From: Aleksander Zdyb Date: Fri, 19 Jun 2015 09:54:25 +0000 (+0200) Subject: Implement Audit::SyscallRuleData X-Git-Tag: accepted/tizen/3.0/common/20161114.110018~20 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c606ecc0bca4c901e6c1f3bd692d4b737a532bf6;p=platform%2Fcore%2Fsecurity%2Fnice-lad.git Implement Audit::SyscallRuleData This is an objective wrapper on libaudit's audit_rule_data. Change-Id: Ie5d67e1fa3db0aac46e9b2927666d4d422ed71b8 --- diff --git a/src/Audit/SyscallRuleData.cpp b/src/Audit/SyscallRuleData.cpp new file mode 100644 index 0000000..6b828cb --- /dev/null +++ b/src/Audit/SyscallRuleData.cpp @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file src/Audit/SyscallRuleData.cpp + * @author Aleksander Zdyb + * @version 1.0 + */ + +#include + +#include + +#include "SyscallRuleData.h" + +namespace Audit { + +SyscallRuleData::SyscallRuleData(BaseAuditWrapper &auditApi, const std::string &syscall) + : m_auditApi(auditApi), m_syscall(syscall) {} + +void SyscallRuleData::addPair(const std::string &key, const std::string &value) { + m_pairs.insert({ key, value }); +} + +struct audit_rule_data *SyscallRuleData::get() const { + auto ruleData = m_auditApi.create_rule_data(); + + m_auditApi.audit_rule_syscallbyname_data(ruleData, m_syscall.c_str()); + + const auto pairLen = m_auditApi.MAX_AUDIT_MESSAGE_LENGTH_CONST(); + char pair[pairLen]; + + for (const auto &kv : m_pairs) { + auto ret = snprintf(pair, pairLen, "%s=%s", kv.first.c_str(), kv.second.c_str()); + if (ret < 0 || ret >= pairLen) + throw ErrorException("Could not fill rule data"); + m_auditApi.audit_rule_fieldpair_data(&ruleData, pair, m_auditApi.AUDIT_FILTER_EXIT_CONST()); + } + + return ruleData; +} + +} /* namespace Audit */ diff --git a/src/Audit/SyscallRuleData.h b/src/Audit/SyscallRuleData.h new file mode 100644 index 0000000..f06b1e6 --- /dev/null +++ b/src/Audit/SyscallRuleData.h @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file src/Audit/SyscallRuleData.h + * @author Aleksander Zdyb + * @version 1.0 + */ + + +#ifndef SRC_AUDIT_RULEDATA_H +#define SRC_AUDIT_RULEDATA_H + +#include +#include + +#include + +namespace Audit { + +class SyscallRuleData { +public: + typedef std::unordered_map Pairs; + + SyscallRuleData(BaseAuditWrapper &auditApi, const std::string &syscall = "all"); + virtual ~SyscallRuleData() = default; + + void addPair(const std::string &key, const std::string &value); + + virtual struct audit_rule_data *get() const; + +private: + BaseAuditWrapper &m_auditApi; + std::string m_syscall; + Pairs m_pairs; +}; + +} /* namespace Audit */ + +#endif /* SRC_AUDIT_RULEDATA_H */