--- /dev/null
+#
+# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+CMAKE_MINIMUM_REQUIRED(VERSION 2.8)
+
+PROJECT(audit-trail)
+
+IF(NOT DEFINED VERSION)
+ SET(VERSION "0.0.1")
+ENDIF(NOT DEFINED VERSION)
+
+INCLUDE(FindPkgConfig)
+
+IF(NOT CMAKE_BUILD_TYPE)
+ SET(CMAKE_BUILD_TYPE "DEBUG")
+ENDIF(NOT CMAKE_BUILD_TYPE)
+
+SET(AUDIT_TRAIL_LIB ${PROJECT_SOURCE_DIR}/lib)
+SET(AUDIT_TRAIL_SERVER ${PROJECT_SOURCE_DIR}/server)
+SET(AUDIT_TRAIL_TOOLS ${PROJECT_SOURCE_DIR}/tools)
+
+IF("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU" AND CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.7)
+ SET(CXX_STD "c++0x")
+else()
+ SET(CXX_STD "c++11")
+endif()
+
+SET(COMPILE_BASE_FLAGS "-g -fPIC -Werror -Wall -Wl,--as-needed -Wl,--no-whole-archive")
+SET(CMAKE_C_FLAGS_PROFILING "${COMPILE_BASE_FLAGS} -O0 -pg")
+SET(CMAKE_CXX_FLAGS_PROFILING "${COMPILE_BASE_FLAGS} -O0 -pg -std=${CXX_STD} -fno-rtti")
+SET(CMAKE_C_FLAGS_DEBUG "${COMPILE_BASE_FLAGS} -O0 -ggdb")
+SET(CMAKE_CXX_FLAGS_DEBUG "${COMPILE_BASE_FLAGS} -O0 -ggdb -std=${CXX_STD} -fno-rtti")
+SET(CMAKE_C_FLAGS_RELEASE "${COMPILE_BASE_FLAGS} -O2 -DNDEBUG")
+SET(CMAKE_CXX_FLAGS_RELEASE "${COMPILE_BASE_FLAGS} -O2 -DNDEBUG -std=${CXX_STD} -fno-rtti")
+SET(CMAKE_C_FLAGS_CCOV "${COMPILE_BASE_FLAGS} -O0 --coverage")
+SET(CMAKE_CXX_FLAGS_CCOV "${COMPILE_BASE_FLAGS} -O0 --coverage -std=${CXX_STD} -fno-rtti")
+
+IF(NOT DEFINED LIB_DIR)
+ SET(LIB_DIR "${CMAKE_INSTALL_LIBDIR}")
+ENDIF(NOT DEFINED LIB_DIR)
+
+IF(NOT DEFINED INCLUDE_DIR)
+ SET(INCLUDE__DIR "${CMAKE_INSTALL_INCLUDEDIR}")
+ENDIF(NOT DEFINED INCLUDE_DIR)
+
+IF(NOT DEFINED RUN_DIR)
+ SET(RUN_DIR "/run")
+ENDIF(NOT DEFINED RUN_DIR)
+
+IF(NOT DEFINED BIN_DIR)
+ SET(BIN_DIR "${CMAKE_INSTALL_BINDIR}")
+ENDIF(NOT DEFINED BIN_DIR)
+
+IF(NOT DEFINED HOME_DIR)
+ SET(HOME_DIR "/home")
+ENDIF(NOT DEFINED HOME_DIR)
+
+IF(NOT DEFINED SYSTEMD_UNIT_DIR)
+ SET(SYSTEMD_UNIT_DIR "${CMAKE_INSTALL_PREFIX}/lib/systemd/system")
+ENDIF(NOT DEFINED SYSTEMD_UNIT_DIR)
+
+ADD_DEFINITIONS(-DUG_WAYLAND)
+
+ADD_SUBDIRECTORY(${AUDIT_TRAIL_LIB})
+ADD_SUBDIRECTORY(${AUDIT_TRAIL_SERVER})
+ADD_SUBDIRECTORY(${AUDIT_TRAIL_TOOLS})
+++ /dev/null
-#
-# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-CONFIG_AUDITTRAIL = m
-export CONFIG_AUDITTRAIL
-
-obj-y = audittrail/
-
-all:
- $(MAKE) -C ${KERNEL_DEV_PATH} M=${PWD} modules
-
-install:
- @cp audittrail/*.ko ${KERNEL_MOD_PATH}/.
-
-clean:
- $(MAKE) -C ${KERNEL_DEV_PATH} M=${PWD} clean
+++ /dev/null
-config AUDITTRAIL
- boolean "Enable Audit trail collector"
- depends on SECURITYFS
- default y
- help
- This option enables a system to collect various kinds of audit trail
- (audit log). It has a directory which has two files.
- First file is used for sending some commands such as registering
- process itself as a consumer or provider.
- Second files is used for getting or putting audit logs as a consumer
- or provider.
