From: Sungbae Yoo Date: Thu, 7 Dec 2017 10:46:56 +0000 (+0900) Subject: Move classes for audit subsystem to audit-trail git X-Git-Tag: submit/tizen/20180109.085832~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8b8956371b48cea914193f3689058bae996e90be;p=platform%2Fcore%2Fsecurity%2Fklay.git Move classes for audit subsystem to audit-trail git Signed-off-by: Sungbae Yoo Change-Id: I6007475ddb6d54ab2b975646938568d073dc7c7a --- diff --git a/include/klay/netlink/audit-rule.h b/include/klay/netlink/audit-rule.h deleted file mode 100644 index b595fd2..0000000 --- a/include/klay/netlink/audit-rule.h +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#ifndef __RUNTIME_NETLINK_AUDIT_RULE_H__ -#define __RUNTIME_NETLINK_AUDIT_RULE_H__ - -#include - -#include - -#include - -namespace netlink { - -class KLAY_EXPORT AuditRule final { -public: - AuditRule(); - AuditRule(std::vector& buf); - ~AuditRule(); - - void setSystemCall(unsigned int syscall); - void unsetSystemCall(unsigned int syscall); - void setAllSystemCalls(); - void clearAllSystemCalls(); - std::vector getSystemCalls() const; - - void setReturn(unsigned int val); - void unsetReturn(); - unsigned int getReturn() const; - bool hasReturn() const; - - void setKey(const std::string &name); - void unsetKey(); - const std::string getkey() const; - bool hasKey() const; - - const char *data() const - { - return buf.data(); - } - - unsigned int size() const - { - return buf.size(); - } - -private: - std::vector buf; -}; - -} // namespace runtime - -#endif //!__RUNTIME_NETLINK_AUDIT_RULE_H__ diff --git a/include/klay/netlink/audit.h b/include/klay/netlink/audit.h deleted file mode 100644 index b523b23..0000000 --- a/include/klay/netlink/audit.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#ifndef __RUNTIME_NETLINK_AUDIT_H__ -#define __RUNTIME_NETLINK_AUDIT_H__ - -#include -#include - -#include - -#include -#include -#include -#include - -namespace netlink { - -class KLAY_EXPORT Audit final { -public: - typedef std::pair> Message; - typedef std::function MessageHandler; - - Audit(); - Audit(Audit&&); - Audit(const Audit&) = delete; - ~Audit(); - - Audit& operator=(const Audit&) = delete; - - void setPID(pid_t pid); - void setEnabled(int enabled); - int isEnabled(); - - std::vector getRules(); - void addRule(const AuditRule& rule); - void removeRule(const AuditRule& rule); - - void setMainloop(runtime::Mainloop *ml); - void setMessageHandler(MessageHandler&& handler); - -private: - void send(int type, const void *data, unsigned int size); - Message recv(int options = 0); - - void processMessage(int fd, runtime::Mainloop::Event event); - - Netlink nl; - unsigned int sequence = 0; - runtime::Mainloop *mainloop; - MessageHandler messageHandler; -}; - -} // namespace runtime - -#endif //!__RUNTIME_NETLINK_AUDIT_H__ diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 2b3c4d9..d8adabd 100755 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -55,9 +55,7 @@ SET (KLAY_SOURCES ${KLAY_SRC}/error.cpp ${KLAY_SRC}/audit/console-sink.cpp ${KLAY_SRC}/audit/dlog-sink.cpp ${KLAY_SRC}/audit/audit-trail.cpp - ${KLAY_SRC}/netlink/audit.cpp ${KLAY_SRC}/netlink/netlink.cpp - ${KLAY_SRC}/netlink/audit-rule.cpp ) SET (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack") diff --git a/src/netlink/audit-rule.cpp b/src/netlink/audit-rule.cpp deleted file mode 100644 index eb4fe6a..0000000 --- a/src/netlink/audit-rule.cpp +++ /dev/null @@ -1,226 +0,0 @@ -/* - * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -#include -#include - -#include - -namespace netlink { - -AuditRule::AuditRule() : - buf(sizeof(struct audit_rule_data)) -{ - auto r = (struct audit_rule_data *)buf.data(); - r->flags = AUDIT_FILTER_EXIT; - r->action = AUDIT_ALWAYS; -} - -AuditRule::AuditRule(std::vector &buf) : - buf(buf) -{ -} - -AuditRule::~AuditRule() -{ -} - -void AuditRule::setSystemCall(unsigned int syscall) -{ - auto r = (struct audit_rule_data *)buf.data(); - r->mask[syscall / 32] |= 1 << (syscall % 32); -} - -void