From: Sungbae Yoo Date: Tue, 10 Oct 2017 06:41:59 +0000 (+0900) Subject: Add APIs to handle audit messages from userspace X-Git-Tag: submit/tizen/20171212.052346~2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=123d98a9a7ccdf7b422089ae2ca11d86b05c339c;p=platform%2Fcore%2Fsecurity%2Faudit-trail.git Add APIs to handle audit messages from userspace Signed-off-by: Sungbae Yoo Change-Id: I8b1cdf9064f87b42c47f558ffb1feb8a92afbd42 --- diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt index 05e9aa3..daa7e44 100755 --- a/lib/CMakeLists.txt +++ b/lib/CMakeLists.txt @@ -22,8 +22,10 @@ SET(SOURCES client.cpp discretionary-access-control.cpp mandatory-access-control.cpp system-call.cpp + user.cpp audit-trail/dac.cpp audit-trail/mac.cpp + audit-trail/user.cpp audit-trail/syscall.cpp audit-trail/audit-trail.cpp ) @@ -31,6 +33,7 @@ SET(SOURCES client.cpp SET(CAPI_INCLUDE_FILES audit-trail/common.h audit-trail/dac.h audit-trail/mac.h + audit-trail/user.h audit-trail/syscall.h audit-trail/audit-trail.h ) diff --git a/lib/audit-trail/syscall.h b/lib/audit-trail/syscall.h index 0f246f1..f8b6ed5 100644 --- a/lib/audit-trail/syscall.h +++ b/lib/audit-trail/syscall.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2075 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/lib/audit-trail/user.cpp b/lib/audit-trail/user.cpp new file mode 100644 index 0000000..f44db36 --- /dev/null +++ b/lib/audit-trail/user.cpp @@ -0,0 +1,148 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include + +#include "debug.h" +#include "user.h" + +#include "client.h" +#include "rmi/user.h" + +using namespace AuditTrail; + +int audit_trail_foreach_user(audit_trail_h handle, audit_trail_user_cb callback, void *user_data) +{ + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + + AuditTrailContext &client = GetAuditTrailContext(handle); + User user = client.createInterface(); + + int end = user.size(); + for (int i = 0; i < end; i++) { + auto log(user.get(i)); + if (log.log.type == 0) + callback(&log, user_data); + } + + return AUDIT_TRAIL_ERROR_NONE; +} + +int audit_trail_clear_user(audit_trail_h handle) +{ + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + + AuditTrailContext &client = GetAuditTrailContext(handle); + User user = client.createInterface(); + user.clear(); + + return AUDIT_TRAIL_ERROR_NONE; +} + +int audit_trail_add_user_cb(audit_trail_h handle, audit_trail_user_cb callback, void* user_data, int *id) +{ + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(id, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + + AuditTrailContext &client = GetAuditTrailContext(handle); + int ret = client.subscribeNotification("User", + [callback, user_data, &client] (std::string name, int position) + { + auto user = client.createInterface(); + auto log(user.get(position)); + callback(&log, user_data); + }); + if (ret < 0) + return AUDIT_TRAIL_ERROR_INVALID_PARAMETER; + + *id = ret; + return AUDIT_TRAIL_ERROR_NONE; +} + +int audit_trail_remove_user_cb(audit_trail_h handle, int callback_id) +{ + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(callback_id >= 0, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + + AuditTrailContext &client = GetAuditTrailContext(handle); + int ret = client.unsubscribeNotification(callback_id); + if (ret) + return AUDIT_TRAIL_ERROR_INVALID_PARAMETER; + + return AUDIT_TRAIL_ERROR_NONE; +} + +int audit_trail_enable_user(audit_trail_h handle, bool en) +{ + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + + AuditTrailContext &client = GetAuditTrailContext(handle); + auto user = client.createInterface(); + + int ret = user.enable(en); + if (ret) + return AUDIT_TRAIL_ERROR_INVALID_PARAMETER; + + return AUDIT_TRAIL_ERROR_NONE; +} + +int audit_trail_is_enabled_user(audit_trail_h handle, bool *en) +{ + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(en, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + + AuditTrailContext &client = GetAuditTrailContext(handle); + auto user = client.createInterface(); + *en = user.isEnabled(); + + return AUDIT_TRAIL_ERROR_NONE; +} + +int audit_trail_get_user_time(audit_trail_user_h handle, time_t *time, unsigned short *ms) +{ + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(time, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(ms, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + + const auto *pAudit = (User::AuditTrail*)handle; + *time = pAudit->time.time; + *ms = pAudit->time.millisec; + + return AUDIT_TRAIL_ERROR_NONE; +} + +int audit_trail_get_user_log_type(audit_trail_user_h handle, int *type) +{ + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(type, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + + const auto *pAudit = (User::AuditTrail*)handle; + *type = pAudit->log.type; + + return AUDIT_TRAIL_ERROR_NONE; +} + +int audit_trail_get_user_log_text(audit_trail_user_h handle, const char **text) +{ + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(text, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + + const auto *pAudit = (User::AuditTrail*)handle; + *text = pAudit->log.text.c_str(); + + return AUDIT_TRAIL_ERROR_NONE; +} diff --git a/lib/audit-trail/user.h b/lib/audit-trail/user.h new file mode 100644 index 0000000..6629001 --- /dev/null +++ b/lib/audit-trail/user.h @@ -0,0 +1,230 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __CAPI_AUDIT_TRAIL_USER_H__ +#define __CAPI_AUDIT_TRAIL_USER_H__ + +#include +#include + +#include + +/** + * @file user.h + * @brief This file provides APIs to get user space logs + */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @addtogroup User-space + * @{ + */ + +/** + * @brief The audit-trail user space log handle + * @details The audit-trail user space log handle is an abstraction of the user space log + * data. This can be used to get information of each log. + * This must be used in audit_trail_user_cb() and not be freed, + * because this will be freed internally. + * internally. + * @since_tizen 5.0 + * @see audit_trail_user_cb() + */ +typedef void* audit_trail_user_h; + +/** + * @brief Called to get all user space logs in an array + * @since_tizen 5.0 + * @param[in] handle The handle of each user space logs + * @param[in] user_data The user data passed from the function + * @see audit_trail_add_user_cb + * @see audit_trail_remove_user_cb + * @see audit_trail_foreach_user + */ +typedef void (*audit_trail_user_cb)(audit_trail_user_h handle, void* user_data); + +/** + * @brief Retrieves all user space logs that occured in system. + * @details This API calls audit_trail_user_cb() once for each system + * call logs collected by audit-trail when user auditing + * is enabled. + * @since_tizen 5.0 + * @param[in] handle The audit-trail handle + * @param[in] callback The iteration callback function + * @param[in] user_data The user data passed to the callback function + * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value + * @retval #AUDIT_TRAIL_ERROR_NONE Successful + * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out + * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter + * @pre The handle must be created by audit_trail_create(). + * @see audit_trail_create() + * @see audit_trail_destroy() + * @see audit_trail_enable_user() + */ +AUDIT_TRAIL_API int audit_trail_foreach_user(audit_trail_h handle, audit_trail_user_cb callback, void *user_data); + +/** + * @brief Clears all user space logs saved in audit-trail. + * @details This API removes all user space logs + * collected by audit-trail. + * @since_tizen 5.0 + * @param[in] handle The audit-trail handle + * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value + * @retval #AUDIT_TRAIL_ERROR_NONE Successful + * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out + * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter + * @pre The handle must be created by audit_trail_create(). + * @see audit_trail_create() + * @see audit_trail_destroy() + * @see audit_trail_foreach_user() + */ +AUDIT_TRAIL_API int audit_trail_clear_user(audit_trail_h handle); + +/** + * @brief