+++ /dev/null
-obj-$(CONFIG_AUDITTRAIL) = audittrail.o
-audittrail-objs += main.o
-audittrail-objs += dir.o
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- */
-
-#include <linux/fs.h>
-#include <linux/security.h>
-
-#include "log.h"
-#include "dir.h"
-
-static struct dentry *audittrail_dir = NULL;
-static struct dentry *audittrail_command = NULL;
-static struct dentry *audittrail_buffer = NULL;
-
-static int audittrail_command_open(struct inode * inode, struct file *file)
-{
- if ((file->f_flags & O_ACCMODE) != O_WRONLY)
- return -EACCES;
-
- return 0;
-}
-
-static ssize_t audittrail_command_write(struct file *file, const char __user *buf,
- size_t datalen, loff_t *ppos)
-{
- return -EINVAL;
-}
-
-static const struct file_operations audittrail_command_ops = {
- .open = audittrail_command_open,
- .write = audittrail_command_write,
-};
-
-static int audittrail_buffer_open(struct inode * inode, struct file *file)
-{
- return 0;
-}
-
-static ssize_t audittrail_buffer_read(struct file *file,
- char __user *buf,
- size_t datalen, loff_t *ppos)
-{
- return -EINVAL;
-}
-
-static ssize_t audittrail_buffer_write(struct file *file,
- const char __user *buf,
- size_t datalen, loff_t *ppos)
-{
- return -EINVAL;
-}
-
-static int audittrail_buffer_release(struct inode *inode, struct file *file)
-{
- return 0;
-}
-
-static const struct file_operations audittrail_buffer_ops = {
- .open = audittrail_buffer_open,
- .read = audittrail_buffer_read,
- .write = audittrail_buffer_write,
- .release = audittrail_buffer_release,
-};
-
-
-int audittrail_dir_create(void)
-{
- audittrail_dir = securityfs_create_dir("audittrail", NULL);
- if (IS_ERR(audittrail_dir))
- goto err;
-
- audittrail_command =
- securityfs_create_file("command",
- S_IWUSR | S_IWGRP, audittrail_dir, NULL,
- &audittrail_command_ops);
- if (IS_ERR(audittrail_command))
- goto err;
-
- audittrail_buffer =
- securityfs_create_file("buffer",
- S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP,
- audittrail_dir, NULL,
- &audittrail_buffer_ops);
- if (IS_ERR(audittrail_buffer))
- goto err;
-
- return 0;
-
-err:
- audittrail_dir_destroy();
- return -1;
-}
-
-void audittrail_dir_destroy(void)
-{
- securityfs_remove(audittrail_buffer);
- securityfs_remove(audittrail_command);
- securityfs_remove(audittrail_dir);
-}
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- */
-#ifndef __AUDITTRAIL_DIR_H__
-#define __AUDITTRAIL_DIR_H__
-
-int audittrail_dir_create(void);
-void audittrail_dir_destroy(void);
-
-#endif //! __AUDITTRAIL_DIR_H__
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- */
-#ifndef __AUDITTRAIL_LOG_H__
-#define __AUDITTRAIL_LOG_H__
-
-#include <linux/printk.h>
-
-#define LOG_TAG "audit-trail: "
-
-#define FMT(fmt) fmt
-#define AUDITTRAIL_ERROR(fmt, ...) \
- printk(KERN_ERR LOG_TAG FMT(fmt), ##__VA_ARGS__)
-#define AUDITTRAIL_WARN(fmt, ...) \
- printk(KERN_WARNING LOG_TAG FMT(fmt), ##__VA_ARGS__)
-#define AUDITTRAIL_INFO(fmt, ...) \
- printk(KERN_INFO LOG_TAG FMT(fmt), ##__VA_ARGS__)
-
-#endif //! __AUDITTRAIL_LOG_H__
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- */
-#include <linux/module.h>
-
-#include "log.h"
-#include "dir.h"
-
-int audittrail_init(void)
-{
- AUDITTRAIL_INFO("loaded");
-
- if (audittrail_dir_create() != 0) {
- AUDITTRAIL_ERROR("failed to create auditfs");
- return -1;
- }
-
- AUDITTRAIL_INFO("auditfs ready");
-
- return 0;
-}
-
-void audittrail_exit(void)
-{
- audittrail_dir_destroy();
-
- AUDITTRAIL_INFO("unloaded");
-}
-
-module_init(audittrail_init);
-module_exit(audittrail_exit);
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Sungbae Yoo");
--- /dev/null
+#
+# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+SET(LIB_VERSION "${VERSION}")
+SET(LIB_SOVERSION "0")
+
+SET(PC_FILE "${PROJECT_NAME}.pc")
+
+SET(SOURCES client.cpp
+ smack.cpp
+ audit-trail/smack.cpp
+ audit-trail/audit-trail.cpp
+)
+
+SET(CAPI_INCLUDE_FILES audit-trail/common.h
+ audit-trail/smack.h
+ audit-trail/audit-trail.h
+)
+
+
+SET (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack")
+
+PKG_CHECK_MODULES(LIBS_DEPS REQUIRED
+ klay
+)
+
+ADD_LIBRARY(${PROJECT_NAME} SHARED ${SOURCES})
+SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES COMPILE_FLAGS "-fvisibility=hidden")
+SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES SOVERSION ${LIB_SOVERSION})
+SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES VERSION ${LIB_VERSION})
+
+INCLUDE_DIRECTORIES(SYSTEM ${LIBS_DEPS_INCLUDE_DIRS} ${AUDIT_TRAIL_LIB} ${PROJECT_SOURCE_DIR})
+TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${LIBS_DEPS_LIBRARIES} pthread)
+
+CONFIGURE_FILE(${PC_FILE}.in ${CMAKE_BINARY_DIR}/${PC_FILE} @ONLY)
+
+INSTALL(FILES ${CMAKE_BINARY_DIR}/${PC_FILE} DESTINATION ${LIB_INSTALL_DIR}/pkgconfig)
+INSTALL(TARGETS ${PROJECT_NAME} DESTINATION ${LIB_INSTALL_DIR} COMPONENT RuntimeLibraries)
+INSTALL(FILES ${CAPI_INCLUDE_FILES} DESTINATION ${INCLUDE_INSTALL_DIR}/audit-trail)
--- /dev/null
+# Package Information for pkg-config
+
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=@CMAKE_INSTALL_PREFIX@
+libdir=@LIB_INSTALL_DIR@
+includedir=@INCLUDE_INSTALL_DIR@
+
+Name: @PROJECT_NAME@
+Description: Tizen @PROJECT_NAME@ Client library
+Version: @VERSION@
+Libs: -L${libdir} -l@PROJECT_NAME@
+Cflags: -I${includedir}/@PROJECT_NAME@
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <cstring>
+
+#include "debug.h"
+#include "audit-trail.h"
+
+#include "client.h"
+
+int audit_trail_create(audit_trail_h* handle)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext* client = new(std::nothrow) AuditTrailContext();
+
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_CONNECTION_REFUSED);
+
+ if (client->connect() < 0) {
+ delete client;
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_CONNECTION_REFUSED);
+ }
+
+ *handle = reinterpret_cast<audit_trail_h>(client);
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_destroy(audit_trail_h handle)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ delete &GetAuditTrailContext(handle);
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __CAPI_AUDIT_TRAIL_AUDIT_TRAIL_H__
+#define __CAPI_AUDIT_TRAIL_AUDIT_TRAIL_H__
+
+#include <audit-trail/common.h>
+
+/**
+ * @file audit-trail.h
+ * @brief This file provides APIs to get a handle of audit-trail
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief The audit-trail handle
+ * @details The audit-trail handle is an abstraction of the logical
+ * connection between the audit-trail manager and it's client.
+ * The audit-trail handle must be created by using
+ * audit_trail_create() before attempting to use almost any of
+ * the audit-trail related APIs, and it should be freed when interaction
+ * with the audit-trail manager is no longer required.
