Add parsing of ppid of subject in systemlog

Change-Id: I2cdddbeb0dac73c7b0adf47eb7af6d918e31603c
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>

diff --git a/common/audit/audit-system-log.cpp b/common/audit/audit-system-log.cpp
index c71e89e268e6f2cbbc868e3eb4ffddaae0e51a43..1bf8efb7c6c676d955d8096c19de163444eb9db4 100644 (file)
--- a/common/audit/audit-system-log.cpp
+++ b/common/audit/audit-system-log.cpp
@@ -108,6 +108,8 @@ void AuditLogBuilder<AuditSystemLog>::addMessage(int type, const std::string &lo
                                        instance.subject.egid = std::stoul(value);
                                } else if (name == "pid") {
                                        instance.subject.pid = std::stoul(value);
+                               } else if (name == "ppid") {
+                                       instance.subject.ppid = std::stoul(value);
                                } else if (name == "exe") {
                                        instance.subject.name = value;
                                } else if (name == "subj") {

diff --git a/common/audit/audit-system-log.h b/common/audit/audit-system-log.h
index 5c5178f01353b0c44af05d9ccb1fcef9946f4672..8b390e12c21a7d0703442051fbf2bf4f0c1285b4 100644 (file)
--- a/common/audit/audit-system-log.h
+++ b/common/audit/audit-system-log.h
@@ -40,6 +40,7 @@ struct AuditSystemLog final {
                std::string label;
                std::string name;
                pid_t pid = UINT_MAX;
+               pid_t ppid = UINT_MAX;
        } subject;
 
        struct {

diff --git a/lib/audit-trail/system-log.cpp b/lib/audit-trail/system-log.cpp
index 3aa63e75019a925b10476866e2e4c979f099f442..7ef310d247c1c74558f7cfa9bef216e76a459ad8 100644 (file)
--- a/lib/audit-trail/system-log.cpp
+++ b/lib/audit-trail/system-log.cpp
@@ -113,6 +113,17 @@ int audit_system_log_get_subject_pid(audit_system_log_h handle, pid_t *pid)
        return AUDIT_TRAIL_ERROR_NONE;
 }
 
+int audit_system_log_get_subject_ppid(audit_system_log_h handle, pid_t *ppid)
+{
+       RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+       RET_ON_FAILURE(ppid, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+       const auto &log = GetSystemLog(handle).log;
+       *ppid = log.subject.ppid;
+
+       return AUDIT_TRAIL_ERROR_NONE;
+}
+
 int audit_system_log_get_subject_smack_label(audit_system_log_h handle,
                                                                                                char **label)
 {

diff --git a/lib/audit-trail/system-log.h b/lib/audit-trail/system-log.h
index 61de6811d025f6dc21416d081ab4f6d2eec5fd2c..f647881b61626d4622b6cac0150c16b2e8532513 100644 (file)
--- a/lib/audit-trail/system-log.h
+++ b/lib/audit-trail/system-log.h
@@ -128,6 +128,20 @@ AUDIT_TRAIL_API int audit_system_log_get_subject_effective_owner(audit_system_lo
  */
 AUDIT_TRAIL_API int audit_system_log_get_subject_pid(audit_system_log_h handle, pid_t *pid);
 
+/**
+ * @brief       Get the subject parent process ID from the system audit log
+ * @details     This API can be used to get the subject parent process ID in
+ *              each system audit logs.
+ * @since_tizen 5.0
+ * @param[in]   handle The system audit log handle
+ * @param[out]  ppid The subject parent process ID
+ * @return      #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval      #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval      #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval      #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_system_log_get_subject_ppid(audit_system_log_h handle, pid_t *ppid);
+
 /**
  * @brief       Get the subject smack label from the system audit log
  * @details     This API can be used to get the subject smack label in

diff --git a/rmi/log-management.h b/rmi/log-management.h
index c675384ba27429b2ee61be3245fd2741c82140f5..8bfd876060c025aec38a60dc9dbc60bbb0c1d4e8 100644 (file)
--- a/rmi/log-management.h
+++ b/rmi/log-management.h
@@ -30,7 +30,8 @@ struct SystemLog {
                                log.time.time, log.time.millisec,
                                log.subject.uid, log.subject.euid,
                                log.subject.gid, log.subject.egid,
-                               log.subject.label, log.subject.name, log.subject.pid,
+                               log.subject.label, log.subject.name,
+                               log.subject.pid, log.subject.ppid,
                                log.object.type, log.object.uid, log.object.gid,
                                log.object.mode, log.object.label,
                                log.object.name, log.object.socketAddr,

diff --git a/tools/cli/audit-trail-admin-cli.cpp b/tools/cli/audit-trail-admin-cli.cpp
index c71d4dba85a04f33aaec0b447d71f0ed4fb3fac8..1bfc42480ccc3d267a0d3948608620569ef78621 100644 (file)
--- a/tools/cli/audit-trail-admin-cli.cpp
+++ b/tools/cli/audit-trail-admin-cli.cpp
@@ -138,7 +138,7 @@ std::string printSystemLog(audit_system_log_h log)
                char *sub_name, *sub_label;
                uid_t sub_uid, sub_euid;
                gid_t sub_gid, sub_egid;
-               pid_t sub_pid;
+               pid_t sub_pid, sub_ppid;
 
                audit_system_log_get_subject_name(log, &sub_name);
                str << "name=" << sub_name;
@@ -155,6 +155,9 @@ std::string printSystemLog(audit_system_log_h log)
                audit_system_log_get_subject_pid(log, &sub_pid);
                str << ",pid=" << sub_pid;
 
+               audit_system_log_get_subject_ppid(log, &sub_ppid);
+               str << ",ppid=" << sub_ppid;
+
                ::free(sub_name);
                ::free(sub_label);
        }