From: Sungbae Yoo Date: Wed, 14 Jun 2017 05:11:32 +0000 (+0900) Subject: Add a daemon and library for auditing X-Git-Tag: submit/tizen/20171212.052346~16 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=cf10bb0c37416d3510ae4c34e3baf904d354fd7d;p=platform%2Fcore%2Fsecurity%2Faudit-trail.git Add a daemon and library for auditing Signed-off-by: Sungbae Yoo Change-Id: I395aea32c905758009230bc778bcef93a469c8dd --- diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100755 index 0000000..5fb7138 --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,79 @@ +# +# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +CMAKE_MINIMUM_REQUIRED(VERSION 2.8) + +PROJECT(audit-trail) + +IF(NOT DEFINED VERSION) + SET(VERSION "0.0.1") +ENDIF(NOT DEFINED VERSION) + +INCLUDE(FindPkgConfig) + +IF(NOT CMAKE_BUILD_TYPE) + SET(CMAKE_BUILD_TYPE "DEBUG") +ENDIF(NOT CMAKE_BUILD_TYPE) + +SET(AUDIT_TRAIL_LIB ${PROJECT_SOURCE_DIR}/lib) +SET(AUDIT_TRAIL_SERVER ${PROJECT_SOURCE_DIR}/server) +SET(AUDIT_TRAIL_TOOLS ${PROJECT_SOURCE_DIR}/tools) + +IF("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU" AND CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.7) + SET(CXX_STD "c++0x") +else() + SET(CXX_STD "c++11") +endif() + +SET(COMPILE_BASE_FLAGS "-g -fPIC -Werror -Wall -Wl,--as-needed -Wl,--no-whole-archive") +SET(CMAKE_C_FLAGS_PROFILING "${COMPILE_BASE_FLAGS} -O0 -pg") +SET(CMAKE_CXX_FLAGS_PROFILING "${COMPILE_BASE_FLAGS} -O0 -pg -std=${CXX_STD} -fno-rtti") +SET(CMAKE_C_FLAGS_DEBUG "${COMPILE_BASE_FLAGS} -O0 -ggdb") +SET(CMAKE_CXX_FLAGS_DEBUG "${COMPILE_BASE_FLAGS} -O0 -ggdb -std=${CXX_STD} -fno-rtti") +SET(CMAKE_C_FLAGS_RELEASE "${COMPILE_BASE_FLAGS} -O2 -DNDEBUG") +SET(CMAKE_CXX_FLAGS_RELEASE "${COMPILE_BASE_FLAGS} -O2 -DNDEBUG -std=${CXX_STD} -fno-rtti") +SET(CMAKE_C_FLAGS_CCOV "${COMPILE_BASE_FLAGS} -O0 --coverage") +SET(CMAKE_CXX_FLAGS_CCOV "${COMPILE_BASE_FLAGS} -O0 --coverage -std=${CXX_STD} -fno-rtti") + +IF(NOT DEFINED LIB_DIR) + SET(LIB_DIR "${CMAKE_INSTALL_LIBDIR}") +ENDIF(NOT DEFINED LIB_DIR) + +IF(NOT DEFINED INCLUDE_DIR) + SET(INCLUDE__DIR "${CMAKE_INSTALL_INCLUDEDIR}") +ENDIF(NOT DEFINED INCLUDE_DIR) + +IF(NOT DEFINED RUN_DIR) + SET(RUN_DIR "/run") +ENDIF(NOT DEFINED RUN_DIR) + +IF(NOT DEFINED BIN_DIR) + SET(BIN_DIR "${CMAKE_INSTALL_BINDIR}") +ENDIF(NOT DEFINED BIN_DIR) + +IF(NOT DEFINED HOME_DIR) + SET(HOME_DIR "/home") +ENDIF(NOT DEFINED HOME_DIR) + +IF(NOT DEFINED SYSTEMD_UNIT_DIR) + SET(SYSTEMD_UNIT_DIR "${CMAKE_INSTALL_PREFIX}/lib/systemd/system") +ENDIF(NOT DEFINED SYSTEMD_UNIT_DIR) + +ADD_DEFINITIONS(-DUG_WAYLAND) + +ADD_SUBDIRECTORY(${AUDIT_TRAIL_LIB}) +ADD_SUBDIRECTORY(${AUDIT_TRAIL_SERVER}) +ADD_SUBDIRECTORY(${AUDIT_TRAIL_TOOLS}) diff --git a/Makefile b/Makefile deleted file mode 100644 index 59a3d01..0000000 --- a/Makefile +++ /dev/null @@ -1,30 +0,0 @@ -# -# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -CONFIG_AUDITTRAIL = m -export CONFIG_AUDITTRAIL - -obj-y = audittrail/ - -all: - $(MAKE) -C ${KERNEL_DEV_PATH} M=${PWD} modules - -install: - @cp audittrail/*.ko ${KERNEL_MOD_PATH}/. - -clean: - $(MAKE) -C ${KERNEL_DEV_PATH} M=${PWD} clean diff --git a/audittrail/Kconfig b/audittrail/Kconfig deleted file mode 100644 index 77bdc1c..0000000 --- a/audittrail/Kconfig +++ /dev/null @@ -1,11 +0,0 @@ -config AUDITTRAIL - boolean "Enable Audit trail collector" - depends on SECURITYFS - default y - help - This option enables a system to collect various kinds of audit trail - (audit log). It has a directory which has two files. - First file is used for sending some commands such as registering - process itself as a consumer or provider. - Second files is used for getting or putting audit logs as a consumer - or provider. diff --git a/audittrail/Makefile b/audittrail/Makefile deleted file mode 100644 index 956d763..0000000 --- a/audittrail/Makefile +++ /dev/null @@ -1,3 +0,0 @@ -obj-$(CONFIG_AUDITTRAIL) = audittrail.o -audittrail-objs += main.o -audittrail-objs += dir.o diff --git a/audittrail/dir.c b/audittrail/dir.c deleted file mode 100644 index 9f7455a..0000000 --- a/audittrail/dir.c +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -#include -#include - -#include "log.h" -#include "dir.h" - -static struct dentry *audittrail_dir = NULL; -static struct dentry *audittrail_command = NULL; -static struct dentry *audittrail_buffer = NULL; - -static int audittrail_command_open(struct inode * inode, struct file *file) -{ - if ((file->f_flags & O_ACCMODE) != O_WRONLY) - return -EACCES; - - return 0; -} - -static ssize_t audittrail_command_write(struct file *file, const char __user *buf, - size_t datalen, loff_t *ppos) -{ - return -EINVAL; -} - -static const struct file_operations audittrail_command_ops = { - .open = audittrail_command_open, - .write = audittrail_command_write, -}; - -static int audittrail_buffer_open(struct inode * inode, struct file *file) -{ - return 0; -} - -static ssize_t audittrail_buffer_read(struct file *file, - char __user *buf, - size_t datalen, loff_t *ppos) -{ - return -EINVAL; -} - -static ssize_t audittrail_buffer_write(struct file *file, - const char __user *buf, - size_t datalen, loff_t *ppos) -{ - return -EINVAL; -} - -static int audittrail_buffer_release(struct inode *inode, struct file *file) -{ - return 0; -} - -static const struct file_operations audittrail_buffer_ops = { - .open = audittrail_buffer_open, - .read = audittrail_buffer_read, - .write = audittrail_buffer_write, - .release = audittrail_buffer_release, -}; - - -int audittrail_dir_create(void) -{ - audittrail_dir = securityfs_create_dir("audittrail", NULL); - if (IS_ERR(audittrail_dir)) - goto err; - - audittrail_command = - securityfs_create_file("command", - S_IWUSR | S_IWGRP, audittrail_dir, NULL, - &audittrail_command_ops); - if (IS_ERR(audittrail_command)) - goto err; - - audittrail_buffer = - securityfs_create_file("buffer", - S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP, - audittrail_dir, NULL, - &audittrail_buffer_ops); - if (IS_ERR(audittrail_buffer)) - goto err; - - return 0; - -err: - audittrail_dir_destroy(); - return -1; -} - -void audittrail_dir_destroy(void) -{ - securityfs_remove(audittrail_buffer); - securityfs_remove(audittrail_command); - securityfs_remove(audittrail_dir); -} diff --git a/audittrail/dir.h b/audittrail/dir.h deleted file mode 100644 index b492179..0000000 --- a/audittrail/dir.h +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ -#ifndef __AUDITTRAIL_DIR_H__ -#define __AUDITTRAIL_DIR_H__ - -int audittrail_dir_create(void); -void audittrail_dir_destroy(void); - -#endif //! __AUDITTRAIL_DIR_H__ diff --git a/audittrail/log.h b/audittrail/log.h deleted file mode 100644 index 0bdf8d6..0000000 --- a/audittrail/log.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ -#ifndef __AUDITTRAIL_LOG_H__ -#define __AUDITTRAIL_LOG_H__ - -#include - -#define LOG_TAG "audit-trail: " - -#define FMT(fmt) fmt -#define AUDITTRAIL_ERROR(fmt, ...) \ - printk(KERN_ERR LOG_TAG FMT(fmt), ##__VA_ARGS__) -#define AUDITTRAIL_WARN(fmt, ...) \ - printk(KERN_WARNING LOG_TAG FMT(fmt), ##__VA_ARGS__) -#define AUDITTRAIL_INFO(fmt, ...) \ - printk(KERN_INFO LOG_TAG FMT(fmt), ##__VA_ARGS__) - -#endif //! __AUDITTRAIL_LOG_H__ diff --git a/audittrail/main.c b/audittrail/main.c deleted file mode 100644 index 2eb82e3..0000000 --- a/audittrail/main.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ -#include - -#include "log.h" -#include "dir.h" - -int audittrail_init(void) -{ - AUDITTRAIL_INFO("loaded"); - - if (audittrail_dir_create() != 0) { - AUDITTRAIL_ERROR("failed to create auditfs"); - return -1; - } - - AUDITTRAIL_INFO("auditfs ready"); - - return 0; -} - -void audittrail_exit(void) -{ - audittrail_dir_destroy(); - - AUDITTRAIL_INFO("unloaded"); -} - -module_init(audittrail_init); -module_exit(audittrail_exit); - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Sungbae Yoo"); diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt new file mode 100755 index 0000000..7939b1d --- /dev/null +++ b/lib/CMakeLists.txt @@ -0,0 +1,51 @@ +# +# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +SET(LIB_VERSION "${VERSION}") +SET(LIB_SOVERSION "0") + +SET(PC_FILE "${PROJECT_NAME}.pc") + +SET(SOURCES client.cpp + smack.cpp + audit-trail/smack.cpp + audit-trail/audit-trail.cpp +) + +SET(CAPI_INCLUDE_FILES audit-trail/common.h + audit-trail/smack.h + audit-trail/audit-trail.h +) + + +SET (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack") + +PKG_CHECK_MODULES(LIBS_DEPS REQUIRED + klay +) + +ADD_LIBRARY(${PROJECT_NAME} SHARED ${SOURCES}) +SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES COMPILE_FLAGS "-fvisibility=hidden") +SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES SOVERSION ${LIB_SOVERSION}) +SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES VERSION ${LIB_VERSION}) + +INCLUDE_DIRECTORIES(SYSTEM ${LIBS_DEPS_INCLUDE_DIRS} ${AUDIT_TRAIL_LIB} ${PROJECT_SOURCE_DIR}) +TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${LIBS_DEPS_LIBRARIES} pthread) + +CONFIGURE_FILE(${PC_FILE}.in ${CMAKE_BINARY_DIR}/${PC_FILE} @ONLY) + +INSTALL(FILES ${CMAKE_BINARY_DIR}/${PC_FILE} DESTINATION ${LIB_INSTALL_DIR}/pkgconfig) +INSTALL(TARGETS ${PROJECT_NAME} DESTINATION ${LIB_INSTALL_DIR} COMPONENT RuntimeLibraries) +INSTALL(FILES ${CAPI_INCLUDE_FILES} DESTINATION ${INCLUDE_INSTALL_DIR}/audit-trail) diff --git a/lib/audit-trail.pc.in b/lib/audit-trail.pc.in new file mode 100644 index 0000000..175f23b --- /dev/null +++ b/lib/audit-trail.pc.in @@ -0,0 +1,12 @@ +# Package Information for pkg-config + +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=@CMAKE_INSTALL_PREFIX@ +libdir=@LIB_INSTALL_DIR@ +includedir=@INCLUDE_INSTALL_DIR@ + +Name: @PROJECT_NAME@ +Description: Tizen @PROJECT_NAME@ Client library +Version: @VERSION@ +Libs: -L${libdir} -l@PROJECT_NAME@ +Cflags: -I${includedir}/@PROJECT_NAME@ diff --git a/lib/audit-trail/audit-trail.cpp b/lib/audit-trail/audit-trail.cpp new file mode 100644 index 0000000..ac01e8c --- /dev/null +++ b/lib/audit-trail/audit-trail.cpp @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include + +#include "debug.h" +#include "audit-trail.h" + +#include "client.h" + +int audit_trail_create(audit_trail_h* handle) +{ + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + + AuditTrailContext* client = new(std::nothrow) AuditTrailContext(); + + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_CONNECTION_REFUSED); + + if (client->connect() < 0) { + delete client; + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_CONNECTION_REFUSED); + } + + *handle = reinterpret_cast(client); + + return AUDIT_TRAIL_ERROR_NONE; +} + +int audit_trail_destroy(audit_trail_h handle) +{ + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + + delete &GetAuditTrailContext(handle); + + return AUDIT_TRAIL_ERROR_NONE; +} diff --git a/lib/audit-trail/audit-trail.h b/lib/audit-trail/audit-trail.h new