From: Aleksander Zdyb Date: Fri, 19 Jun 2015 12:08:08 +0000 (+0200) Subject: Implement Audit::Auditctl X-Git-Tag: accepted/tizen/3.0/common/20161114.110018~18 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=71a5843fa215d0e856e31ba1f72b5698f6031c98;p=platform%2Fcore%2Fsecurity%2Fnice-lad.git Implement Audit::Auditctl This class is used to apply audit rules. Change-Id: I93aa936837f664487360109a817d5e9830734149 --- diff --git a/src/Audit/Auditctl.cpp b/src/Audit/Auditctl.cpp new file mode 100644 index 0000000..3f38c44 --- /dev/null +++ b/src/Audit/Auditctl.cpp @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file src/Audit/Auditctl.cpp + * @author Aleksander Zdyb + * @version 1.0 + */ + +#include + +#include "Auditctl.h" + +namespace Audit { + +Auditctl::Auditctl(BaseAuditWrapper &auditApi) : m_auditApi(auditApi) { + m_auditFd = m_auditApi.audit_open(); + if (m_auditFd == -1) { + throw ErrorException("Could not open audit fd"); + } +} + +Auditctl::~Auditctl() { + m_auditApi.audit_close(m_auditFd); +} + +void Auditctl::addSyscallRule(const SyscallRuleData &ruleData) { + auto rd = ruleData.get(); + m_auditApi.audit_add_rule_data(m_auditFd, rd, m_auditApi.AUDIT_FILTER_EXIT_CONST(), + m_auditApi.AUDIT_ALWAYS_CONST()); + m_auditApi.audit_rule_free_data(rd); +} + +void Auditctl::deleteSyscallRule(const SyscallRuleData &ruleData) { + auto rd = ruleData.get(); + m_auditApi.audit_delete_rule_data(m_auditFd, rd, m_auditApi.AUDIT_FILTER_EXIT_CONST(), + m_auditApi.AUDIT_ALWAYS_CONST()); + m_auditApi.audit_rule_free_data(rd); +} + +} /* namespace Audit */ diff --git a/src/Audit/Auditctl.h b/src/Audit/Auditctl.h new file mode 100644 index 0000000..1491b20 --- /dev/null +++ b/src/Audit/Auditctl.h @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file src/Audit/Auditctl.h + * @author Aleksander Zdyb + * @version 1.0 + */ + +#ifndef SRC_AUDIT_AUDITCTL_H +#define SRC_AUDIT_AUDITCTL_H + +#include +#include + +namespace Audit { + +class Auditctl { +public: + Auditctl(BaseAuditWrapper &auditApi); + ~Auditctl(); + + void addSyscallRule(const SyscallRuleData &ruleData); + void deleteSyscallRule(const SyscallRuleData &ruleData); + + BaseAuditWrapper &auditApi(void) { + return m_auditApi; + } + +private: + BaseAuditWrapper &m_auditApi; + int m_auditFd; +}; + +} /* namespace Audit */ + +#endif /* SRC_AUDIT_AUDITCTL_H */