AuditRule::unsetSystemCall(unsigned int syscall) -{ - auto r = (struct audit_rule_data *)buf.data(); - r->mask[syscall / 32] &= ~(1 << (syscall % 32)); -} - -void AuditRule::setAllSystemCalls() -{ - auto r = (struct audit_rule_data *)buf.data(); - for (auto &m : r->mask) { - m = 0xffffffff; - } -} - -void AuditRule::clearAllSystemCalls() -{ - auto r = (struct audit_rule_data *)buf.data(); - for (auto &m : r->mask) { - m = 0; - } -} - -std::vector AuditRule::getSystemCalls() const -{ - auto r = (struct audit_rule_data *)buf.data(); - std::vector ret; - - for (int i = 0; i < AUDIT_BITMASK_SIZE; i++) { - for (int j = 0, k = 1; j < 32; j++, k <<= 1) { - if (r->mask[i] & k) { - ret.push_back(i << 5 | j); - } - } - } - return ret; -} - -void AuditRule::setReturn(unsigned int val) -{ - auto r = (struct audit_rule_data *)buf.data(); - unsigned int i; - - for (i = 0; i < r->field_count; i++) { - if (r->fields[i] == AUDIT_EXIT) { - break; - } - } - if (i == r->field_count) { - r->fields[i] = AUDIT_EXIT; - r->fieldflags[i] = AUDIT_EQUAL; - r->field_count++; - } - r->values[i] = val; -} - -void AuditRule::unsetReturn() -{ - auto r = (struct audit_rule_data *)buf.data(); - unsigned int i; - - for (i = 0; i < r->field_count; i++) { - if (r->fields[i] == AUDIT_EXIT) { - break; - } - } - - if (i == r->field_count) { - return; - } - - std::move(&r->values[i + 1], &r->values[r->field_count], &r->values[i]); - std::move(&r->fields[i + 1], &r->fields[r->field_count], &r->fields[i]); - std::move(&r->fieldflags[i + 1], &r->fieldflags[r->field_count], &r->fieldflags[i]); - - r->field_count--; - - r->values[r->field_count] = 0; - r->fields[r->field_count] = 0; - r->fieldflags[r->field_count] = 0; -} - -unsigned int AuditRule::getReturn() const -{ - auto r = (struct audit_rule_data *)buf.data(); - for (unsigned int i = 0; i < r->field_count; i++) { - if (r->fields[i] == AUDIT_EXIT) { - return r->values[i]; - } - } - throw runtime::Exception("No rule for return"); -} - -bool AuditRule::hasReturn() const -{ - auto r = (struct audit_rule_data *)buf.data(); - for (unsigned int i = 0; i < r->field_count; i++) { - if (r->fields[i] == AUDIT_EXIT) { - return true; - } - } - return false; -} - -void AuditRule::setKey(const std::string &name) -{ - auto r = (struct audit_rule_data *)buf.data(); - unsigned int i; - - for (i = 0; i < r->field_count; i++) { - if (r->fields[i] == AUDIT_FILTERKEY) { - break; - } - } - - if (i == r->field_count) { - r->fields[i] = AUDIT_FILTERKEY; - r->fieldflags[i] = AUDIT_EQUAL; - r->field_count++; - } - - // TODO : Calculate the offset. It assummed that there is no field to use buffer - - r->values[i] = name.size(); - r->buflen = name.size(); - - buf.resize(sizeof(struct audit_rule_data) + name.size()); - r = (struct audit_rule_data *)buf.data(); - std::copy(name.begin(), name.end(), r->buf); -} - -void AuditRule::unsetKey() -{ - auto r = (struct audit_rule_data *)buf.data(); - unsigned int i; - - for (i = 0; i < r->field_count; i++) { - if (r->fields[i] == AUDIT_FILTERKEY) { - break; - } - } - - if (i == r->field_count) { - return; - } - - std::move(&r->values[i + 1], &r->values[r->field_count], &r->values[i]); - std::move(&r->fields[i + 1], &r->fields[r->field_count], &r->fields[i]); - std::move(&r->fieldflags[i + 1], &r->fieldflags[r->field_count], &r->fieldflags[i]); - - r->field_count--; - - r->values[r->field_count] = 0; - r->fields[r->field_count] = 0; - r->fieldflags[r->field_count] = 0; -} - -const std::string AuditRule::getkey() const -{ - auto r = (struct audit_rule_data *)buf.data(); - for (unsigned int i = 0; i < r->field_count; i++) { - if (r->fields[i] == AUDIT_FILTERKEY) { - // TODO : Calculate the offset. It assummed that there is no field to use buffer - return r->buf; - } - } - - throw runtime::Exception("No rule for key"); -} - -bool AuditRule::hasKey() const -{ - auto r = (struct audit_rule_data *)buf.data(); - for (unsigned int i = 0; i < r->field_count; i++) { - if (r->fields[i] == AUDIT_FILTERKEY) { - return