class name : public Field<int> { \
public: \
name() : Field(FieldType::name) {} \
- name(int value) : Field(FieldType::name) { \
- _op = static_cast<unsigned int>(Operator::Equal); \
- _value = value; \
+ name(int value) : Field(FieldType::name, Operator::Equal, value) {\
} \
};
class name : public Field<std::string> { \
public: \
name() : Field(FieldType::name) {} \
- name(std::string value) : Field(FieldType::name) { \
- _op = static_cast<unsigned int>(Operator::Equal); \
- _value = value; \
+ name(std::string value) : Field(FieldType::name, Operator::Equal, value) { \
} \
};
};
enum class Operator : unsigned int {
+ Default = AUDIT_OPERATORS,
Equal = AUDIT_EQUAL,
NotEqual = AUDIT_NOT_EQUAL,
LessThan = AUDIT_LESS_THAN,
class FieldBase {
public:
virtual void emit(std::vector<char> &rule) const = 0;
- virtual unsigned int type() const = 0;
+ virtual FieldType type() const = 0;
+ virtual Operator op() const = 0;
- static bool isString(unsigned int type)
+ static bool isString(FieldType type)
{
- FieldType ftype = static_cast<FieldType>(type);
- return (ftype == FieldType::Tag) ||
- (ftype == FieldType::WatchPath) ||
- (ftype == FieldType::WatchDir) ||
- (ftype == FieldType::Arch) ||
- (ftype >= FieldType::SubjectUser && ftype <= FieldType::ObjectLevHigh);
+ return (type == FieldType::Tag) ||
+ (type == FieldType::WatchPath) ||
+ (type == FieldType::WatchDir) ||
+ (type == FieldType::Arch) ||
+ (type >= FieldType::SubjectUser && type <= FieldType::ObjectLevHigh);
}
};
using RuleData = struct audit_rule_data;
Field(FieldType type)
- : _type(static_cast<unsigned int>(type)),
- _op(0), _value()
+ : _type(type), _op(Operator::Default), _value()
{
}
/* TODO: to be removed below constructor */
- Field(unsigned int type, unsigned int op, T value)
+ Field(FieldType type, Operator op, T value)
: _type(type), _op(op), _value(value)
{
if (FieldBase::isString(type) && std::is_same<int, T>::value)
{
}
- unsigned int type() const
+ FieldType type() const
{
return _type;
}
+ Operator op() const
+ {
+ return _op;
+ }
+
+ T value() const
+ {
+ return _value;
+ }
+
Field operator == (T value) {
return create(value, Operator::Equal);
}
void emit(std::vector<char> &rule) const {
auto r = reinterpret_cast<RuleData *>(rule.data());
- r->fields[r->field_count] = _type;
- r->fieldflags[r->field_count] = _op;
+ r->fields[r->field_count] = static_cast<unsigned int>(_type);
+ r->fieldflags[r->field_count] = static_cast<unsigned int>(_op);
emitValue(rule, _value);
}
private:
Field create(T value, Operator op) {
- _op = static_cast<unsigned int>(op);
+ _op = op;
_value = value;
return *this;
}
}
protected:
- unsigned int _type;
- unsigned int _op;
+ FieldType _type;
+ Operator _op;
T _value;
};
void Rule::set(Action action)
{
- ruleData()->action = underlying_t(action);
+ ruleData()->action = static_cast<unsigned int>(action);
}
void Rule::set(Filter filter)
{
- ruleData()->flags = underlying_t(filter);
+ ruleData()->flags = static_cast<unsigned int>(filter);
}
void Rule::setMask()
}
for (unsigned int i = 0; i < r->field_count; i++) {
- if (FieldBase::isString(r->fields[i])) {
+ if (FieldBase::isString(FieldType(r->fields[i]))) {
std::string value(ruleBuf, ruleBuf + r->values[i]);
- conditions[r->fields[i]].reset(new(std::nothrow) Field<std::string>(r->fields[i], r->fieldflags[i], value));