file mode 100644 index 0000000..11fd737 --- /dev/null +++ b/lib/audit-trail/audit-trail.h @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __CAPI_AUDIT_TRAIL_AUDIT_TRAIL_H__ +#define __CAPI_AUDIT_TRAIL_AUDIT_TRAIL_H__ + +#include + +/** + * @file audit-trail.h + * @brief This file provides APIs to get a handle of audit-trail + */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief The audit-trail handle + * @details The audit-trail handle is an abstraction of the logical + * connection between the audit-trail manager and it's client. + * The audit-trail handle must be created by using + * audit_trail_create() before attempting to use almost any of + * the audit-trail related APIs, and it should be freed when interaction + * with the audit-trail manager is no longer required. + * To release the handle, use audit_trail_destroy(). + * @since_tizen 5.0 + * @see audit_trail_create() + * @see audit_trail_destroy() + */ +typedef void* audit_trail_h; + +/** + * @brief Creates the audit-trail handle. + * @details This API creates audit-trail handle required to the audit-trail + * related APIs. + * This API is also used to verify whether caller is authorized + * or not. + * @since_tizen 5.0 + * @param[out] handle The audit-trail handle + * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value + * @retval #AUDIT_TRAIL_ERROR_NONE Successful + * @retval #AUDIT_TRAIL_ERROR_CONNECTION_REFUSED Connection refused + * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out + * @see audit_trail_destroy() + * @see get_last_result() + */ +AUDIT_TRAIL_API int audit_trail_create(audit_trail_h *handle); + +/** + * @brief Releases the audit-trail handle. + * @details This API must be called if interaction with the audit-trail API + * is no longer required. + * @since_tizen 5.0 + * @param[in] handle The audit-trail handle + * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value + * @retval #AUDIT_TRAIL_ERROR_NONE Successful + * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter + * @pre The handle must be created by audit_trail_create() + * @see audit_trail_create() + */ +AUDIT_TRAIL_API int audit_trail_destroy(audit_trail_h handle); + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif /* __CAPI_AUDIT_TRAIL_AUDIT_TRAIL_H__ */ diff --git a/lib/audit-trail/common.h b/lib/audit-trail/common.h new file mode 100644 index 0000000..726ac18 --- /dev/null +++ b/lib/audit-trail/common.h @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __CAPI_AUDIT_TRAIL_COMMON_H__ +#define __CAPI_AUDIT_TRAIL_COMMON_H__ + +#include + +/** + * @file ode.h + * @brief This file defines common data types required to ode APIs. + */ + +#ifndef AUDIT_TRAIL_API +#define AUDIT_TRAIL_API __attribute__((visibility("default"))) +#endif // API + +#ifndef TRUE +#define TRUE 1 +#endif + +#ifndef FALSE +#define FALSE 0 +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @addtogroup CAPI_AUDIT_TRAIL_MODULE + * @{ + */ + +/** + * @brief Enumeration of device encryption API errors + * @since_tizen 3.0 + */ +typedef enum { + AUDIT_TRAIL_ERROR_NONE = TIZEN_ERROR_NONE, /**< The operation was successful */ + AUDIT_TRAIL_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid parameter */ + AUDIT_TRAIL_ERROR_CONNECTION_REFUSED = TIZEN_ERROR_CONNECTION_REFUSED, /**< Connection refused */ + AUDIT_TRAIL_ERROR_TIMED_OUT = TIZEN_ERROR_TIMED_OUT, /**< Time out */ + AUDIT_TRAIL_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Access privilege is not sufficient */ + AUDIT_TRAIL_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED, /**< Operation is not supported */ + AUDIT_TRAIL_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */ + AUDIT_TRAIL_ERROR_NOT_PERMITTED = TIZEN_ERROR_NOT_PERMITTED, /**< Operation is not permitted */ + AUDIT_TRAIL_ERROR_NO_DATA = TIZEN_ERROR_NO_DATA /**< No Data */ +} audit_trail_error_type_e; + +/** + * @brief Called to get all strings in an array + * @since_tizen 5.0 + * @param[in] log Each string in an array + * @param[in] user_data The user data passed from the function + * @see audit_trail_add_log_cb + * @see audit_trail_remove_log_cb + * @see audit_trail_foreach_smack + */ +typedef void (*audit_trail_string_cb)(const char* log, void* user_data); + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif /* __CAPI_AUDIT_TRAIL_COMMON_H__ */ diff --git a/lib/audit-trail/debug.h b/lib/audit-trail/debug.h new file mode 100644 index 0000000..14a9c60 --- /dev/null +++ b/lib/audit-trail/debug.h @@ -0,0 +1,26 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __CAPI_AUDIT_TRAIL_ASSERT_H__ +#define __CAPI_AUDIT_TRAIL_ASSERT_H__ + +#define RET_ON_FAILURE(cond, ret) \ +{ \ + if (!