Adds a user space log callback. + * @details This API can be used to receive user space logs of system. + * The callback specified to this function is automatically called + * when a new log occurs. + * @since_tizen 5.0 + * @param[in] context The audit_trail handle + * @param[in] callback The callback to get user space logs + * @param[in] user_data The user data passed to the callback function + * @param[out] id Callback identifier + * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value + * @retval #AUDIT_TRAIL_ERROR_NONE Successful + * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out + * @pre The handle must be created by audit_trail_create(). + * @pre System call auditing must be enabled by + * audit_trail_enable_user(). + * @see audit_trail_create() + * @see audit_trail_destroy() + * @see audit_trail_enable_user() + * @see audit_trail_remove_user_cb() + */ +AUDIT_TRAIL_API int audit_trail_add_user_cb(audit_trail_h handle, + audit_trail_user_cb callback, void* user_data, + int* id); + +/** + * @brief Removes the user space log callback. + * @details This API can be used to remove the user space logs callback. + * @since_tizen 5.0 + * @param[in] context The audit trail handle + * @param[in] id Callback identifier + * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value + * @retval #AUDIT_TRAIL_ERROR_NONE Successful + * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out + * @pre The context must be created by audit_trail_create(). + * @see audit_trail_create() + * @see audit_trail_destroy() + * @see audit_trail_add_user_cb() + */ +AUDIT_TRAIL_API int audit_trail_remove_user_cb(audit_trail_h handle, int id); + +/** + * @brief Enables user auditing. + * @details This API can be used to enable to collect the user space logs. + * Any user space log will not be collected until auditing is + * enabled + * @since_tizen 5.0 + * @param[in] handle The audit-trail handle + * @param[in] en True enables user auditing, Otherwise disables + * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value + * @retval #AUDIT_TRAIL_ERROR_NONE Successful + * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out + * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter + * @pre The handle must be created by audit_trail_create(). + * @see audit_trail_create() + * @see audit_trail_destroy() + * @see audit_trail_foreach_user() + * @see audit_trail_add_user_cb() + */ +AUDIT_TRAIL_API int audit_trail_enable_user(audit_trail_h handle, bool en); + +/** + * @brief Retrieves if user auditing is enabled. + * @details This API can be used to know if user auditing is + * enabled now. + * @since_tizen 5.0 + * @param[in] handle The audit-trail handle + * @param[out] en If true, user auditing was enabled, Otherwise disabled + * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value + * @retval #AUDIT_TRAIL_ERROR_NONE Successful + * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out + * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter + * @pre The handle must be created by audit_trail_create(). + * @see audit_trail_create() + * @see audit_trail_destroy() + */ +AUDIT_TRAIL_API int audit_trail_is_enabled_user(audit_trail_h handle, bool *en); + +/** + * @brief Get the time of the user space log + * @details This API can be used to get when the user space log occured. + * @since_tizen 5.0 + * @param[in] handle The audit-trail user space log handle + * @param[out] time The time as UNIX epoch timestamp + * @param[out] ms milliseconds of the time + * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value + * @retval #AUDIT_TRAIL_ERROR_NONE Successful + * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out + * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter + */ +AUDIT_TRAIL_API int audit_trail_get_user_time(audit_trail_user_h handle, time_t *time, unsigned short *ms); + +/** + * @brief Get the type number of the user space log + * @details This API can be used to get the exit codes returned by each + * user logs. + * @since_tizen 