+ conditions[FieldType(r->fields[i])].reset(
+ new(std::nothrow) Field<std::string>(
+ FieldType(r->fields[i]), Operator(r->fieldflags[i]), value));
ruleBuf += r->values[i];
} else {
- conditions[r->fields[i]].reset(new(std::nothrow) Field<int>(r->fields[i], r->fieldflags[i], r->values[i]));
+ conditions[FieldType(r->fields[i])].reset(
+ new(std::nothrow) Field<int>(
+ FieldType(r->fields[i]), Operator(r->fieldflags[i]), r->values[i]));
}
}
}
#include <map>
#include <memory>
+#include <type_traits>
#include <linux/audit.h>
#include <klay/error.h>
void setCondition(const Field<T> &field);
template <typename T>
void unsetCondition(const Field<T> &field);
+ template <typename T>
+ void getConditionValue(FieldType type, T &ret);
void setMask();
void setMask(unsigned int syscall);
void set(Action action);
void set(Filter filter);
-private:
- template <typename E>
- constexpr typename std::underlying_type<E>::type underlying_t(E value) noexcept
- {
- return static_cast<typename std::underlying_type<E>::type>(value);
- }
+protected:
+ std::map<FieldType, std::shared_ptr<FieldBase>> conditions;
+private:
RuleData *ruleData()
{
return reinterpret_cast<RuleData*>(buf.data());
private:
RuleType _type;
std::vector<char> buf;
- std::map<unsigned int, std::shared_ptr<FieldBase>> conditions;
};
template <typename T>
conditions.erase(field.type());
}
+template <typename T>
+void Rule::getConditionValue(FieldType type, T &ret)
+{
+ auto condition = conditions[type].get();
+ if (condition == nullptr) {
+ //INFO("Condition isn't exist");
+ return;
+ }
+
+ if (!FieldBase::isString(type)
+ && std::is_same<std::string, T>::value) {
+ //INFO("Invalid field value type");
+ return;
+ }
+ Field<T> *field = reinterpret_cast<Field<T>*>(condition);
+ ret = field->value();
+}
+
#endif /*__AUDIT_RULE_H__*/
RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
try {
- GetAuditRule(handle).setCondition(Field<int>{field, op, (int)(intptr_t)value});
+ GetAuditRule(handle).setCondition(
+ Field<int>{FieldType(field), Operator(op), (int)(intptr_t)value});
return AUDIT_TRAIL_ERROR_NONE;
} catch (std::exception &e) {}
try {
- GetAuditRule(handle).setCondition(Field<std::string>{field, op, (char *)value});
+ GetAuditRule(handle).setCondition(
+ Field<std::string>{FieldType(field), Operator(op), (char *)value});
return AUDIT_TRAIL_ERROR_NONE;
} catch (std::exception &e) {}
RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
try {
- GetAuditRule(handle).unsetCondition(Field<int>{field, op, (int)(intptr_t)value});
+ GetAuditRule(handle).unsetCondition(
+ Field<int>{FieldType(field), Operator(op), (int)(intptr_t)value});
return AUDIT_TRAIL_ERROR_NONE;
} catch (std::exception &e) {}
try {
- GetAuditRule(handle).unsetCondition(Field<std::string>{field, op, (char *)value});
+ GetAuditRule(handle).unsetCondition(
+ Field<std::string>{FieldType(field), Operator(op), (char *)value});
return AUDIT_TRAIL_ERROR_NONE;
} catch (std::exception &e) {}
char *tmp = r->buf;
for (unsigned int i = 0; i < r->field_count; i++) {
- if (FieldBase::isString(r->fields[i])) {
+ if (FieldBase::isString(FieldType(r->fields[i]))) {
std::string value(tmp, tmp + r->values[i]);
callback(r->fields[i], r->fieldflags[i],
(void*)(value.c_str()), user_data);
projects / platform / core / security / audit-trail.git / commitdiff