+ * To release the handle, use audit_trail_destroy().
+ * @since_tizen 5.0
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ */
+typedef void* audit_trail_h;
+
+/**
+ * @brief Creates the audit-trail handle.
+ * @details This API creates audit-trail handle required to the audit-trail
+ * related APIs.
+ * This API is also used to verify whether caller is authorized
+ * or not.
+ * @since_tizen 5.0
+ * @param[out] handle The audit-trail handle
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_CONNECTION_REFUSED Connection refused
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @see audit_trail_destroy()
+ * @see get_last_result()
+ */
+AUDIT_TRAIL_API int audit_trail_create(audit_trail_h *handle);
+
+/**
+ * @brief Releases the audit-trail handle.
+ * @details This API must be called if interaction with the audit-trail API
+ * is no longer required.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail handle
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create()
+ * @see audit_trail_create()
+ */
+AUDIT_TRAIL_API int audit_trail_destroy(audit_trail_h handle);
+
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __CAPI_AUDIT_TRAIL_AUDIT_TRAIL_H__ */
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __CAPI_AUDIT_TRAIL_COMMON_H__
+#define __CAPI_AUDIT_TRAIL_COMMON_H__
+
+#include <tizen.h>
+
+/**
+ * @file ode.h
+ * @brief This file defines common data types required to ode APIs.
+ */
+
+#ifndef AUDIT_TRAIL_API
+#define AUDIT_TRAIL_API __attribute__((visibility("default")))
+#endif // API
+
+#ifndef TRUE
+#define TRUE 1
+#endif
+
+#ifndef FALSE
+#define FALSE 0
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @addtogroup CAPI_AUDIT_TRAIL_MODULE
+ * @{
+ */
+
+/**
+ * @brief Enumeration of device encryption API errors
+ * @since_tizen 3.0
+ */
+typedef enum {
+ AUDIT_TRAIL_ERROR_NONE = TIZEN_ERROR_NONE, /**< The operation was successful */
+ AUDIT_TRAIL_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid parameter */
+ AUDIT_TRAIL_ERROR_CONNECTION_REFUSED = TIZEN_ERROR_CONNECTION_REFUSED, /**< Connection refused */
+ AUDIT_TRAIL_ERROR_TIMED_OUT = TIZEN_ERROR_TIMED_OUT, /**< Time out */
+ AUDIT_TRAIL_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Access privilege is not sufficient */
+ AUDIT_TRAIL_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED, /**< Operation is not supported */
+ AUDIT_TRAIL_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */
+ AUDIT_TRAIL_ERROR_NOT_PERMITTED = TIZEN_ERROR_NOT_PERMITTED, /**< Operation is not permitted */
+ AUDIT_TRAIL_ERROR_NO_DATA = TIZEN_ERROR_NO_DATA /**< No Data */
+} audit_trail_error_type_e;
+
+/**
+ * @brief Called to get all strings in an array
+ * @since_tizen 5.0
+ * @param[in] log Each string in an array
+ * @param[in] user_data The user data passed from the function
+ * @see audit_trail_add_log_cb
+ * @see audit_trail_remove_log_cb
+ * @see audit_trail_foreach_smack
+ */
+typedef void (*audit_trail_string_cb)(const char* log, void* user_data);
+
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __CAPI_AUDIT_TRAIL_COMMON_H__ */
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __CAPI_AUDIT_TRAIL_ASSERT_H__
+#define __CAPI_AUDIT_TRAIL_ASSERT_H__
+
+#define RET_ON_FAILURE(cond, ret) \
+{ \
+ if (!(cond)) \
+ return (ret); \
+}
+
+#endif //! __CAPI_AUDIT_TRAIL_ASSERT_H__
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <cstring>
+
+#include "debug.h"
+#include "smack.h"
+
+#include "client.h"
+#include "rmi/smack.h"
+
+using namespace AuditTrail;
+
+int audit_trail_foreach_smack(audit_trail_h handle, audit_trail_string_cb callback, void *user_data)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &client = GetAuditTrailContext(handle);
+ Smack smack = client.createInterface<Smack>();
+
+ int iter = smack.createIterator();
+ do {
+ callback(smack.getIteratorValue(iter).c_str(), user_data);
+ } while (smack.nextIterator(iter));
+ smack.destroyIterator(iter);
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_clear_smack(audit_trail_h handle)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &client = GetAuditTrailContext(handle);
+ Smack smack = client.createInterface<Smack>();
+ smack.clear();
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_add_smack_cb(audit_trail_h handle, audit_trail_string_cb callback, void* user_data, int *id)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &context = GetAuditTrailContext(handle);
+ int ret = context.subscribeNotification("Smack", callback, user_data);
+ if (ret < 0)
+ return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
+
+ *id = ret;
+ return AUDIT_TRAIL_ERROR_NONE;
+}
+
+int audit_trail_remove_smack_cb(audit_trail_h handle, int callback_id)
+{
+ RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(callback_id >= 0, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+ AuditTrailContext &context = GetAuditTrailContext(handle);
+ int ret = context.unsubscribeNotification(callback_id);
+ if (ret)
+ return AUDIT_TRAIL_ERROR_INVALID_PARAMETER;
+
+ return AUDIT_TRAIL_ERROR_NONE;
+}
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __CAPI_AUDIT_TRAIL_SMACK_H__
+#define __CAPI_AUDIT_TRAIL_SMACK_H__
+
+#include <audit-trail/audit-trail.h>
+
+/**
+ * @file smack.h
+ * @brief This file provides APIs to get smack logs
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Retrieves all smack logs that occured in system.
+ * @details This API calls audit_trail_strimg_cb() once for each logs.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail handle
+ * @param[in] callback The iteration callback function
+ * @param[in] user_data The user data passed to the callback function
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ */
+AUDIT_TRAIL_API int audit_trail_foreach_smack(audit_trail_h handle, audit_trail_string_cb callback, void *user_data);
+
+/**
+ * @brief Clears all smack logs saved in audit-trail.
+ * @details This API removes all smack logs collected by audit-trail.
+ * @since_tizen 5.0
+ * @param[in] handle The audit-trail handle
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ * @see audit_trail_foreach_smack()
+ */
+AUDIT_TRAIL_API int audit_trail_clear_smack(audit_trail_h handle);
+
+/**
+ * @brief Adds a smack log callback.
