From: Aleksander Zdyb Date: Wed, 24 Jun 2015 12:56:46 +0000 (+0200) Subject: Implement Lad::AuditRulesPopulator X-Git-Tag: accepted/tizen/3.0/common/20161114.110018~12 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7f0bc4f88bb8fa8d6022cecc7f1da148a74b23e3;p=platform%2Fcore%2Fsecurity%2Fnice-lad.git Implement Lad::AuditRulesPopulator This class populates audit syscall rules in accordance to data obtained from given data provider. Change-Id: I6349abb6f98e253229969c53eee438dc406ed685 --- diff --git a/src/Lad/AuditRulesPopulator.cpp b/src/Lad/AuditRulesPopulator.cpp new file mode 100644 index 0000000..1d9212a --- /dev/null +++ b/src/Lad/AuditRulesPopulator.cpp @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file src/Lad/AuditRulesPopulator.cpp + * @author Aleksander Zdyb + * @version 1.0 + */ + +#include "AuditRulesPopulator.h" + +namespace Lad { + +AuditRulesPopulator::AuditRulesPopulator(Audit::Auditctl &auditctl, DataProvider &dataprovider) + : m_auditctl(auditctl), m_dataprovider(dataprovider) +{ + auto groups = dataprovider.getResourceGroups(); + + for (const auto &group : groups) { + Audit::SyscallRuleData syscallRule(m_auditctl.auditApi(), "all"); + syscallRule.addPair("obj_gid", group); + syscallRule.addPair("success", "0"); + syscallRule.addPair("key", "nice-lad"); + + m_auditctl.addSyscallRule(syscallRule); + m_syscallRules.push_back(std::move(syscallRule)); + } +} + +AuditRulesPopulator::~AuditRulesPopulator() { + for (auto &rule : m_syscallRules) { + m_auditctl.deleteSyscallRule(rule); + } +} + +} /* namespace Lad */ diff --git a/src/Lad/AuditRulesPopulator.h b/src/Lad/AuditRulesPopulator.h new file mode 100644 index 0000000..60dde0a --- /dev/null +++ b/src/Lad/AuditRulesPopulator.h @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file src/Lad/AuditRulesPopulator.h + * @author Aleksander Zdyb + * @version 1.0 + */ + +#ifndef SRC_LAD_AUDITRULESPOPULATOR_H +#define SRC_LAD_AUDITRULESPOPULATOR_H + +#include + +#include +#include + +namespace Lad { + +class AuditRulesPopulator { +public: + AuditRulesPopulator(Audit::Auditctl &m_auditctl, DataProvider &m_dataprovider); + ~AuditRulesPopulator(); + +private: + Audit::Auditctl &m_auditctl; + DataProvider &m_dataprovider; + + std::list m_syscallRules; +}; + +} /* namespace Lad */ + +#endif /* SRC_LAD_AUDITRULESPOPULATOR_H */