true; - } - } - return false; -} - -} // namespace runtime diff --git a/src/netlink/audit.cpp b/src/netlink/audit.cpp deleted file mode 100644 index 6cbd211..0000000 --- a/src/netlink/audit.cpp +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -#include -#include -#include -#include - -#include - -#include -#include - -#include - -using namespace std::placeholders; - -namespace netlink { - -Audit::Audit() : - nl(NETLINK_AUDIT), sequence(0), mainloop(nullptr) -{ -} - -Audit::Audit(Audit&& audit) : - nl(std::move(audit.nl)), sequence(audit.sequence), mainloop(audit.mainloop) -{ -} - -Audit::~Audit() -{ -} - -void Audit::setPID(pid_t pid) -{ - struct audit_status s; - - ::memset(&s, 0, sizeof(s)); - s.mask = AUDIT_STATUS_PID; - s.pid = pid; - - send(AUDIT_SET, &s, sizeof(s)); -} - -void Audit::setEnabled(int enabled) -{ - struct audit_status s; - - ::memset(&s, 0, sizeof(s)); - s.mask = AUDIT_STATUS_ENABLED; - s.enabled = enabled; - - send(AUDIT_SET, &s, sizeof(s)); -} - -int Audit::isEnabled() -{ - int ret = 0; - send(AUDIT_GET, NULL, 0); - - while (1) { - auto msg = recv(); - - switch (msg.first) { - case NLMSG_DONE: - case NLMSG_ERROR: - throw runtime::Exception("Failed to get audit state"); - case AUDIT_GET: - ret = ((struct audit_status*)msg.second.data())->enabled; - break; - default: - continue; - } - - break; - } - - return ret; -} - -std::vector Audit::getRules() -{ - std::vector ret; - - send(AUDIT_LIST_RULES, NULL, 0); - - while (1) { - auto msg = recv(); - - switch (msg.first) { - case NLMSG_DONE: - break; - case NLMSG_ERROR: - throw runtime::Exception("Failed to get a list of audit rules"); - case AUDIT_LIST_RULES: - ret.push_back(msg.second); - default: - continue; - } - - break; - } - return ret; -} - -void Audit::addRule(const AuditRule& rule) -{ - send(AUDIT_ADD_RULE, rule.data(), rule.size()); -} - -void Audit::removeRule(const AuditRule& rule) -{ - send(AUDIT_DEL_RULE, rule.data(), rule.size()); -} - -void Audit::setMainloop(runtime::Mainloop *ml) -{ - int fd = nl.getFd(); - - if (mainloop != nullptr) { - mainloop->removeEventSource(fd); - } - mainloop = ml; - mainloop->addEventSource(fd, POLLIN, std::bind(&Audit::processMessage, - this, _1, _2)); -} - -void Audit::setMessageHandler(MessageHandler&& handler) -{ - messageHandler = handler; -} - -void Audit::send(int type, const void *data, unsigned int size) -{ - char buf[NLMSG_SPACE(size)]; - auto *nlh = (struct nlmsghdr *)buf; - - ::memset(buf, 0, sizeof(buf)); - - nlh->nlmsg_len = sizeof(buf); - nlh->nlmsg_type = type; - nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; - nlh->nlmsg_seq = ++sequence; - - if (sequence == 0) { - sequence++; - } - - if (size && data) { - ::memcpy(NLMSG_DATA(buf), data, size); - } - - nl.send(buf, sizeof(buf)); - - if (recv(MSG_PEEK).first == NLMSG_ERROR) { - auto reply = recv().second; - auto err = (struct nlmsgerr*)reply.data(); - if (err->error) { - throw runtime::Exception("Audit netlink error: " + - std::to_string(err->error)); - } - } -} - -Audit::Message Audit::recv(int options) -{ - struct nlmsghdr nlh; - - processMessage(nl.getFd(), POLLIN); - - //To get message size - nl.recv(&nlh, sizeof(nlh), options | MSG_PEEK); - - char buf[nlh.nlmsg_len + NLMSG_HDRLEN]; - nl.recv(buf, sizeof(buf), options); - - Message msg = {nlh.nlmsg_type, std::vector(nlh.nlmsg_len)}; - - ::memcpy(msg.second.data(), NLMSG_DATA(buf), msg.second.size()); - return msg; -} - -void Audit::processMessage(int fd, runtime::Mainloop::Event event) -{ - struct nlmsghdr nlh; - - nl.recv(&nlh, sizeof(nlh), MSG_PEEK); - - while (nlh.nlmsg_seq == 0) { - char buf[nlh.nlmsg_len + NLMSG_HDRLEN]; - nl.recv(buf, sizeof(buf)); - - Message msg = {nlh.nlmsg_type, std::vector(nlh.nlmsg_len)}; - - ::memcpy(msg.second.data(), NLMSG_DATA(buf), msg.second.size()); - if (messageHandler) { - messageHandler(msg); - } - - try { - nl.recv(&nlh, sizeof(nlh), MSG_PEEK | MSG_DONTWAIT); - } catch (runtime::Exception &e) { - break; - } - } -} - -} // namespace runtime