Add error handler for applying rules

- common/audit/audit.* : remove to catch exceptions
- lib/audit-rule/field.h : fix to check invalid type
- server/* : fix to handle errors for applying or loading rules

Change-Id: I71cff4fc71cf33f722542b0d3468154fbbb8ad02
Signed-off-by: seolheui kim <s414.kim@samsung.com>

diff --git a/common/audit/audit.cpp b/common/audit/audit.cpp
index 488c0711b9090e65132257ff84d1a5c49bcd0d9d..54901a51240781eee1bdb2b3840e9216e264d21b 100644 (file)
--- a/common/audit/audit.cpp
+++ b/common/audit/audit.cpp
@@ -117,20 +117,12 @@ std::vector<Rule> Audit::getRules()
 
 void Audit::addRule(const std::vector<char> &rule)
 {
-       try {
-               std::lock_guard<std::mutex> lock(nlLock);
-               nl.send(AUDIT_ADD_RULE, rule);
-       } catch (runtime::Exception &e) {
-               ERROR("Audit addRule error : " + std::string(e.what()));
-       }
+       std::lock_guard<std::mutex> lock(nlLock);
+       nl.send(AUDIT_ADD_RULE, rule);
 }
 
 void Audit::removeRule(const std::vector<char> &rule)
 {
-       try {
-               std::lock_guard<std::mutex> lock(nlLock);
-               nl.send(AUDIT_DEL_RULE, rule);
-       } catch (runtime::Exception &e) {
-               ERROR("Audit removeRule error : " + std::string(e.what()));
-       }
+       std::lock_guard<std::mutex> lock(nlLock);
+       nl.send(AUDIT_DEL_RULE, rule);
 }

diff --git a/lib/audit-rule/field.h b/lib/audit-rule/field.h
index d31c43d865dfba9f5acd1c0cc23e4db212529b86..a4e970f15879874c0ce244e6e6611ec21e64b7e5 100644 (file)
--- a/lib/audit-rule/field.h
+++ b/lib/audit-rule/field.h
@@ -85,6 +85,7 @@ enum class FieldType : unsigned int {
        Arg3 = AUDIT_ARG3,
 
        Tag = AUDIT_FILTERKEY,
+       InvalidValue,
 };
 
 enum class Operator : unsigned int {
@@ -97,6 +98,7 @@ enum class Operator : unsigned int {
        GreaterThanEqual = AUDIT_GREATER_THAN_OR_EQUAL,
        BitMask = AUDIT_BIT_MASK,
        BitTest = AUDIT_BIT_TEST,
+       InvalidValue,
 };
 
 class FieldBase {
@@ -133,11 +135,16 @@ public:
        Field(FieldType type)
                : _type(type), _op(Operator::Default), _value()
        {
+               if (type >= FieldType::InvalidValue)
+                       throw runtime::Exception("Invalid field type");
        }
        /* TODO: to be removed below constructor */
        Field(FieldType type, Operator op, T value)
                : _type(type), _op(op), _value(value)
        {
+               if ((type >= FieldType::InvalidValue) || (op >= Operator::InvalidValue))
+                       throw runtime::Exception("Invalid value to make rule");
+
                if (FieldBase::isString(type) && std::is_same<int, T>::value)
                        throw runtime::Exception("Wrong field value type");
        }

diff --git a/lib/audit-trail/rule.cpp b/lib/audit-trail/rule.cpp
index 1fb25168d301ed871ffd300ed664efe68951f978..02a9b7e5d80e642a5bffadde29f738fbf6bbe2d4 100644 (file)
--- a/lib/audit-trail/rule.cpp
+++ b/lib/audit-trail/rule.cpp
@@ -93,6 +93,7 @@ int audit_rule_add_condition(audit_rule_h handle, unsigned int field,
                                                                unsigned int op, const void *value)
 {
        RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+       RET_ON_FAILURE(value, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
 
        try {
                GetAuditRule(handle).setCondition(
@@ -113,6 +114,7 @@ int audit_rule_remove_condition(audit_rule_h handle, unsigned int field,
                                                                unsigned int op, const void *value)
 {
        RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+       RET_ON_FAILURE(value, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
 
        try {
                GetAuditRule(handle).unsetCondition(FieldType(field));
@@ -176,7 +178,8 @@ int audit_trail_add_rule(audit_trail_h handle, audit_rule_h rule)
        AuditTrailContext &client = GetAuditTrailContext(handle);
        auto manager = client.createInterface<RuleManagement>();
 