5.0 + * @param[in] handle The audit-trail user space log handle + * @param[out] type The type number + * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value + * @retval #AUDIT_TRAIL_ERROR_NONE Successful + * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out + * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter + */ +AUDIT_TRAIL_API int audit_trail_get_user_log_type(audit_trail_user_h handle, int *type); + +/** + * @brief Get the text of the user space log + * @details This API can be used to get the text data in each user space + * logs, which was not parsed. + * @since_tizen 5.0 + * @param[in] handle The audit-trail user space log handle + * @param[out] text The text data of log + * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value + * @retval #AUDIT_TRAIL_ERROR_NONE Successful + * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out + * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter + * @post The subject name must not be freed. + */ +AUDIT_TRAIL_API int audit_trail_get_user_log_text(audit_trail_user_h handle, const char **text); + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif /* __CAPI_AUDIT_TRAIL_USER_H__ */ diff --git a/lib/user.cpp b/lib/user.cpp new file mode 100644 index 0000000..931f21c --- /dev/null +++ b/lib/user.cpp @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include "rmi/user.h" + +namespace AuditTrail { + +User::User(AuditTrailControlContext& ctx) : + context(ctx) +{ +} + +User::~User() +{ +} + +User::AuditTrail User::get(unsigned int pos) +{ + try { + return context->methodCall("User::get", pos); + } catch (runtime::Exception& e) {} + return AuditTrail(); +} + +unsigned int User::size() +{ + try { + return context->methodCall("User::size"); + } catch (runtime::Exception& e) {} + return 0; +} + +int User::clear() +{ + try { + return context->methodCall("User::clear"); + } catch (runtime::Exception& e) {} + return -1; +} + +int User::enable(bool en) +{ + try { + return context->methodCall("User::enable", en); + } catch (runtime::Exception& e) {} + return -1; +} + +bool User::isEnabled() +{ + try { + return context->methodCall("User::isEnabled"); + } catch (runtime::Exception& e) {} + return false; +} + +} // namespace AuditTrail diff --git a/rmi/user.h b/rmi/user.h new file mode 100644 index 0000000..466502c --- /dev/null +++ b/rmi/user.h @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __AUDIT_TRAIL_USER_H__ +#define __AUDIT_TRAIL_USER_H__ + +#include "context.h" + +namespace AuditTrail { + +/** + * This class provides APIs to receive the logs + */ + +class User final { +public: + struct AuditTrail { + struct { + time_t time; + unsigned short millisec; + REFLECTABLE(time, millisec); + } time; + struct { + int type; + std::string text; + REFLECTABLE(type, text); + } log; + REFLECTABLE(time, log); + }; + + User(AuditTrailControlContext& ctxt); + ~User(); + + AuditTrail get(unsigned int pos); + unsigned int size(); + + int clear(); + + int enable(bool en); + bool isEnabled(); + +private: + AuditTrailControlContext& context; +}; + +} // namespace AuditTrail +#endif // __AUDIT_TRAIL_USER_H__ diff --git a/server/CMakeLists.txt b/server/CMakeLists.txt index ea4eb37..d87a495 100644 --- a/server/CMakeLists.txt +++ b/server/CMakeLists.txt @@ -15,6 +15,7 @@ # SET(SERVER_SRCS main.cpp server.cpp + user.cpp system-call.cpp mandatory-access-control.cpp discretionary-access-control.cpp diff --git a/server/server.cpp b/server/server.cpp index daf755b..f2fcdd0 100644 --- a/server/server.cpp +++ b/server/server.cpp @@ -21,6 +21,7 @@ #include "rmi/discretionary-access-control.h" #include "rmi/mandatory-access-control.h" #include "rmi/system-call.h" +#include "rmi/user.h" #include "server.h" @@ -33,6 +34,7 @@ const std::string AUDIT_RAIL_MANAGER_ADDRESS = "/tmp/.audit-trail.sock"; std::unique_ptr dac; std::unique_ptr mac; std::unique_ptr systemCall; +std::unique_ptr user; } // namespace @@ -57,6 +59,7 @@ Server::Server() dac.reset(new AuditTrail::DiscretionaryAccessControl(*this)); mac.reset(new