+ * @details This API can be used to receive logs of system
+ * The callback specified to this function is automatically
+ * called when a new log occurs.
+ * @since_tizen 3.0
+ * @param[in] context The audit_trail handle
+ * @param[in] callback The callback to get smack logs
+ * @param[in] user_data The user data passed to the callback function
+ * @param[out] id Callback identifier
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @pre The handle must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ * @see audit_trail_remove_smack_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_add_smack_cb(audit_trail_h handle,
+ audit_trail_string_cb callback, void* user_data,
+ int* id);
+
+/**
+ * @brief Removes the smack log callback.
+ * @details This API can be used to remove the smack log callback
+ * @since_tizen 3.0
+ * @param[in] context The audit trail handle
+ * @param[in] id Callback identifier
+ * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @pre The context must be created by audit_trail_create().
+ * @see audit_trail_create()
+ * @see audit_trail_destroy()
+ * @see audit_trail_add_smack_cb()
+ */
+AUDIT_TRAIL_API int audit_trail_remove_smack_cb(audit_trail_h handle, int id);
+
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __CAPI_AUDIT_TRAIL_SMACK_H__ */
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#include "client.h"
+
+namespace {
+
+const std::string SUBSCRIBER_REGISTER = "Server::registerNotificationSubscriber";
+const std::string SUBSCRIBER_UNREGISTER = "Server::unregisterNotificationSubscriber";
+
+
+const std::string AUDIT_TRAIL_MANAGER_ADDRESS = "/tmp/.audit-trail.sock";
+
+} // namespace
+
+
+AuditTrailContext::AuditTrailContext() noexcept
+{
+}
+
+AuditTrailContext::~AuditTrailContext() noexcept
+{
+ disconnect();
+}
+
+int AuditTrailContext::connect(const std::string& address) noexcept
+{
+ try {
+ client.reset(new rmi::Client(address));
+ client->connect();
+ } catch (runtime::Exception& e) {
+ return -1;
+ }
+
+ return 0;
+}
+
+int AuditTrailContext::connect() noexcept
+{
+ return connect(AUDIT_TRAIL_MANAGER_ADDRESS);
+}
+
+void AuditTrailContext::disconnect() noexcept
+{
+ client.reset();
+}
+
+int AuditTrailContext::subscribeNotification(const std::string& name,
+ const SignalListener& listener,
+ void* data)
+{
+ auto listenerDispatcher = [listener, data](std::string name, std::string type) {
+ listener(type.c_str(), data);
+ };
+
+ try {
+ return client->subscribe<std::string, std::string>
+ (SUBSCRIBER_REGISTER, name, listenerDispatcher);
+ } catch (runtime::Exception& e) {
+ std::cout << e.what() << std::endl;
+ return -1;
+ }
+}
+
+int AuditTrailContext::unsubscribeNotification(int subscriberId)
+{
+ return client->unsubscribe(SUBSCRIBER_UNREGISTER, subscriberId);
+}
+
+AuditTrailContext& GetAuditTrailContext(void* handle)
+{
+ return *reinterpret_cast<AuditTrailContext*>(handle);
+}
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __AUDIT_TRAIL_CLIENT_H__
+#define __AUDIT_TRAIL_CLIENT_H__
+
+#include <string>
+#include <memory>
+#include <functional>
+
+#include <klay/rmi/client.h>
+
+typedef std::function<void(const char*, void*)> SignalListener;
+
+class AuditTrailContext final {
+public:
+ typedef std::unique_ptr<rmi::Client> AuditTrailControlContext;
+
+ AuditTrailContext() noexcept;
+ ~AuditTrailContext() noexcept;
+
+ int connect() noexcept;
+ int connect(const std::string& address) noexcept;
+ void disconnect() noexcept;
+
+ int subscribeNotification(const std::string& name, const SignalListener& listener, void* data);
+ int unsubscribeNotification(int subscriberId);
+
+ template<typename Interface, typename... Args>
+ Interface createInterface(Args&&... args) noexcept
+ {
+ return Interface(getAuditTrailControlContext(), std::forward<Args>(args)...);
+ }
+
+private:
+ AuditTrailControlContext& getAuditTrailControlContext()
+ {
+ return client;
+ }
+
+ AuditTrailControlContext client;
+};
+
+AuditTrailContext& GetAuditTrailContext(void* handle);
+#endif //__AUDIT_TRAIL_CLIENT_H__
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __AUDIT_TRAIL_CONTEXT__
+#define __AUDIT_TRAIL_CONTEXT__
+
+#include "client.h"
+
+using AuditTrailControlContext = ::AuditTrailContext::AuditTrailControlContext;
+
+#endif //!__AUDIT_TRAIL_CONTEXT__
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include "rmi/smack.h"
+
+namespace AuditTrail {
+
+Smack::Smack(AuditTrailControlContext& ctx) :
+ context(ctx)
+{
+}
+
+Smack::~Smack()
+{
+}
+
+int Smack::createIterator()
+{
+ try {
+ return context->methodCall<int>("Smack::createIterator");
+ } catch (runtime::Exception& e) {}
+ return -1;
+}
+
+std::string Smack::getIteratorValue(int iterator)
+{
+ try {
+ return context->methodCall<std::string>("Smack::getIteratorValue", iterator);
+ } catch (runtime::Exception& e) {}
+ return "";
+}
+
+bool Smack::nextIterator(int iterator)
+{
+ try {
+ return context->methodCall<bool>("Smack::nextIterator", iterator);
+ } catch (runtime::Exception& e) {}
+ return false;
+}
+
+int Smack::destroyIterator(int iterator)
+{
+ try {
+ return context->methodCall<int>("Smack::destroyIterator", iterator);
+ } catch (runtime::Exception& e) {}
+ return -1;
+}
+
+int Smack::clear()
+{
+ try {
+ return context->methodCall<int>("Smack::clear");
+ } catch (runtime::Exception& e) {}
+ return 0;
+}
+
+} // namespace AuditTrail
--- /dev/null
+#
+# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+CONFIG_AUDITTRAIL = m
+export CONFIG_AUDITTRAIL
+
+obj-y = audittrail/
+
+all:
+ $(MAKE) -C ${KERNEL_DEV_PATH} M=${PWD} modules
+
+install:
+ @cp audittrail/*.ko ${KERNEL_MOD_PATH}/.