-       manager.addRule(GetAuditRule(rule).data());
+       if (manager.addRule(GetAuditRule(rule).data()) < 0)
+               return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
 
        return AUDIT_TRAIL_ERROR_NONE;
 }
@@ -189,7 +192,8 @@ int audit_trail_remove_rule(audit_trail_h handle, audit_rule_h rule)
        AuditTrailContext &client = GetAuditTrailContext(handle);
        auto manager = client.createInterface<RuleManagement>();
 
-       manager.removeRule(GetAuditRule(rule).data());
+       if (manager.removeRule(GetAuditRule(rule).data()) < 0)
+               return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
 
        return AUDIT_TRAIL_ERROR_NONE;
 }
@@ -227,7 +231,8 @@ int audit_trail_load_ruleset(audit_trail_h handle, const char *name)
        AuditTrailContext &client = GetAuditTrailContext(handle);
        auto manager = client.createInterface<RuleManagement>();
 
-       manager.loadRuleSet(name);
+       if (manager.loadRuleSet(name) < 0)
+               return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
 
        return AUDIT_TRAIL_ERROR_NONE;
 }

diff --git a/server/rule-apply-engine.cpp b/server/rule-apply-engine.cpp
index 5fb62dfe0d284b8504049550ff196eea648c8526..8bf953de25048c52eb3b96c7f83c737929d9b360 100644 (file)
--- a/server/rule-apply-engine.cpp
+++ b/server/rule-apply-engine.cpp
@@ -24,7 +24,6 @@ const unsigned int alwaysSyscalls[] = {
 
 RuleApplyEngine::RuleApplyEngine()
 {
-       addNeverRules();
 }
 
 RuleApplyEngine::~RuleApplyEngine()
@@ -38,9 +37,15 @@ void RuleApplyEngine::addRule(Audit &audit, const std::vector<char> &data)
                if (r == rule)
                        return;
        }
+
+       audit.addRule(data);
+       audit.removeRule(data);
+
        adminList.emplace_back(rule);
 
        removeAll(audit);
+       addNeverRules();
+
        optimize(rule);
        applyNeverRules();
        addAll(audit);
@@ -49,13 +54,18 @@ void RuleApplyEngine::addRule(Audit &audit, const std::vector<char> &data)
 void RuleApplyEngine::removeRule(Audit &audit, const std::vector<char> &data)
 {
        Rule rule(data);
+       bool removed = false;
        for (auto r = adminList.begin(); r != adminList.end(); r++) {
                if (*r == rule) {
                        adminList.erase(r);
+                       removed = true;
                        break;
                }
        }
 
+       if (!removed)
+               throw runtime::Exception("Failed to remove rule");
+
        removeAll(audit);
        optimizedList.clear();
        addNeverRules();
@@ -77,6 +87,9 @@ RuleApplyEngine::RuleList RuleApplyEngine::getRules() const
 
 void RuleApplyEngine::removeAll(Audit &audit)
 {
+       if (optimizedList.size() < 2)
+               return;
+
        for (auto &r : optimizedList) {
                audit.removeRule(r.data());
        }

diff --git a/server/rule-management.cpp b/server/rule-management.cpp
index c703e44cee945f00733ea5d4164478b987040b08..30a0be2b0924a19c8289dcba5aa9dd74d51676cf 100644 (file)
--- a/server/rule-management.cpp
+++ b/server/rule-management.cpp
@@ -37,13 +37,23 @@ RuleManagement::~RuleManagement()
 
 int RuleManagement::addRule(std::vector<char> data)
 {
-       context.getRuleApplyEngine().addRule(context.getAudit(), data);
+       try {
+               context.getRuleApplyEngine().addRule(context.getAudit(), data);
+       } catch (runtime::Exception &e) {
+               ERROR("Failed to add rule : " + std::string(e.what()));
+               return -1;
+       }
        return 0;
 }
 
 int RuleManagement::removeRule(std::vector<char> data)
 {
-       context.getRuleApplyEngine().removeRule(context.getAudit(), data);
+       try {
+               context.getRuleApplyEngine().removeRule(context.getAudit(), data);
+       } catch (runtime::Exception &e) {
+               ERROR("Failed to remove rule : " + std::string(e.what()));
+               return -1;
+       }
        return 0;
 }
 
@@ -60,7 +70,12 @@ std::vector<std::vector<char>> RuleManagement::getRules()
 
 int RuleManagement::loadRuleSet(std::string name)
 {
-       context.loadRuleSet(name);
+       try {
+               context.loadRuleSet(name);
+       } catch (runtime::Exception &e) {
+               ERROR("Failed to load rule set : " + std::string(e.what()));
+               return -1;
+       }
        return 0;
 }