(cond)) \ + return (ret); \ +} + +#endif //! __CAPI_AUDIT_TRAIL_ASSERT_H__ diff --git a/lib/audit-trail/smack.cpp b/lib/audit-trail/smack.cpp new file mode 100644 index 0000000..e30ddda --- /dev/null +++ b/lib/audit-trail/smack.cpp @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include + +#include "debug.h" +#include "smack.h" + +#include "client.h" +#include "rmi/smack.h" + +using namespace AuditTrail; + +int audit_trail_foreach_smack(audit_trail_h handle, audit_trail_string_cb callback, void *user_data) +{ + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + + AuditTrailContext &client = GetAuditTrailContext(handle); + Smack smack = client.createInterface(); + + int iter = smack.createIterator(); + do { + callback(smack.getIteratorValue(iter).c_str(), user_data); + } while (smack.nextIterator(iter)); + smack.destroyIterator(iter); + + return AUDIT_TRAIL_ERROR_NONE; +} + +int audit_trail_clear_smack(audit_trail_h handle) +{ + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + + AuditTrailContext &client = GetAuditTrailContext(handle); + Smack smack = client.createInterface(); + smack.clear(); + + return AUDIT_TRAIL_ERROR_NONE; +} + +int audit_trail_add_smack_cb(audit_trail_h handle, audit_trail_string_cb callback, void* user_data, int *id) +{ + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(callback, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + + AuditTrailContext &context = GetAuditTrailContext(handle); + int ret = context.subscribeNotification("Smack", callback, user_data); + if (ret < 0) + return AUDIT_TRAIL_ERROR_INVALID_PARAMETER; + + *id = ret; + return AUDIT_TRAIL_ERROR_NONE; +} + +int audit_trail_remove_smack_cb(audit_trail_h handle, int callback_id) +{ + RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(callback_id >= 0, AUDIT_TRAIL_ERROR_INVALID_PARAMETER); + + AuditTrailContext &context = GetAuditTrailContext(handle); + int ret = context.unsubscribeNotification(callback_id); + if (ret) + return AUDIT_TRAIL_ERROR_INVALID_PARAMETER; + + return AUDIT_TRAIL_ERROR_NONE; +} diff --git a/lib/audit-trail/smack.h b/lib/audit-trail/smack.h new file mode 100644 index 0000000..82c48ff --- /dev/null +++ b/lib/audit-trail/smack.h @@ -0,0 +1,112 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __CAPI_AUDIT_TRAIL_SMACK_H__ +#define __CAPI_AUDIT_TRAIL_SMACK_H__ + +#include + +/** + * @file smack.h + * @brief This file provides APIs to get smack logs + */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Retrieves all smack logs that occured in system. + * @details This API calls audit_trail_strimg_cb() once for each logs. + * @since_tizen 5.0 + * @param[in] handle The audit-trail handle + * @param[in] callback The iteration callback function + * @param[in] user_data The user data passed to the callback function + * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value + * @retval #AUDIT_TRAIL_ERROR_NONE Successful + * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out + * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter + * @pre The handle must be created by audit_trail_create(). + * @see audit_trail_create() + * @see audit_trail_destroy() + */ +AUDIT_TRAIL_API int audit_trail_foreach_smack(audit_trail_h handle, audit_trail_string_cb callback, void *user_data); + +/** + * @brief Clears all smack logs saved in audit-trail. + * @details This API removes all smack logs collected by audit-trail. + * @since_tizen 5.0 + * @param[in] handle The audit-trail handle + * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value + * @retval #AUDIT_TRAIL_ERROR_NONE Successful + * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out + * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter + * @pre The handle must be created by audit_trail_create(). + * @see audit_trail_create() + * @see audit_trail_destroy() + * @see audit_trail_foreach_smack() + */ +AUDIT_TRAIL_API int audit_trail_clear_smack(audit_trail_h handle); + +/** + * @brief Adds a smack log callback. + * @details This API can be used to receive logs of system + * The callback specified to this function is automatically + * called when a new log occurs. + * @since_tizen 3.0 + * @param[in] context The audit_trail handle + * @param[in] callback The callback to get smack logs + * @param[in] user_data The user data passed to the callback function + * @param[out] id Callback identifier + * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value + * @retval #AUDIT_TRAIL_ERROR_NONE Successful + * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out + * @pre The handle must be created by audit_trail_create(). + * @see audit_trail_create() + * @see audit_trail_destroy() + * @see audit_trail_remove_smack_cb() + */ +AUDIT_TRAIL_API int audit_trail_add_smack_cb(audit_trail_h handle, + audit_trail_string_cb callback, void* user_data, + int* id); + +/** + * @brief Removes the smack log callback. + * @details This API can be used to remove the smack log callback + * @since_tizen 3.0 + * @param[in] context The audit trail handle + * @param[in] id Callback identifier + * @return #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value + * @retval #AUDIT_TRAIL_ERROR_NONE Successful + * @retval #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #AUDIT_TRAIL_ERROR_TIMED_OUT Time out + * @pre The context must be created by audit_trail_create(). + * @see audit_trail_create() + * @see audit_trail_destroy() + * @see audit_trail_add_smack_cb() + */ +AUDIT_TRAIL_API int audit_trail_remove_smack_cb(audit_trail_h handle, int id); + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif /* __CAPI_AUDIT_TRAIL_SMACK_H__ */ diff --git a/lib/client.cpp b/lib/client.cpp new file mode 100644 index 0000000..64182a2 --- /dev/null +++ b/lib/client.cpp @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include "client.h" + +namespace { + +const std::string SUBSCRIBER_REGISTER = "Server::registerNotificationSubscriber"; +const std::string SUBSCRIBER_UNREGISTER = "Server::unregisterNotificationSubscriber"; + + +const std::string AUDIT_TRAIL_MANAGER_ADDRESS = "/tmp/.audit-trail.sock"; + +} // namespace + + +AuditTrailContext::AuditTrailContext() noexcept +{ +} + +AuditTrailContext::~AuditTrailContext() noexcept +{ + disconnect(); +} + +int AuditTrailContext::connect(const std::string& address) noexcept +{ + try { + client.reset(new rmi::Client(address)); + client->connect(); + } catch (runtime::Exception& e) { + return -1; + } + + return 0; +} + +int AuditTrailContext::connect() noexcept +{ + return connect(AUDIT_TRAIL_MANAGER_ADDRESS); +} + +void AuditTrailContext::disconnect() noexcept +{ + client.reset(); +} + +int AuditTrailContext::subscribeNotification(const std::string& name, + const SignalListener& listener, + void* data) +{ + auto listenerDispatcher = [listener, data](std::string name, std::string type) { + listener(type.c_str(), data); + }; + + try { + return client->subscribe + (SUBSCRIBER_REGISTER, name, listenerDispatcher); + } catch (runtime::Exception& e) { + std::cout << e.what() << std::endl; + return -1; + } +} + +int AuditTrailContext::unsubscribeNotification(int subscriberId) +{ + return client->unsubscribe(SUBSCRIBER_UNREGISTER, subscriberId); +} + +AuditTrailContext& GetAuditTrailContext(void* handle) +{ + return *reinterpret_cast(handle); +} diff --git a/lib/client.h b/lib/client.h new file mode 100644 index 0000000..d6dbce2 --- /dev/null +++ b/lib/client.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __AUDIT_TRAIL_CLIENT_H__ +#define __AUDIT_TRAIL_CLIENT_H__ + +#include +#include +#include + +#include + +typedef std::function SignalListener; + +class AuditTrailContext final { +public: + typedef std::unique_ptr AuditTrailControlContext; + + AuditTrailContext() noexcept; + ~AuditTrailContext() noexcept; + + int connect() noexcept; + int connect(const std::string& address) noexcept; + void disconnect() noexcept; + + int subscribeNotification(const std::string& name, const SignalListener& listener, void* data); + int unsubscribeNotification(int subscriberId); + + template + Interface createInterface(Args&&... args) noexcept + { + return Interface(getAuditTrailControlContext(), std::forward(args)...); + } + +private: + AuditTrailControlContext& getAuditTrailControlContext() + { + return client; + } + + AuditTrailControlContext client; +}; + +AuditTrailContext& GetAuditTrailContext(void* handle); +#endif //__AUDIT_TRAIL_CLIENT_H__ diff --git a/lib/context.h b/lib/context.h new file mode 100644 index 0000000..11255fc --- /dev/null +++ b/lib/context.h @@ -0,0 +1,24 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __AUDIT_TRAIL_CONTEXT__ +#define __AUDIT_TRAIL_CONTEXT__ + +#include "client.h" + +using AuditTrailControlContext = ::AuditTrailContext::AuditTrailControlContext; + +#endif //!__AUDIT_TRAIL_CONTEXT__ diff --git a/lib/smack.cpp b/lib/smack.cpp new file mode 100644 index 0000000..2800529 --- /dev/null +++ b/lib/smack.cpp @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include "rmi/smack.h" + +namespace AuditTrail { + +Smack::Smack(AuditTrailControlContext& ctx) : + context(ctx) +{ +} + +Smack::~Smack() +{ +} + +int Smack::createIterator() +{ + try { + return context->methodCall("Smack::createIterator"); + } catch (runtime::Exception& e) {} + return -1; +} + +std::string Smack::getIteratorValue(int iterator) +{ + try { + return context->methodCall("Smack::getIteratorValue", iterator); + } catch (runtime::Exception& e) {} + return ""; +} + +bool Smack::nextIterator(int iterator) +{ + try { + return context->methodCall("Smack::nextIterator", iterator); + } catch (runtime::Exception& e) {} + return false; +} + +int Smack::destroyIterator(int iterator) +{ + try { + return context->methodCall("Smack::destroyIterator", iterator); + } catch (runtime::Exception& e) {} + return -1; +} + +int Smack::clear() +{ + try { + return context->methodCall("Smack::clear"); + } catch (runtime::Exception& e) {} + return 0; +} + +} // namespace AuditTrail diff --git a/module/Makefile b/module/Makefile new file mode 100644 index 0000000..59a3d01 --- /dev/null +++ b/module/Makefile @@ -0,0 +1,30 @@ +# +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +CONFIG_AUDITTRAIL = m +export CONFIG_AUDITTRAIL + +obj-y = audittrail/ + +all: + $(MAKE) -C ${KERNEL_DEV_PATH} M=${PWD} modules + +install: + @cp audittrail/*.ko ${KERNEL_MOD_PATH}/. + +clean: + $(MAKE) -C ${KERNEL_DEV_PATH} M=${PWD} clean diff --git a/module/audittrail/Kconfig b/module/audittrail/Kconfig new file mode 100644 index 0000000..77bdc1c --- /dev/null +++ b/module/audittrail/Kconfig @@ -0,0 +1,11 @@ +config AUDITTRAIL + boolean "Enable Audit trail collector" + depends on SECURITYFS + default y + help + This option enables a system to collect various kinds of audit trail + (audit log). It has a directory which has two files. + First file is used for sending some commands such as registering + process itself as a consumer or provider. + Second files is used for getting or putting audit logs as a consumer + or provider. diff --git a/module/audittrail/Makefile b/module/audittrail/Makefile new file mode 100644 index 0000000..956d763 --- /dev/null +++ b/module/audittrail/Makefile @@ -0,0 +1,3 @@ +obj-$(CONFIG_AUDITTRAIL) = audittrail.o +audittrail-objs += main.o +audittrail-objs += dir.o diff --git a/module/audittrail/dir.c b/module/audittrail/dir.c new file mode 100644 index 0000000..9f7455a --- /dev/null +++ b/module/audittrail/dir.c @@ -0,0 +1,114 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + */ + +#include +#include + +#include "log.h" +#include "dir.h" + +static struct dentry *audittrail_dir = NULL; +static struct dentry *audittrail_command = NULL; +static