+
+clean:
+ $(MAKE) -C ${KERNEL_DEV_PATH} M=${PWD} clean
--- /dev/null
+config AUDITTRAIL
+ boolean "Enable Audit trail collector"
+ depends on SECURITYFS
+ default y
+ help
+ This option enables a system to collect various kinds of audit trail
+ (audit log). It has a directory which has two files.
+ First file is used for sending some commands such as registering
+ process itself as a consumer or provider.
+ Second files is used for getting or putting audit logs as a consumer
+ or provider.
--- /dev/null
+obj-$(CONFIG_AUDITTRAIL) = audittrail.o
+audittrail-objs += main.o
+audittrail-objs += dir.o
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ */
+
+#include <linux/fs.h>
+#include <linux/security.h>
+
+#include "log.h"
+#include "dir.h"
+
+static struct dentry *audittrail_dir = NULL;
+static struct dentry *audittrail_command = NULL;
+static struct dentry *audittrail_buffer = NULL;
+
+static int audittrail_command_open(struct inode * inode, struct file *file)
+{
+ if ((file->f_flags & O_ACCMODE) != O_WRONLY)
+ return -EACCES;
+
+ return 0;
+}
+
+static ssize_t audittrail_command_write(struct file *file, const char __user *buf,
+ size_t datalen, loff_t *ppos)
+{
+ return -EINVAL;
+}
+
+static const struct file_operations audittrail_command_ops = {
+ .open = audittrail_command_open,
+ .write = audittrail_command_write,
+};
+
+static int audittrail_buffer_open(struct inode * inode, struct file *file)
+{
+ return 0;
+}
+
+static ssize_t audittrail_buffer_read(struct file *file,
+ char __user *buf,
+ size_t datalen, loff_t *ppos)
+{
+ return -EINVAL;
+}
+
+static ssize_t audittrail_buffer_write(struct file *file,
+ const char __user *buf,
+ size_t datalen, loff_t *ppos)
+{
+ return -EINVAL;
+}
+
+static int audittrail_buffer_release(struct inode *inode, struct file *file)
+{
+ return 0;
+}
+
+static const struct file_operations audittrail_buffer_ops = {
+ .open = audittrail_buffer_open,
+ .read = audittrail_buffer_read,
+ .write = audittrail_buffer_write,
+ .release = audittrail_buffer_release,
+};
+
+
+int audittrail_dir_create(void)
+{
+ audittrail_dir = securityfs_create_dir("audittrail", NULL);
+ if (IS_ERR(audittrail_dir))
+ goto err;
+
+ audittrail_command =
+ securityfs_create_file("command",
+ S_IWUSR | S_IWGRP, audittrail_dir, NULL,
+ &audittrail_command_ops);
+ if (IS_ERR(audittrail_command))
+ goto err;
+
+ audittrail_buffer =
+ securityfs_create_file("buffer",
+ S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP,
+ audittrail_dir, NULL,
+ &audittrail_buffer_ops);
+ if (IS_ERR(audittrail_buffer))
+ goto err;
+
+ return 0;
+
+err:
+ audittrail_dir_destroy();
+ return -1;
+}
+
+void audittrail_dir_destroy(void)
+{
+ securityfs_remove(audittrail_buffer);
+ securityfs_remove(audittrail_command);
+ securityfs_remove(audittrail_dir);
+}
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ */
+#ifndef __AUDITTRAIL_DIR_H__
+#define __AUDITTRAIL_DIR_H__
+
+int audittrail_dir_create(void);
+void audittrail_dir_destroy(void);
+
+#endif //! __AUDITTRAIL_DIR_H__
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ */
+#ifndef __AUDITTRAIL_LOG_H__
+#define __AUDITTRAIL_LOG_H__
+
+#include <linux/printk.h>
+
+#define LOG_TAG "audit-trail: "
+
+#define FMT(fmt) fmt
+#define AUDITTRAIL_ERROR(fmt, ...) \
+ printk(KERN_ERR LOG_TAG FMT(fmt), ##__VA_ARGS__)
+#define AUDITTRAIL_WARN(fmt, ...) \
+ printk(KERN_WARNING LOG_TAG FMT(fmt), ##__VA_ARGS__)
+#define AUDITTRAIL_INFO(fmt, ...) \
+ printk(KERN_INFO LOG_TAG FMT(fmt), ##__VA_ARGS__)
+
+#endif //! __AUDITTRAIL_LOG_H__
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ */
+#include <linux/module.h>
+
+#include "log.h"
+#include "dir.h"
+
+int audittrail_init(void)
+{
+ AUDITTRAIL_INFO("loaded");
+
+ if (audittrail_dir_create() != 0) {
+ AUDITTRAIL_ERROR("failed to create auditfs");
+ return -1;
+ }
+
+ AUDITTRAIL_INFO("auditfs ready");
+
+ return 0;
+}
+
+void audittrail_exit(void)
+{
+ audittrail_dir_destroy();
+
+ AUDITTRAIL_INFO("unloaded");
+}
+
+module_init(audittrail_init);
+module_exit(audittrail_exit);
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Sungbae Yoo");
Name: audit-trail
Version: 0.0.1
Release: 0
-License: GPL
+License: Apache-2.0
Source0: file://%{name}-%{version}.tar.gz
-Summary: Tizen device encryption and secure erase manager
+Summary: Tizen audit daemon
Group: System/Kernel
BuildRequires: gcc
-BuildRequires: make
BuildRequires: cmake
-BuildRequires: binutils-devel
-BuildRequires: module-init-tools
-BuildRequires: kernel-devel-tizen-dev
+BuildRequires: pkgconfig(klay)
+BuildRequires: pkgconfig(cynara-client)
%define kernel_dev_path /boot/kernel/devel/tizen-devel
#%define kernel_mod_path /boot/kernel/mod_tizen_tm1
%define kernel_mod_path /lib
%description
-The audit-trail-kernel package provides a kernel module which is responsible for trailing security logs of auditing.
+The audit-trail package provides a daemon which is responsible for trailing security logs of auditing.
