api.h>
#include "policy-manager.h"
-namespace policyd {
+namespace vist {
+namespace policy {
PolicyValue API::Get(const std::string& policy)
{
return PolicyManager::Instance().getAdmins();
}
-} // namespace policyd
+} // namespace policy
+} // namespace vist
#include <string>
-namespace policyd {
+namespace vist {
+namespace policy {
namespace schema {
struct Admin {
};
} // namespace schema
-} // namespace policyd
+} // namespace policy
+} // namespace vist
#include "policy-loader.h"
-namespace policyd {
+namespace vist {
+namespace policy {
PolicyProvider* PolicyLoader::load(const std::string& path)
{
throw std::invalid_argument("Failed to open: " + path);
}
-} // namespace policyd
+} // namespace policy
+} // namespace vist
#pragma once
-#include <policyd/sdk/policy-provider.h>
+#include <vist/policy/sdk/policy-provider.h>
#include <stdexcept>
#include <string>
#include <dlfcn.h>
-namespace policyd {
+namespace vist {
+namespace policy {
struct PolicyLoader final {
static PolicyProvider* load(const std::string& path);
throw std::runtime_error("Failed to load: " + name);
}
-} // namespace policyd
+} // namespace policy
+} // namespace vist
#include <klay/filesystem.h>
-namespace policyd {
+namespace vist {
+namespace policy {
PolicyManager::PolicyManager() : storage(DB_PATH)
{
return storage.getAdmins();
}
-} // namespace policyd
+} // namespace policy
+} // namespace vist
#pragma once
-#include <policyd/sdk/policy-provider.h>
-#include <policyd/sdk/policy-value.h>
+#include <vist/policy/sdk/policy-provider.h>
+#include <vist/policy/sdk/policy-value.h>
#include "policy-storage.h"
#include <gtest/gtest_prod.h>
-namespace policyd {
+namespace vist {
+namespace policy {
class PolicyManager final {
public:
FRIEND_TEST(PolicyCoreTests, policy_loader);
};
-} // namespace policyd
+} // namespace policy
+} // namespace vist
#include <fstream>
using namespace query_builder;
-using namespace policyd::schema;
+using namespace vist::policy::schema;
namespace {
} // anonymous namespace
-namespace policyd {
+namespace vist {
+namespace policy {
PolicyStorage::PolicyStorage(const std::string& path) :
database(std::make_shared<database::Connection>(path,
return -1;
}
-} // namespace policyd
+} // namespace policy
+} // namespace vist
#pragma once
-#include <policyd/sdk/policy-value.h>
+#include <vist/policy/sdk/policy-value.h>
#include "db-schema.h"
#include <klay/db/connection.h>
-namespace policyd {
+namespace vist {
+namespace policy {
using namespace schema;
std::unordered_multimap<int, ManagedPolicy> managedPolicies;
};
-} // namespace policyd
+} // namespace policy
+} // namespace vist
#include "../policy-manager.h"
-namespace policyd {
+namespace vist {
+namespace policy {
class PolicyCoreTests : public testing::Test {};
manager.disenroll("testAdmin1", 0);
}
-} // namespace policyd
+} // namespace policy
+} // namespace vist
#include "../policy-storage.h"
-using namespace policyd;
+using namespace vist::policy;
class PolicyStorageTests : public testing::Test {
public:
#include <sys/types.h>
-namespace policyd {
+namespace vist {
+namespace policy {
class DomainPolicy : public PolicyModel {
public:
std::unordered_map<uid_t, PolicyValue> current;
};
-} // namespace policyd
+} // namespace policy
+} // namespace vist
#include <stdexcept>
#include <string>
-namespace policyd {
+namespace vist {
+namespace policy {
class GlobalPolicy : public PolicyModel {
public:
bool ready = false;
};
-} // namespace policyd
+} // namespace policy
+} // namespace vist
#include <string>
-namespace policyd {
+namespace vist {
+namespace policy {
class PolicyModel {
public:
PolicyValue initial;
};
-} // namespace policyd
+} // namespace policy
+} // namespace vist
#include <memory>
#include <unordered_map>
-namespace policyd {
+namespace vist {
+namespace policy {
class PolicyProvider {
public:
friend class PolicyManager;
};
-} // namespace policyd
+} // namespace policy
+} // namespace vist
#pragma once
-namespace policyd {
+namespace vist {
+namespace policy {
// TODO: Support various value type
struct PolicyValue final {
int value = -1;
};
-} // namespace policyd
+} // namespace policy
+} // namespace vist
uid_t d_uid = 0;
} // anonymous namespace
-using namespace policyd;
+using namespace vist::policy;
class PolicySDKTests : public testing::Test {};
#include <chrono>
#include <thread>
-#include <policyd/core/policy-manager.h>
+#include <vist/policy/core/policy-manager.h>
using namespace vist;
}
TEST_F(CoreTests, query_update) {
- auto& manager = policyd::PolicyManager::Instance();
+ auto& manager = policy::PolicyManager::Instance();
manager.enroll("admin", 0);
std::string statement = "SELECT * FROM policy WHERE name = 'bluetooth'";