AuditTrail::MandatoryAccessControl(*this)); systemCall.reset(new AuditTrail::SystemCall(*this)); + user.reset(new AuditTrail::User(*this)); } Server::~Server() diff --git a/server/user.cpp b/server/user.cpp new file mode 100644 index 0000000..f74786f --- /dev/null +++ b/server/user.cpp @@ -0,0 +1,126 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include + +#include + +#include "rmi/user.h" + +#define PRIVILEGE_PLATFORM "http://tizen.org/privilege/internal/default/platform" + +namespace AuditTrail { + +namespace { + +std::vector logs; +bool enabled; + +User::AuditTrail convertLog(int type, const std::string &log) +{ + User::AuditTrail ret; + std::stringstream tok(log); + std::string word, msg; + + getline(tok, word, ' '); + word = word.substr(sizeof("audit(") - 1); + size_t dot = word.find_first_of('.'); + ret.time.time = std::stoll(word.substr(0, dot)); + ret.time.millisec = std::stoi(word.substr(dot + 1, 3)); + + while (getline(tok, word, ' ')) { + size_t equal = word.find_first_of('='); + std::string item = word.substr(0, equal); + std::string value = word.substr(equal + 1); + + if (item == "msg") + msg = value.substr(1, value.size() - 2); + } + + // TODO : If the format given by user access control is specified, + // Following code will be replaced by parsing a message. + ret.log.type = type; + ret.log.text = msg; + + return ret; +} + +} // namespace + + +User::User(AuditTrailControlContext &ctx) : + context(ctx) +{ + context.expose(this, "", (AuditTrail)(User::get)(unsigned int)); + context.expose(this, "", (unsigned int)(User::size)()); + context.expose(this, PRIVILEGE_PLATFORM, (int)(User::clear)()); + context.expose(this, PRIVILEGE_PLATFORM, (int)(User::enable)(bool)); + context.expose(this, "", (bool)(User::isEnabled)()); + + context.createNotification("User"); + + enabled = false; + + context.setAuditHandler([&ctx] (int type, std::vector &buf) { + if (!enabled) + return; + + if ((type >= AUDIT_FIRST_USER_MSG && type <= AUDIT_LAST_USER_MSG) || + (type >= AUDIT_FIRST_USER_MSG2 && type <= AUDIT_LAST_USER_MSG2)) { + std::string log(buf.begin(), buf.end()); + logs.push_back(convertLog(type, log)); + ctx.notify("User", logs.size() - 1); + } + }); +} + +User::~User() +{ +} + +User::AuditTrail User::get(unsigned int pos) +{ + if (pos >= logs.size()) { + AuditTrail empty; + empty.log.type = 0; + return empty; + } + + return logs[pos]; +} + +unsigned int User::size() +{ + return logs.size(); +} + +int User::clear() +{ + logs.clear(); + return 0; +} + +bool User::isEnabled() +{ + return enabled; +} + +int User::enable(bool en) +{ + enabled = en; + return 0; +} + +} // namespace AuditTrail diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt index ab8eb8e..c6d6110 100755 --- a/tools/CMakeLists.txt +++ b/tools/CMakeLists.txt @@ -1,5 +1,5 @@ # -# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tools/cli/audit-trail-admin-cli.cpp b/tools/cli/audit-trail-admin-cli.cpp index ff80036..b9c01e9 100644 --- a/tools/cli/audit-trail-admin-cli.cpp +++ b/tools/cli/audit-trail-admin-cli.cpp @@ -32,12 +32,14 @@ #include #include +#include #include #include enum { LOG_TYPE_DAC, LOG_TYPE_MAC, + LOG_TYPE_USER, LOG_TYPE_SYSCALL, }; @@ -49,12 +51,12 @@ static inline int usage(const std::string name) std::cout << "Usage: " << name << " [Option]" << std::endl << std::endl << "Options :" << std::endl - << " -s, --show=[dac|mac|syscall] show the audit logs" << std::endl - << " -c, --clear=[dac|mac|syscall] clear the audit logs" << std::endl - << " -d, --disable=[dac|mac|syscall] disable to collect logs" << std::endl - << " -e, --enable=[dac|mac|syscall] enable to collect logs" << std::endl - << " -m, --monitor monitor for all audit logs" << std::endl - << " -h, --help show this" << std::endl + << " -s, --show=[dac|mac|syscall|user] show the audit logs" << std::endl + << " -c, --clear=[dac|mac|syscall|user] clear the audit logs" << std::endl + << " -d, --disable=[dac|mac|syscall|user] disable to collect logs" << std::endl + << " -e, --enable=[dac|mac|syscall|user] enable to collect logs" << std::endl + << " -m, --monitor monitor for all audit logs" << std::endl + << " -h, --help show this" << std::endl << std::endl; return -1; @@ -152,6 +154,32 @@ std::string printMACLog(audit_trail_dac_h log) return str.str(); } +std::string printUserLog(audit_trail_dac_h log) +{ + std::stringstream str; + const char *text; + int type; + + time_t time; + unsigned short millisec; + audit_trail_get_user_time(log, &time, &millisec); + struct tm *local = localtime(&time); + + str << "time={" + << local->tm_hour << ":" << local->tm_min << ":" << local->tm_sec + << "." << millisec; + + str << "},log={"; + audit_trail_get_user_log_type(log, &type); + str << "type=" << type; + audit_trail_get_user_log_text(log, &text); + str << ",text=" << text; + + str << "}"; + + return str.str(); +} + std::string printSyscallLog(audit_trail_syscall_h log) { std::stringstream str; @@ -201,6 +229,9 @@ void foreachLog(void *log, void *userData) case LOG_TYPE_MAC: std::cout << printDACLog(log); break; + case LOG_TYPE_USER: + std::cout << printUserLog(log); + break; case LOG_TYPE_SYSCALL: std::cout << printSyscallLog(log); break; @@ -225,6 +256,9 @@ int showLog(const std::string type) } else if (word == "mac") { std::cout << "MAC logs" << std::endl; audit_trail_foreach_mac(auditTrail, foreachLog, (void*)LOG_TYPE_MAC); + } else if (word == "user") { + std::cout << "User logs" << std::endl; + audit_trail_foreach_user(auditTrail, foreachLog, (void*)LOG_TYPE_USER); } else if (word == "syscall") { std::cout << "System call logs" << std::endl; audit_trail_foreach_syscall(auditTrail, foreachLog, (void*)LOG_TYPE_SYSCALL); @@ -248,6 +282,8 @@ int clearLog(const std::string type) audit_trail_clear_dac(auditTrail); } else if (word == "mac") { audit_trail_clear_mac(auditTrail); + } else if (word == "user") { + audit_trail_clear_user(auditTrail); } else if (word == "syscall") { audit_trail_clear_syscall(auditTrail); } @@ -271,6 +307,8 @@ int enableLog(const std::string type, bool en) audit_trail_enable_dac(auditTrail, en); } else if (word == "mac") { audit_trail_enable_mac(auditTrail, en); + } else if (word == "user") { + audit_trail_enable_user(auditTrail, en); } else if (word == "syscall") { audit_trail_enable_syscall(auditTrail, en); } @@ -283,18 +321,19 @@ int enableLog(const std::string type, bool en) if (en) { std::cout << "dac "; } - - en = false; audit_trail_is_enabled_mac(auditTrail, &en); if (en) { std::cout << "mac "; } - - en = false; + audit_trail_is_enabled_user(auditTrail, &en); + if (en) { + std::cout << "user "; + } audit_trail_is_enabled_syscall(auditTrail, &en); if (en) { std::cout << "syscall "; } + std::cout << std::endl; audit_trail_destroy(auditTrail); @@ -321,6 +360,12 @@ void logCallback(void* log, void *userData) std::cout << printMACLog(log); std::cout << "}"; break; + case LOG_TYPE_USER: + std::cout << "[User] "; + std::cout << "{"; + std::cout << printUserLog(log); + std::cout << "}"; + break; case LOG_TYPE_SYSCALL: std::cout << "[SystemCall] "; std::cout << "{"; @@ -334,12 +379,13 @@ void logCallback(void* log, void *userData) int monitorLog() { - int macCbId, dacCbId, syscallCbId; + int macCbId, dacCbId, syscallCbId, userCbId; audit_trail_h auditTrail; audit_trail_create(&auditTrail); audit_trail_add_dac_cb(auditTrail, logCallback, (void*)LOG_TYPE_DAC, &dacCbId); audit_trail_add_mac_cb(auditTrail, logCallback, (void*)LOG_TYPE_MAC, &macCbId); + audit_trail_add_user_cb(auditTrail, logCallback, (void*)LOG_TYPE_USER, &userCbId); audit_trail_add_syscall_cb(auditTrail, logCallback, (void*)LOG_TYPE_SYSCALL, &syscallCbId); std::cout << "=== Monitoring start ===" << std::endl << std::endl; @@ -352,6 +398,7 @@ int monitorLog() audit_trail_remove_dac_cb(auditTrail, dacCbId); audit_trail_remove_mac_cb(auditTrail, macCbId); + audit_trail_remove_user_cb(auditTrail, userCbId); audit_trail_remove_syscall_cb(auditTrail, syscallCbId); std::cout << std::endl << "=== Monitoring end ===" << std::endl;