%files
%manifest audit-trail.manifest
%defattr(644,root,root,755)
-%{kernel_mod_path}/*
+%attr(755,root,root) %{_bindir}/audit-trail-daemon
+%{_unitdir}/audit-trail.service
+%{_unitdir}/multi-user.target.wants/audit-trail.service
+%attr(700,root,root) %{_sbindir}/audit-trail-admin-cli
%prep
%setup -q
%build
+%{!?build_type:%define build_type "RELEASE"}
+
+%if %{build_type} == "DEBUG" || %{build_type} == "PROFILING" || %{build_type} == "CCOV"
+ CFLAGS="$CFLAGS -Wp,-U_FORTIFY_SOURCE"
+ CXXFLAGS="$CXXFLAGS -Wp,-U_FORTIFY_SOURCE"
+%endif
+
+%cmake . -DVERSION=%{version} \
+ -DCMAKE_BUILD_TYPE=%{build_type} \
+ -DRUN_DIR=%{TZ_SYS_RUN} \
+ -DBIN_DIR=%{TZ_SYS_BIN} \
+ -DSYSTEMD_UNIT_DIR=%{_unitdir}
+
+cd module
make %{?jobs:-j%jobs} KERNEL_DEV_PATH=%{kernel_dev_path}
%install
+%make_install
+mkdir -p %{buildroot}/%{_unitdir}/multi-user.target.wants
+ln -s ../audit-trail.service %{buildroot}/%{_unitdir}/multi-user.target.wants/audit-trail.service
+
+cd module
mkdir -p %{buildroot}%{kernel_mod_path}
make %{?jobs:-j%jobs} KERNEL_DEV_PATH=%{kernel_dev_path} KERNEL_MOD_PATH=%{buildroot}%{kernel_mod_path} install
%clean
+cd module
make %{?jobs:-j%jobs} KERNEL_DEV_PATH=%{kernel_dev_path} clean
+
rm -rf %{buildroot}
%postun
+
+## Audit Trail Client Package ################################################
+%package -n libaudit-trail
+Summary: Library for Tizen audit daemon
+Group: Security/Libraries
+BuildRequires: pkgconfig(libtzplatform-config)
+Requires: %{name} = %{version}-%{release}
+Requires(post): /sbin/ldconfig
+Requires(postun): /sbin/ldconfig
+
+%description -n libaudit-trail
+The libaudit-trail package contains the libraries needed to get the logs that are collected by audit daemon
+
+%post -n libaudit-trail -p /sbin/ldconfig
+
+%postun -n libaudit-trail -p /sbin/ldconfig
+
+%files -n libaudit-trail
+%manifest audit-trail.manifest
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libdir}/libaudit-trail.so.%{version}
+%{_libdir}/libaudit-trail.so.0
+
+## Devel Package #############################################################
+%package -n libaudit-trail-devel
+Summary: Libraries and header files for device encryption client development
+Group: Development/Libraries
+Requires: libaudit-trail = %{version}-%{release}
+
+%description -n libaudit-trail-devel
+The libaudit-trail-devel package includes the libraries and header files necessary for developing auditing
+
+%files -n libaudit-trail-devel
+%manifest audit-trail.manifest
+%defattr(644,root,root,755)
+%{_libdir}/libaudit-trail.so
+%{_includedir}/audit-trail
+%{_libdir}/pkgconfig/audit-trail.pc
+
+## Kernel module Package #####################################################
+%package -n audit-trail-kernel-module-3.10-sc7730
+License: GPL
+Summary: Linux support headers for userspace development
+Group: System/Kernel
+Provides: audit-trail-kernel-module
+BuildRequires: gcc
+BuildRequires: make
+BuildRequires: cmake
+BuildRequires: binutils-devel
+BuildRequires: module-init-tools
+BuildRequires: kernel-devel-3.10-sc7730
+
+%description -n audit-trail-kernel-module-3.10-sc7730
+The audit-trail-kernel package provides a kernel module which is responsible for trailing security logs of auditing.
+
+%files -n audit-trail-kernel-module-3.10-sc7730
+%manifest audit-trail.manifest
+%defattr(644,root,root,755)
+%{kernel_mod_path}/*
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __AUDIT_TRAIL_LOGGER_H__
+#define __AUDIT_TRAIL_LOGGER_H__
+
+#include "context.h"
+
+namespace AuditTrail {
+
+/**
+ * This class provides APIs to receive the logs
+ */
+
+class Smack final {
+public:
+ Smack(AuditTrailControlContext& ctxt);
+ ~Smack();
+
+ int createIterator();
+ std::string getIteratorValue(int iterator);
+ bool nextIterator(int iterator);
+ int destroyIterator(int iterator);
+
+ int clear();
+
+private:
+ AuditTrailControlContext& context;
+};
+
+} // namespace AuditTrail
+#endif // __AUDIT_TRAIL_LOGGER_H__
--- /dev/null
+#
+# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+SET(SERVER_SRCS main.cpp
+ server.cpp
+ smack.cpp
+)
+
+SET(DEPENDENCY klay
+ cynara-client
+)
+
+SET(SERVER_NAME ${PROJECT_NAME}-daemon)
+
+ADD_EXECUTABLE(${SERVER_NAME} ${SERVER_SRCS})
+
+PKG_CHECK_MODULES(SERVER_DEPS REQUIRED ${DEPENDENCY})
+
+INCLUDE_DIRECTORIES(SYSTEM ${SERVER_DEPS_INCLUDE_DIRS} ${AUDIT_TRAIL_SERVER} ${PROJECT_SOURCE_DIR})
+
+TARGET_LINK_LIBRARIES(${SERVER_NAME} ${SERVER_DEPS_LIBRARIES} pthread)
+
+SET_TARGET_PROPERTIES(${SERVER_NAME} PROPERTIES COMPILE_FLAGS "-fPIE")
+SET_TARGET_PROPERTIES(${SERVER_NAME} PROPERTIES LINK_FLAGS "-pie")
+
+TARGET_COMPILE_DEFINITIONS(${SERVER_NAME} PRIVATE
+ RUN_PATH="${RUN_DIR}"
+)
+
+CONFIGURE_FILE(systemd/${PROJECT_NAME}.service.in systemd/${PROJECT_NAME}.service)
+
+INSTALL(TARGETS ${SERVER_NAME} DESTINATION ${BIN_DIR})
+INSTALL(FILES systemd/${PROJECT_NAME}.service DESTINATION ${SYSTEMD_UNIT_DIR})
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __AUDIT_TRAIL_CONTEXT_H__
+#define __AUDIT_TRAIL_CONTEXT_H__
+
+#include "server.h"
+
+using AuditTrailControlContext = Server;
+
+#endif //__AUDIT_TRAIL_CONTEXT_H__
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <getopt.h>
+#include <stdlib.h>
+#include <signal.h>
+
+#include <iostream>
+#include <stdexcept>
+
+#include "server.h"
+
+void signalHandler(int signum)
+{
+ exit(0);
+}
+
+int main(int argc, char *argv[])
+{
+ ::signal(SIGINT, signalHandler);
+
+ ::umask(0);
+
+ try {
+ Server server;
+ server.run();
+ } catch (std::exception &e) {
+ std::cerr << e.what() << std::endl;
+ return 1;
+ }
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <unistd.h>
+
+#include <cynara-client.h>
+#include <cynara-session.h>
+
+#include "rmi/smack.h"
+
+#include "server.h"
+
+using namespace std::placeholders;
+
+namespace {
+
+const std::string AUDIT_RAIL_MANAGER_ADDRESS = "/tmp/.audit-trail.sock";
+
+std::unique_ptr<AuditTrail::Smack> smack;
+
+} // namespace
+
+Server::Server()
+{
+ service.reset(new rmi::Service(AUDIT_RAIL_MANAGER_ADDRESS));
+
+ service->setPrivilegeChecker(std::bind(&Server::checkPeerPrivilege, this, _1, _2));
+
+ service->expose(this, "", (runtime::FileDescriptor)(Server::registerNotificationSubscriber)(std::string));
+ service->expose(this, "", (int)(Server::unregisterNotificationSubscriber)(std::string, int));
+
+ smack.reset(new AuditTrail::Smack(*this));
+
+ audit.setPID(::getpid());
+ audit.setEnabled(1);
+ audit.setMainloop(&service->mainloop);
+ audit.setMessageHandler([this] (netlink::Audit::Message &msg) {
+ auto it = this->auditHandlers.find(msg.first);
+ if (it != this->auditHandlers.end()) {
+ it->second(msg.second);
+ }
+ });
+}
+
+Server::~Server()
+{
+}
+
+void Server::run()
+{
+ // Prepare execution environment
+ service->start(true);
+}
+
+void Server::terminate()
+{
+ service->stop();
+}
+
+bool Server::checkPeerPrivilege(const rmi::Credentials& cred, const std::string& privilege)
+{
+ cynara *p_cynara;
+
+ if (privilege.empty()) {
+ return true;
+ }
+
+ if (::cynara_initialize(&p_cynara, NULL) != CYNARA_API_SUCCESS) {
+ ERROR("Failure in cynara API");
+ return false;
+ }
+
+ if (::cynara_check(p_cynara, cred.security.c_str(), "",
+ std::to_string(cred.uid).c_str(),
+ privilege.c_str()) != CYNARA_API_ACCESS_ALLOWED) {
+ ::cynara_finish(p_cynara);
+ ERROR("Access denied: " + cred.security + " : " + privilege);
+ return false;
+ }
+
+ ::cynara_finish(p_cynara);
+
+ return true;
+}
+
+runtime::FileDescriptor Server::registerNotificationSubscriber(const std::string& name)
+{
+ INFO("registerNotificationSubscriber");
+ INFO(name);
+ return runtime::FileDescriptor(service->subscribeNotification(name), true);
+}
+
+int Server::unregisterNotificationSubscriber(const std::string& name, int id)
+{
+ return service->unsubscribeNotification(name, id);
+}
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __AUDIT_TRAIL_SERVER_H__
+#define __AUDIT_TRAIL_SERVER_H__
+
+#include <string>
+#include <memory>
+
+#include <klay/filesystem.h>
+#include <klay/netlink/audit.h>
+#include <klay/file-descriptor.h>
+#include <klay/rmi/service.h>
+
+class Server final {
+public:
+ typedef std::function<void(std::vector<char>&)> AuditHandler;
+
+ Server();
+ ~Server();
+
+ void run();
+ void terminate();
+
+ template<typename Type, typename... Args>
+ void setMethodHandler(const std::string& privilege, const std::string& method,
+ const typename rmi::MethodHandler<Type, Args...>::type& handler)
+ {
+ service->setMethodHandler<Type, Args...>(privilege, method, handler);
+ }
+
+ template <typename... Args>
+ void notify(const std::string& name, Args&&... args)
+ {
+ service->notify<Args...>(name, std::forward<Args>(args)...);
+ }
+
+ uid_t getPeerUid() const
+ {
+ return service->getPeerUid();
+ }
+
+ gid_t getPeerGid() const
+ {
+ return service->getPeerGid();
+ }
+
+ pid_t getPeerPid() const
+ {
+ return service->getPeerPid();
+ }
+
+ bool checkPeerPrivilege(const rmi::Credentials& cred, const std::string& privilege);
+
+
+ void createNotification(const std::string& name)
+ {
+ service->createNotification(name);
+ }
+
+ runtime::FileDescriptor registerNotificationSubscriber(const std::string& name);
+ int unregisterNotificationSubscriber(const std::string& name, int id);
+
+ void setAuditHandler(const int type, AuditHandler&& handler) {
+ auditHandlers.insert({type, handler});
+ }
+
+private:
+ netlink::Audit audit;
+ std::string securityLabel;
+ std::unique_ptr<rmi::Service> service;
+ std::unordered_map<int, AuditHandler> auditHandlers;
+};
+
+#endif //__AUDIT_TRAIL_SERVER_H__
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <fstream>
+
+#include <unistd.h>
+
+#include "rmi/smack.h"
+
+#define PRIVILEGE_PLATFORM "http://tizen.org/privilege/internal/default/platform"
+
+namespace AuditTrail {
+
+namespace {
+
+std::vector<std::string> smackLogs;
+
+std::unordered_map<int, unsigned long long> iteratorMap;
+int newIteratorId = 0;
+
+} // namespace
+
+
+Smack::Smack(AuditTrailControlContext &ctx) :
+ context(ctx)
+{
+ context.expose(this, "", (int)(Smack::createIterator)());
