From: Sangwan Kwon Date: Tue, 10 Dec 2019 04:58:50 +0000 (+0900) Subject: Support policy activation to client X-Git-Tag: accepted/tizen/unified/20200810.122954~137 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=bdc39cad0a089a1cf7d0fa832848cc2dac3055ca;p=platform%2Fcore%2Fsecurity%2Fvist.git Support policy activation to client Signed-off-by: Sangwan Kwon --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 751954c..c3b5745 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -25,7 +25,7 @@ ELSE(DEFINED GBS_BUILD) ENDIF(DEFINED GBS_BUILD) IF(NOT CMAKE_BUILD_TYPE) - SET(CMAKE_BUILD_TYPE "RELEASE") + SET(CMAKE_BUILD_TYPE "DEBUG") ENDIF(NOT CMAKE_BUILD_TYPE) SET(CMAKE_CXX_FLAGS_DEBUG "-g -std=c++1y -O0 -ggdb -Wp,-U_FORTIFY_SOURCE") diff --git a/specs/tizen/policy_admin.table b/specs/tizen/policy_admin.table index 3cd3227..6c6ee9b 100644 --- a/specs/tizen/policy_admin.table +++ b/specs/tizen/policy_admin.table @@ -2,7 +2,9 @@ table_name("policy_admin") description("Policy administrator.") schema([ Column("name", TEXT, "Policy admin name"), + Column("activated", INTEGER, "State of activation"), ]) implementation("tizen/policy_admin@genPolicyAdmin") implementation_delete("tizen/policy_admin@deletePolicyAdmin") implementation_insert("tizen/policy_admin@insertPolicyAdmin") +implementation_update("tizen/policy_admin@updatePolicyAdmin") diff --git a/src/osquery/tables/tizen/policy_admin.cpp b/src/osquery/tables/tizen/policy_admin.cpp index bb507f2..4b068dc 100644 --- a/src/osquery/tables/tizen/policy_admin.cpp +++ b/src/osquery/tables/tizen/policy_admin.cpp @@ -65,11 +65,29 @@ QueryData genPolicyAdmin(QueryContext& context) try { auto admins = vist::policy::API::Admin::GetAll(); for (auto& admin : admins) { - Row r; - r["name"] = SQL_TEXT(admin); - - DEBUG(VIST) << "Admin info [name]: " << r["name"]; - results.emplace_back(std::move(r)); + if (context.constraints["name"].exists(EQUALS)) { /// where clause + auto names = context.constraints["name"].getAll(EQUALS); + for (const auto& name : names) { + if (name == admin.first) { + Row row; + row["name"] = admin.first; + row["activated"] = std::to_string(admin.second); + + DEBUG(VIST) << "Admin info [name]: " << row["name"] + << ", [activated]:" << row["activated"]; + + results.emplace_back(std::move(row)); + } + } + } else { /// select *; + Row row; + row["name"] = admin.first; + row["activated"] = std::to_string(admin.second); + + DEBUG(VIST) << "Admin info [name]: " << row["name"] + << ", [activated]:" << row["activated"]; + results.emplace_back(std::move(row)); + } } return results; @@ -115,5 +133,33 @@ QueryData deletePolicyAdmin(QueryContext& context, const PluginRequest& request) return { r }; } +QueryData updatePolicyAdmin(QueryContext& context, const PluginRequest& request) try { + INFO(VIST) << "Update query about policy-admin table."; + if (request.count("json_value_array") == 0) + throw std::runtime_error("Wrong request format. Not found json