Fix to put multiple syscall number to rule

Change-Id: I22b59fb25dcefbec8e9666ff4bc2cf07a3cb3073
Signed-off-by: seolheui kim <s414.kim@samsung.com>

diff --git a/lib/audit-rule/rule.cpp b/lib/audit-rule/rule.cpp
index d7fecb6fa32179a5d3d6068a8e5ae7dbdffdd3eb..63ceac46d919fbae03ef6163b96a2c95e097ffd2 100644 (file)
--- a/lib/audit-rule/rule.cpp
+++ b/lib/audit-rule/rule.cpp
@@ -43,6 +43,11 @@ Rule::~Rule()
 std::vector<char> Rule::data() const
 {
        std::vector<char> ret(buf);
+       if (!isSetMask(ret)) {
+               auto r = reinterpret_cast<RuleData*>(ret.data());
+               std::fill_n(r->mask, AUDIT_BITMASK_SIZE, ~0);
+       }
+
        for (auto &c : conditions) {
                if (c.second)
                        c.second->emit(ret);
@@ -50,6 +55,16 @@ std::vector<char> Rule::data() const
        return ret;
 }
 
+bool Rule::isSetMask(std::vector<char> rule) const
+{
+       auto r = reinterpret_cast<RuleData*>(rule.data());
+       for (auto &m : r->mask) {
+               if (m != 0)
+                       return true;
+       }
+       return false;
+}
+
 void Rule::setTag(const std::string &tag)
 {
        //[TODO]: save tags
@@ -68,9 +83,7 @@ void Rule::set(Filter filter)
 
 void Rule::setMask()
 {
-       for (auto &m : ruleData()->mask) {
-               m = ~0;
-       }
+       std::fill_n(ruleData()->mask, AUDIT_BITMASK_SIZE, ~0);
 }
 
 void Rule::setMask(unsigned int syscall)
@@ -86,9 +99,7 @@ void Rule::setMask(unsigned int syscall)
 
 void Rule::unsetMask()
 {
-       for (auto &m : ruleData()->mask) {
-               m = 0;
-       }
+       std::fill_n(ruleData()->mask, AUDIT_BITMASK_SIZE, 0);
 }
 
 void Rule::unsetMask(unsigned int syscall)

diff --git a/lib/audit-rule/rule.h b/lib/audit-rule/rule.h
index 0b707d880ee00ab755d8a4b3d70b3e092a36bdab..a791f6558b50333e48810db1d63e99e90514a048 100644 (file)
--- a/lib/audit-rule/rule.h
+++ b/lib/audit-rule/rule.h
@@ -71,6 +71,12 @@ public:
                return *this;
        }
 
+       Rule &operator + (unsigned int mask)
+       {
+               setMask(mask);
+               return *this;
+       }
+
        bool operator == (const Rule &rule)
        {
                return (data() == rule.data());
@@ -117,6 +123,7 @@ private:
                return reinterpret_cast<RuleData*>(buf.data());
        }
        void setComponents(const std::vector<char> &rule);
+       bool isSetMask(std::vector<char> rule) const;
 private:
        RuleType _type;
        std::vector<char> buf;

diff --git a/lib/audit-rule/syscall-rule.h b/lib/audit-rule/syscall-rule.h
index e2ed5724161b69d79acdabcca6f24c0f93f85112..563e8d663aa0f9773cf121d99d2144cc61c544af 100644 (file)
--- a/lib/audit-rule/syscall-rule.h
+++ b/lib/audit-rule/syscall-rule.h
@@ -24,6 +24,12 @@ public:
        SyscallRule(int syscall) {
                setMask(syscall);
        }
+       template <typename T, typename ...T2>
+       SyscallRule(T syscall, T2... syscalls) : SyscallRule(syscalls...)
+       {
+               setMask(syscall);
+       }
+
        ~SyscallRule() {}
 };