+ context.expose(this, "", (std::string)(Smack::getIteratorValue)(int));
+ context.expose(this, "", (bool)(Smack::nextIterator)(int));
+ context.expose(this, "", (int)(Smack::destroyIterator)(int));
+ context.expose(this, "", (int)(Smack::clear)());
+
+ context.createNotification("Smack");
+
+ context.setAuditHandler(AUDIT_AVC, [&ctx] (std::vector<char> &buf) {
+ std::string log(buf.begin(), buf.end());
+ smackLogs.push_back(log);
+ ctx.notify("Smack", log);
+ });
+}
+
+Smack::~Smack()
+{
+}
+
+int Smack::createIterator()
+{
+ int iteratorId = -1;
+ try {
+ iteratorMap.erase(newIteratorId);
+ iteratorMap.insert({newIteratorId, 0});
+
+ if (++newIteratorId < 0) {
+ newIteratorId = 0;
+ }
+ } catch (runtime::Exception& e) {
+ ERROR("Failed to retrieve package info installed in the krate");
+ }
+ return iteratorId;
+}
+
+std::string Smack::getIteratorValue(int iterator)
+{
+ auto it = iteratorMap.find(iterator);
+ if (it == iteratorMap.end()) {
+ return "";
+ }
+
+ if (it->second >= smackLogs.size()) {
+ return "";
+ }
+
+ return smackLogs[it->second];
+}
+
+bool Smack::nextIterator(int iterator)
+{
+ auto it = iteratorMap.find(iterator);
+ if (it != iteratorMap.end()) {
+ if (it->second + 1 < smackLogs.size()) {
+ it->second++;
+ return true;
+ }
+ }
+ return false;
+}
+
+int Smack::destroyIterator(int iterator)
+{
+ auto it = iteratorMap.find(iterator);
+ if (it != iteratorMap.end()) {
+ iteratorMap.erase(it);
+ return 0;
+ }
+ return -1;
+}
+
+int Smack::clear()
+{
+ smackLogs.clear();
+ return 0;
+}
+
+} // namespace AuditTrail
--- /dev/null
+[Unit]
+Description=@PROJECT_NAME@ daemon
+
+[Service]
+Type=simple
+SmackProcessLabel=System
+ExecStart=@BIN_DIR@/@PROJECT_NAME@-daemon
+Restart=on-failure
+ExecReload=/bin/kill -HUP $MAINPID
+CapabilityBoundingSet=~CAP_MAC_ADMIN
+CapabilityBoundingSet=~CAP_MAC_OVERRIDE
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+#
+# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+SET(AUDIT_TRAIL_CLI ${AUDIT_TRAIL_TOOLS}/cli)
+
+ADD_SUBDIRECTORY(${AUDIT_TRAIL_CLI})
--- /dev/null
+#
+# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+FILE(GLOB CLI_SRCS audit-trail-admin-cli.cpp
+)
+
+SET(CLI_NAME ${PROJECT_NAME}-admin-cli)
+
+ADD_EXECUTABLE(${CLI_NAME} ${CLI_SRCS})
+SET_TARGET_PROPERTIES(${CLI_NAME} PROPERTIES PREFIX ""
+ COMPILE_FLAGS "-fPIE"
+ LINK_FLAGS "-pie"
+)
+
+PKG_CHECK_MODULES(CLI_DEPS REQUIRED
+ klay
+)
+
+INCLUDE_DIRECTORIES(SYSTEM ${CLI_DEPS_INCLUDE_DIRS} ${AUDIT_TRAIL_LIB})
+TARGET_LINK_LIBRARIES(${CLI_NAME} ${CLI_DEPS_LIBRARIES} ${PROJECT_NAME} audit-trail)
+
+INSTALL(TARGETS ${CLI_NAME} DESTINATION sbin)
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+/**
+ * @file
+ * @brief CLI tool to encrypt/decrypt storage and secure erase
+ */
+#include <glib.h>
+#include <unistd.h>
+#include <getopt.h>
+#include <termios.h>
+
+#include <mutex>
+#include <string>
+#include <vector>
+#include <iostream>
+
+#include <audit-trail/smack.h>
+#include <audit-trail/audit-trail.h>
+
+GMainLoop *gmainloop = NULL;
+extern char** environ;
+
+static inline int usage(const std::string name)
+{
+ std::cout << "Usage: " << name << " [Option]" << std::endl
+ << std::endl
+ << "Options :" << std::endl
+ << " -s, --smack show the audit logs" << std::endl
+ << " -c, --clear clear the audit logs" << std::endl
+ << " -m, --monitor monitor all audit logs" << std::endl
+ << " -h, --help show this" << std::endl
+ << std::endl;
+
+ return -1;
+}
+
+int showSmackLog()
+{
+ return 0;
+}
+
+int clearLog(const std::string type)
+{
+ return 0;
+}
+void monitorSigHandler(int sig)
+{
+ g_main_loop_quit(gmainloop);
+}
+
+void smackCallback(const char* log, void *user_data)
+{
+ std::cout << "SMACK - " << log << std::endl;
+}
+
+int monitorLog()
+{
+ int smackCbId;
+ audit_trail_h auditTrail;
+ audit_trail_create(&auditTrail);
+
+ audit_trail_add_smack_cb(auditTrail, smackCallback, NULL, &smackCbId);
+
+ std::cout << "=== Monitoring start ===" << std::endl << std::endl;
+
+ signal(SIGINT, monitorSigHandler);
+
+ gmainloop = g_main_loop_new(NULL, FALSE);
+ g_main_loop_run(gmainloop);
+ g_main_loop_unref(gmainloop);
+
+ audit_trail_remove_smack_cb(auditTrail, smackCbId);
+
+ std::cout << std::endl << "=== Monitoring end ===" << std::endl;
+
+ audit_trail_destroy(auditTrail);
+
+ return 0;
+}
+
+
+int main(int argc, char* argv[])
+{
+ int opt = 0, index, ret = 0;
+
+ struct option options[] = {
+ {"help", no_argument, 0, 'h'},
+ {"smack", no_argument, 0, 's'},
+ {"clear", required_argument, 0, 'c'},
+ {"monitor", no_argument, 0, 'm'},
+ {0, 0, 0, 0}
+ };
+
+ if (argc <= 1) {
+ usage(argv[0]);
+ return EXIT_SUCCESS;
+ }
+
+ while ((opt = getopt_long(argc, argv, "sc:mh", options, &index)) != -1) {
+ switch (opt) {
+ case 's':
+ ret = showSmackLog();
+ break;
+ case 'c':
+ ret = clearLog(optarg);
+ break;
+ case 'm':
+ ret = monitorLog();
+ break;
+ case 'h':
+ default:
+ usage(argv[0]);
+ }
+ }
+
+ return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+}
projects / platform / core / security / audit-trail.git / commitdiff