value."); + + std::string str = request.at("json_value_array"); + rapidjson::Document document; + document.Parse(str.c_str()); + if (document.HasParseError() || !document.IsArray()) + throw std::runtime_error("Cannot parse request."); + + if (document.Size() != 2) + throw std::runtime_error("Wrong request format."); + + std::string name = document[0].GetString(); + int activated = document[1].GetInt(); + + vist::policy::API::Admin::Activate(name, activated); + + Row r; + r["status"] = "success"; + return { r }; +} catch (...) { + ERROR(VIST) << "Failed to insert query on policy-admin."; + Row r; + return { r }; +} + } // namespace tables } // namespace osquery diff --git a/src/vist/CMakeLists.txt b/src/vist/CMakeLists.txt index 369eda9..07a686b 100644 --- a/src/vist/CMakeLists.txt +++ b/src/vist/CMakeLists.txt @@ -67,36 +67,34 @@ TARGET_LINK_LIBRARIES(${TARGET_VIST_LIB} ${TARGET_VIST_COMMON_LIB} ${TARGET_VIST_POLICY_LIB} ${TARGET_OSQUERY_LIB}) -IF(DEFINED GBS_BUILD) - ADD_EXECUTABLE(${TARGET_VIST_DAEMON} main/main.cpp) - TARGET_LINK_LIBRARIES(${TARGET_VIST_DAEMON} ${TARGET_VIST_LIB}) - TARGET_LINK_WHOLE(${TARGET_VIST_DAEMON} ${TARGET_OSQUERY_LIB}) - SET_TARGET_PROPERTIES(${TARGET_VIST_DAEMON} PROPERTIES COMPILE_FLAGS "-fPIE") - SET_TARGET_PROPERTIES(${TARGET_VIST_DAEMON} PROPERTIES LINK_FLAGS "-pie") - INSTALL(TARGETS ${TARGET_VIST_DAEMON} - DESTINATION ${CMAKE_INSTALL_BINDIR} - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE - GROUP_READ - GROUP_EXECUTE - WORLD_READ - WORLD_EXECUTE) +ADD_EXECUTABLE(${TARGET_VIST_DAEMON} main/main.cpp) +TARGET_LINK_LIBRARIES(${TARGET_VIST_DAEMON} ${TARGET_VIST_LIB}) +TARGET_LINK_WHOLE(${TARGET_VIST_DAEMON} ${TARGET_OSQUERY_LIB}) +SET_TARGET_PROPERTIES(${TARGET_VIST_DAEMON} PROPERTIES COMPILE_FLAGS "-fPIE") +SET_TARGET_PROPERTIES(${TARGET_VIST_DAEMON} PROPERTIES LINK_FLAGS "-pie") +INSTALL(TARGETS ${TARGET_VIST_DAEMON} + DESTINATION ${CMAKE_INSTALL_BINDIR} + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + GROUP_READ + GROUP_EXECUTE + WORLD_READ + WORLD_EXECUTE) - ADD_EXECUTABLE(${TARGET_VIST_CLI} main/cli.cpp) - TARGET_LINK_LIBRARIES(${TARGET_VIST_CLI} ${TARGET_VIST_CLIENT_LIB}) - SET_TARGET_PROPERTIES(${TARGET_VIST_CLI} PROPERTIES COMPILE_FLAGS "-fPIE") - SET_TARGET_PROPERTIES(${TARGET_VIST_CLI} PROPERTIES LINK_FLAGS "-pie") - INSTALL(TARGETS ${TARGET_VIST_CLI} - DESTINATION ${CMAKE_INSTALL_BINDIR} - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE - GROUP_READ - GROUP_EXECUTE - WORLD_READ - WORLD_EXECUTE) -ENDIF(DEFINED GBS_BUILD) +ADD_EXECUTABLE(${TARGET_VIST_CLI} main/cli.cpp) +TARGET_LINK_LIBRARIES(${TARGET_VIST_CLI} ${TARGET_VIST_CLIENT_LIB}) +SET_TARGET_PROPERTIES(${TARGET_VIST_CLI} PROPERTIES COMPILE_FLAGS "-fPIE") +SET_TARGET_PROPERTIES(${TARGET_VIST_CLI} PROPERTIES LINK_FLAGS "-pie") +INSTALL(TARGETS ${TARGET_VIST_CLI} + DESTINATION ${CMAKE_INSTALL_BINDIR} + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + GROUP_READ + GROUP_EXECUTE + WORLD_READ + WORLD_EXECUTE) ADD_EXECUTABLE(${TARGET_VIST_TEST} main/tests.cpp ${${TARGET_VIST_LIB}_TESTS}) diff --git a/src/vist/client/CMakeLists.txt b/src/vist/client/CMakeLists.txt index 05dca46..0cf045c 100644 --- a/src/vist/client/CMakeLists.txt +++ b/src/vist/client/CMakeLists.txt @@ -18,9 +18,9 @@ ADD_VIST_CLIENT_LIBRARY(vist_client query.cpp virtual-table.cpp) FILE(GLOB CLIENT_TESTS "tests/*.cpp") -IF(DEFINED GBS_BUILD) +#IF(DEFINED GBS_BUILD) ADD_VIST_TEST(${CLIENT_TESTS}) -ENDIF(DEFINED GBS_BUILD) + #ENDIF(DEFINED GBS_BUILD) ADD_LIBRARY(${TARGET_VIST_CLIENT_LIB} STATIC ${${TARGET_VIST_CLIENT_LIB}_SRCS}) TARGET_LINK_LIBRARIES(${TARGET_VIST_CLIENT_LIB} ${VIST_CLIENT_DEPS_LIBRARIES} diff --git a/src/vist/client/tests/client.cpp b/src/vist/client/tests/query.cpp similarity index 64% rename from src/vist/client/tests/client.cpp rename to src/vist/client/tests/query.cpp index f21bd66..1d215f9 100644 --- a/src/vist/client/tests/client.cpp +++ b/src/vist/client/tests/query.cpp @@ -23,15 +23,17 @@ using namespace vist; -class ClientTests : public testing::Test {}; +class QueryTests : public testing::Test {}; -TEST(ClientTests, query) { +TEST(QueryTests, query) +{ auto rows = Query::Execute("SELECT * FROM policy"); EXPECT_TRUE(rows.size() > 0); } -TEST(ClientTests, admin_enrollment) { +TEST(QueryTests, admin_enrollment) +{ /// Default policy admin is always exist. auto rows = Query::Execute("SELECT * FROM policy_admin"); EXPECT_EQ(rows.size(), 1); @@ -56,3 +58,25 @@ TEST(ClientTests, admin_enrollment) { rows = Query::Execute("SELECT * FROM policy_admin"); EXPECT_EQ(rows.size(), 1); } + +TEST(QueryTests, admin_activation) +{ + /// Default policy admin is always exist. + auto rows = Query::Execute("SELECT * FROM policy_admin"); + EXPECT_EQ(rows.size(), 1); + + Query::Execute("INSERT INTO policy_admin (name) VALUES ('testAdmin')"); + rows = Query::Execute("SELECT * FROM policy_admin WHERE name = 'testAdmin'"); + EXPECT_EQ(rows.size(), 1); + EXPECT_EQ(rows[0]["name"], "testAdmin"); + EXPECT_EQ(rows[0]["activated"], "0"); + + Query::Execute("UPDATE policy_admin SET activated = 1 where name = 'testAdmin'"); + rows = Query::Execute("SELECT * FROM policy_admin WHERE name = 'testAdmin'"); + EXPECT_EQ(rows.size(), 1); + EXPECT_EQ(rows[0]["name"], "testAdmin"); + EXPECT_EQ(rows[0]["activated"], "1"); + + rows = Query::Execute("DELETE FROM policy_admin WHERE name = 'testAdmin'"); + EXPECT_EQ(rows.size(), 0); +} diff --git a/src/vist/main/main.cpp b/src/vist/main/main.cpp index a181578..8e64bbc 100644 --- a/src/vist/main/main.cpp +++ b/src/vist/main/main.cpp @@ -18,14 +18,12 @@ #include #include -#include #include using namespace vist; int main() try { - LogStream::Init(std::make_shared()); Vist::Instance().start(); return EXIT_SUCCESS; } catch(const Exception& e) { diff --git a/src/vist/policy/api.cpp b/src/vist/policy/api.cpp index 3c99d06..6c0386f 100644 --- a/src/vist/policy/api.cpp +++ b/src/vist/policy/api.cpp @@ -52,7 +52,7 @@ void API::Admin::Activate(const std::string& admin, bool state) PolicyManager::Instance().activate(admin, state); } -std::vector API::Admin::GetAll() +std::unordered_map API::Admin::GetAll() { return PolicyManager::Instance().getAdmins(); } diff --git a/src/vist/policy/api.hpp b/src/vist/policy/api.hpp index d5059bb..dabbcd7 100644 --- a/src/vist/policy/api.hpp +++ b/src/vist/policy/api.hpp @@ -20,7 +20,6 @@ #include #include -#include namespace vist { namespace policy { @@ -37,7 +36,7 @@ struct API { static void Activate(const std::string& admin, bool state = true); - static std::vector GetAll(); + static std::unordered_map GetAll(); }; }; diff --git a/src/vist/policy/policy-manager.cpp b/src/vist/policy/policy-manager.cpp index 06d7b74..f03b827 100644 --- a/src/vist/policy/policy-manager.cpp +++ b/src/vist/policy/policy-manager.cpp @@ -134,7 +134,7 @@ std::unordered_map PolicyManager::getAll() return policies; } -std::vector PolicyManager::getAdmins() +std::unordered_map PolicyManager::getAdmins() { return storage.getAdmins(); } diff --git a/src/vist/policy/policy-manager.hpp b/src/vist/policy/policy-manager.hpp index c93ba73..67d4994 100644 --- a/src/vist/policy/policy-manager.hpp +++ b/src/vist/policy/policy-manager.hpp @@ -56,7 +56,7 @@ public: PolicyValue get(const std::string& policy); std::unordered_map getAll(); - std::vector getAdmins(); + std::unordered_map getAdmins(); private: explicit PolicyManager(); diff --git a/src/vist/policy/policy-storage.cpp b/src/vist/policy/policy-storage.cpp index a0131d5..d5b2b28 100644 --- a/src/vist/policy/policy-storage.cpp +++ b/src/vist/policy/policy-storage.cpp @@ -214,6 +214,7 @@ void PolicyStorage::activate(const std::string& admin, bool state) THROW(ErrCode::RuntimeError) << "Failed to activate admin: " << admin; this->admins[admin].activated = state; + INFO(VIST) << "Admin[" << admin << "]'s activated value is set: " << state; } bool PolicyStorage::isActivated(const std::string& admin) @@ -285,13 +286,13 @@ PolicyValue PolicyStorage::strictest(const std::shared_ptr& policy) return std::move(*strictestPtr); } -std::vector PolicyStorage::getAdmins() const noexcept +std::unordered_map PolicyStorage::getAdmins() const noexcept { - std::vector tmp; + std::unordered_map ret; for (const auto& admin : this->admins) - tmp.push_back(admin.first); + ret[admin.second.name] = admin.second.activated; - return tmp; + return ret; } } // namespace policy diff --git a/src/vist/policy/policy-storage.hpp b/src/vist/policy/policy-storage.hpp index 540694a..e86ecae 100644 --- a/src/vist/policy/policy-storage.hpp +++ b/src/vist/policy/policy-storage.hpp @@ -24,8 +24,6 @@ #include #include -#include - namespace vist { namespace policy { @@ -60,7 +58,7 @@ public: PolicyValue strictest(const std::shared_ptr& policy); - std::vector getAdmins() const noexcept; + std::unordered_map getAdmins() const noexcept; private: std::string getScript(const std::string& name);