struct dentry *audittrail_buffer = NULL; + +static int audittrail_command_open(struct inode * inode, struct file *file) +{ + if ((file->f_flags & O_ACCMODE) != O_WRONLY) + return -EACCES; + + return 0; +} + +static ssize_t audittrail_command_write(struct file *file, const char __user *buf, + size_t datalen, loff_t *ppos) +{ + return -EINVAL; +} + +static const struct file_operations audittrail_command_ops = { + .open = audittrail_command_open, + .write = audittrail_command_write, +}; + +static int audittrail_buffer_open(struct inode * inode, struct file *file) +{ + return 0; +} + +static ssize_t audittrail_buffer_read(struct file *file, + char __user *buf, + size_t datalen, loff_t *ppos) +{ + return -EINVAL; +} + +static ssize_t audittrail_buffer_write(struct file *file, + const char __user *buf, + size_t datalen, loff_t *ppos) +{ + return -EINVAL; +} + +static int audittrail_buffer_release(struct inode *inode, struct file *file) +{ + return 0; +} + +static const struct file_operations audittrail_buffer_ops = { + .open = audittrail_buffer_open, + .read = audittrail_buffer_read, + .write = audittrail_buffer_write, + .release = audittrail_buffer_release, +}; + + +int audittrail_dir_create(void) +{ + audittrail_dir = securityfs_create_dir("audittrail", NULL); + if (IS_ERR(audittrail_dir)) + goto err; + + audittrail_command = + securityfs_create_file("command", + S_IWUSR | S_IWGRP, audittrail_dir, NULL, + &audittrail_command_ops); + if (IS_ERR(audittrail_command)) + goto err; + + audittrail_buffer = + securityfs_create_file("buffer", + S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP, + audittrail_dir, NULL, + &audittrail_buffer_ops); + if (IS_ERR(audittrail_buffer)) + goto err; + + return 0; + +err: + audittrail_dir_destroy(); + return -1; +} + +void audittrail_dir_destroy(void) +{ + securityfs_remove(audittrail_buffer); + securityfs_remove(audittrail_command); + securityfs_remove(audittrail_dir); +} diff --git a/module/audittrail/dir.h b/module/audittrail/dir.h new file mode 100644 index 0000000..b492179 --- /dev/null +++ b/module/audittrail/dir.h @@ -0,0 +1,25 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + */ +#ifndef __AUDITTRAIL_DIR_H__ +#define __AUDITTRAIL_DIR_H__ + +int audittrail_dir_create(void); +void audittrail_dir_destroy(void); + +#endif //! __AUDITTRAIL_DIR_H__ diff --git a/module/audittrail/log.h b/module/audittrail/log.h new file mode 100644 index 0000000..0bdf8d6 --- /dev/null +++ b/module/audittrail/log.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + */ +#ifndef __AUDITTRAIL_LOG_H__ +#define __AUDITTRAIL_LOG_H__ + +#include + +#define LOG_TAG "audit-trail: " + +#define FMT(fmt) fmt +#define AUDITTRAIL_ERROR(fmt, ...) \ + printk(KERN_ERR LOG_TAG FMT(fmt), ##__VA_ARGS__) +#define AUDITTRAIL_WARN(fmt, ...) \ + printk(KERN_WARNING LOG_TAG FMT(fmt), ##__VA_ARGS__) +#define AUDITTRAIL_INFO(fmt, ...) \ + printk(KERN_INFO LOG_TAG FMT(fmt), ##__VA_ARGS__) + +#endif //! __AUDITTRAIL_LOG_H__ diff --git a/module/audittrail/main.c b/module/audittrail/main.c new file mode 100644 index 0000000..2eb82e3 --- /dev/null +++ b/module/audittrail/main.c @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * + */ +#include + +#include "log.h" +#include "dir.h" + +int audittrail_init(void) +{ + AUDITTRAIL_INFO("loaded"); + + if (audittrail_dir_create() != 0) { + AUDITTRAIL_ERROR("failed to create auditfs"); + return -1; + } + + AUDITTRAIL_INFO("auditfs ready"); + + return 0; +} + +void audittrail_exit(void) +{ + audittrail_dir_destroy(); + + AUDITTRAIL_INFO("unloaded"); +} + +module_init(audittrail_init); +module_exit(audittrail_exit); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Sungbae Yoo"); diff --git a/packaging/audit-trail.spec b/packaging/audit-trail.spec index dcf1be3..f23072b 100755 --- a/packaging/audit-trail.spec +++ b/packaging/audit-trail.spec @@ -1,41 +1,122 @@ Name: audit-trail Version: 0.0.1 Release: 0 -License: GPL +License: Apache-2.0 Source0: file://%{name}-%{version}.tar.gz -Summary: Tizen device encryption and secure erase manager +Summary: Tizen audit daemon Group: System/Kernel BuildRequires: gcc -BuildRequires: make BuildRequires: cmake -BuildRequires: binutils-devel -BuildRequires: module-init-tools -BuildRequires: kernel-devel-tizen-dev +BuildRequires: pkgconfig(klay) +BuildRequires: pkgconfig(cynara-client) %define kernel_dev_path /boot/kernel/devel/tizen-devel #%define kernel_mod_path /boot/kernel/mod_tizen_tm1 %define kernel_mod_path /lib %description -The audit-trail-kernel package provides a kernel module which is responsible for trailing security logs of auditing. +The audit-trail package provides a daemon which is responsible for trailing security logs of auditing. %files %manifest audit-trail.manifest %defattr(644,root,root,755) -%{kernel_mod_path}/* +%attr(755,root,root) %{_bindir}/audit-trail-daemon +%{_unitdir}/audit-trail.service +%{_unitdir}/multi-user.target.wants/audit-trail.service +%attr(700,root,root) %{_sbindir}/audit-trail-admin-cli %prep %setup -q %build +%{!?build_type:%define build_type "RELEASE"} + +%if %{build_type} == "DEBUG" || %{build_type} == "PROFILING" || %{build_type} == "CCOV" + CFLAGS="$CFLAGS -Wp,-U_FORTIFY_SOURCE" + CXXFLAGS="$CXXFLAGS -Wp,-U_FORTIFY_SOURCE" +%endif + +%cmake . -DVERSION=%{version} \ + -DCMAKE_BUILD_TYPE=%{build_type} \ + -DRUN_DIR=%{TZ_SYS_RUN} \ + -DBIN_DIR=%{TZ_SYS_BIN} \ + -DSYSTEMD_UNIT_DIR=%{_unitdir} + +cd module make %{?jobs:-j%jobs} KERNEL_DEV_PATH=%{kernel_dev_path} %install +%make_install +mkdir -p %{buildroot}/%{_unitdir}/multi-user.target.wants +ln -s ../audit-trail.service %{buildroot}/%{_unitdir}/multi-user.target.wants/audit-trail.service + +cd module mkdir -p %{buildroot}%{kernel_mod_path} make %{?jobs:-j%jobs} KERNEL_DEV_PATH=%{kernel_dev_path} KERNEL_MOD_PATH=%{buildroot}%{kernel_mod_path} install %clean +cd module make %{?jobs:-j%jobs} KERNEL_DEV_PATH=%{kernel_dev_path} clean + rm -rf %{buildroot} %postun + +## Audit Trail Client Package ################################################ +%package -n libaudit-trail +Summary: Library for Tizen audit daemon +Group: Security/Libraries +BuildRequires: pkgconfig(libtzplatform-config) +Requires: %{name} = %{version}-%{release} +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig + +%description -n libaudit-trail +The libaudit-trail package contains the libraries needed to get the logs that are collected by audit daemon + +%post -n libaudit-trail -p /sbin/ldconfig + +%postun -n libaudit-trail -p /sbin/ldconfig + +%files -n libaudit-trail +%manifest audit-trail.manifest +%defattr(644,root,root,755) +%attr(755,root,root) %{_libdir}/libaudit-trail.so.%{version} +%{_libdir}/libaudit-trail.so.0 + +## Devel Package ############################################################# +%package -n libaudit-trail-devel +Summary: Libraries and header files for device encryption client development +Group: Development/Libraries +Requires: libaudit-trail = %{version}-%{release} + +%description -n libaudit-trail-devel +The libaudit-trail-devel package includes the libraries and header files necessary for developing auditing + +%files -n libaudit-trail-devel +%manifest audit-trail.manifest +%defattr(644,root,root,755) +%{_libdir}/libaudit-trail.so +%{_includedir}/audit-trail +%{_libdir}/pkgconfig/audit-trail.pc + +## Kernel module Package ##################################################### +%package -n audit-trail-kernel-module-3.10-sc7730 +License: GPL +Summary: Linux support headers for userspace development +Group: System/Kernel +Provides: audit-trail-kernel-module +BuildRequires: gcc +BuildRequires: make +BuildRequires: cmake +BuildRequires: binutils-devel +BuildRequires: module-init-tools +BuildRequires: kernel-devel-3.10-sc7730 + +%description -n audit-trail-kernel-module-3.10-sc7730 +The audit-trail-kernel package provides a kernel module which is responsible for trailing security logs of auditing. + +%files -n audit-trail-kernel-module-3.10-sc7730 +%manifest audit-trail.manifest +%defattr(644,root,root,755) +%{kernel_mod_path}/* diff --git a/rmi/smack.h b/rmi/smack.h new file mode 100644 index 0000000..e714d65 --- /dev/null +++ b/rmi/smack.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __AUDIT_TRAIL_LOGGER_H__ +#define __AUDIT_TRAIL_LOGGER_H__ + +#include "context.h" + +namespace AuditTrail { + +/** + * This class provides APIs to receive the logs + */ + +class Smack final { +public: + Smack(AuditTrailControlContext& ctxt); + ~Smack(); + + int createIterator(); + std::string getIteratorValue(int iterator); + bool nextIterator(int iterator); + int destroyIterator(int iterator); + + int clear(); + +private: + AuditTrailControlContext& context; +}; + +} // namespace AuditTrail +#endif // __AUDIT_TRAIL_LOGGER_H__ diff --git a/server/CMakeLists.txt b/server/CMakeLists.txt new file mode 100644 index 0000000..eff833b --- /dev/null +++ b/server/CMakeLists.txt @@ -0,0 +1,45 @@ +# +# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +SET(SERVER_SRCS main.cpp + server.cpp + smack.cpp +) + +SET(DEPENDENCY klay + cynara-client +) + +SET(SERVER_NAME ${PROJECT_NAME}-daemon) + +ADD_EXECUTABLE(${SERVER_NAME} ${SERVER_SRCS}) + +PKG_CHECK_MODULES(SERVER_DEPS REQUIRED ${DEPENDENCY}) + +INCLUDE_DIRECTORIES(SYSTEM ${SERVER_DEPS_INCLUDE_DIRS} ${AUDIT_TRAIL_SERVER} ${PROJECT_SOURCE_DIR}) + +TARGET_LINK_LIBRARIES(${SERVER_NAME} ${SERVER_DEPS_LIBRARIES} pthread) + +SET_TARGET_PROPERTIES(${SERVER_NAME} PROPERTIES COMPILE_FLAGS "-fPIE") +SET_TARGET_PROPERTIES(${SERVER_NAME} PROPERTIES LINK_FLAGS "-pie") + +TARGET_COMPILE_DEFINITIONS(${SERVER_NAME} PRIVATE + RUN_PATH="${RUN_DIR}" +) + +CONFIGURE_FILE(systemd/${PROJECT_NAME}.service.in systemd/${PROJECT_NAME}.service) + +INSTALL(TARGETS ${SERVER_NAME} DESTINATION ${BIN_DIR}) +INSTALL(FILES systemd/${PROJECT_NAME}.service DESTINATION ${SYSTEMD_UNIT_DIR}) diff --git a/server/context.h b/server/context.h new file mode 100644 index 0000000..7b4002e --- /dev/null +++ b/server/context.h @@ -0,0 +1,24 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __AUDIT_TRAIL_CONTEXT_H__ +#define __AUDIT_TRAIL_CONTEXT_H__ + +#include "server.h" + +using AuditTrailControlContext = Server; + +#endif //__AUDIT_TRAIL_CONTEXT_H__ diff --git a/server/main.cpp b/server/main.cpp new file mode 100644 index 0000000..448df58 --- /dev/null +++ b/server/main.cpp @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "server.h" + +void signalHandler(int signum) +{ + exit(0); +} + +int main(int argc, char *argv[]) +{ + ::signal(SIGINT, signalHandler); + + ::umask(0); + + try { + Server server; + server.run(); + } catch (std::exception &e) { + std::cerr << e.what() << std::endl; + return 1; + } + + return 0; +} diff --git a/server/server.cpp b/server/server.cpp new file mode 100644 index 0000000..d370d9a --- /dev/null +++ b/server/server.cpp @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include + +#include +#include + +#include "rmi/smack.h" + +#include "server.h" + +using namespace std::placeholders; + +namespace { + +const std::string AUDIT_RAIL_MANAGER_ADDRESS = "/tmp/.audit-trail.sock"; + +std::unique_ptr smack; + +} // namespace + +Server::Server() +{ + service.reset(new rmi::Service(AUDIT_RAIL_MANAGER_ADDRESS)); + + service->setPrivilegeChecker(std::bind(&Server::checkPeerPrivilege, this, _1, _2)); + + service->expose(this, "", (runtime::FileDescriptor)(Server::registerNotificationSubscriber)(std::string)); + service->expose(this, "", (int)(Server::unregisterNotificationSubscriber)(std::string, int)); + + smack.reset(new AuditTrail::Smack(*this)); + + audit.setPID(::getpid()); + audit.setEnabled(1); + audit.setMainloop(&service->mainloop); + audit.setMessageHandler([this] (netlink::Audit::Message &msg) { + auto it = this->auditHandlers.find(msg.first); + if (it != this->auditHandlers.end()) { + it->second(msg.second); + } + }); +} + +Server::~Server() +{ +} + +void Server::run() +{ + // Prepare execution environment + service->start(true); +} + +void Server::terminate() +{ + service->stop(); +} + +bool Server::checkPeerPrivilege(const rmi::Credentials& cred, const std::string& privilege) +{ + cynara *p_cynara; + + if (privilege.empty()) { + return true; + } + + if (::cynara_initialize(&p_cynara, NULL) != CYNARA_API_SUCCESS) { + ERROR("Failure in cynara API"); + return false; + } + + if (::cynara_check(p_cynara, cred.security.c_str(), "", + std::to_string(cred.uid).c_str(), + privilege.c_str()) != CYNARA_API_ACCESS_ALLOWED) { + ::cynara_finish(p_cynara); + ERROR("Access denied: " + cred.security + " : " + privilege); + return false; + } + + ::cynara_finish(p_cynara); + + return true; +} + +runtime::FileDescriptor Server::registerNotificationSubscriber(const std::string& name) +{ + INFO("registerNotificationSubscriber"); + INFO(name); + return runtime::FileDescriptor(service->subscribeNotification(name), true); +} + +int Server::unregisterNotificationSubscriber(const std::string& name, int id) +{ + return service->unsubscribeNotification(name, id); +} diff --git a/server/server.h b/server/server.h new file mode 100644 index 0000000..4ce6f0e --- /dev/null +++ b/server/server.h @@ -0,0 +1,88 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __AUDIT_TRAIL_SERVER_H__ +#define __AUDIT_TRAIL_SERVER_H__ + +#include +#include + +#include +#include +#include +#include + +class Server final { +public: + typedef std::function&)> AuditHandler; + + Server(); + ~Server(); + + void run(); + void terminate(); + + template + void setMethodHandler(const std::string& privilege, const std::string& method, + const typename rmi::MethodHandler::type& handler) + { + service->setMethodHandler(privilege, method, handler); + } + + template + void notify(const std::string& name, Args&&... args) + { + service->notify(name, std::forward(args)...); + } + + uid_t getPeerUid() const + { + return service->getPeerUid(); + } + + gid_t getPeerGid() const + { + return service->getPeerGid(); + } + + pid_t getPeerPid() const + { + return service->getPeerPid(); + } + + bool checkPeerPrivilege(const rmi::Credentials& cred, const std::string& privilege); + + + void createNotification(const std::string& name) + { + service->createNotification(name); + } + + runtime::FileDescriptor registerNotificationSubscriber(const std::string& name); + int unregisterNotificationSubscriber(const std::string& name, int id); + + void setAuditHandler(const int type, AuditHandler&& handler) { + auditHandlers.insert({type, handler}); + } + +private: + netlink::Audit audit; + std::string securityLabel; + std::unique_ptr service; + std::unordered_map auditHandlers; +}; + +#endif //__AUDIT_TRAIL_SERVER_H__ diff --git a/server/smack.cpp b/server/smack.cpp new file mode 100644 index 0000000..4cf3b76 --- /dev/null +++ b/server/smack.cpp @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include + +#include + +#include "rmi/smack.h" + +#define PRIVILEGE_PLATFORM "http://tizen.org/privilege/internal/default/platform" + +namespace AuditTrail { + +namespace { + +std::vector smackLogs; + +std::unordered_map iteratorMap; +int newIteratorId = 0; + +} // namespace + + +Smack::Smack(AuditTrailControlContext &ctx) : + context(ctx) +{ + context.expose(this, "", (int)(Smack::createIterator)()); + context.expose(this, "", (std::string)(Smack::getIteratorValue)(int)); + context.expose(this, "", (bool)(Smack::nextIterator)(int)); + context.expose(this, "", (int)(Smack::destroyIterator)(int)); + context.expose(this, "", (int)(Smack::clear)()); + + context.createNotification("Smack"); + + context.setAuditHandler(AUDIT_AVC, [&ctx] (std::vector &buf) { + std::string log(buf.begin(), buf.end()); + smackLogs.push_back(log); + ctx.notify("Smack", log); + }); +} + +Smack::~Smack() +{ +} + +int Smack::createIterator() +{ + int iteratorId = -1; + try { + iteratorMap.erase(newIteratorId); + iteratorMap.insert({newIteratorId, 0}); + + if (++newIteratorId < 0) { + newIteratorId = 0; + } + } catch (runtime::Exception& e) { + ERROR("Failed to retrieve package info installed in the krate"); + } + return iteratorId; +} + +std::string Smack::getIteratorValue(int iterator) +{ + auto it = iteratorMap.find(iterator); + if (it == iteratorMap.end()) { + return ""; + } + + if (it->second >= smackLogs.size()) { + return ""; + } + + return smackLogs[it->second]; +} + +bool Smack::nextIterator(int iterator) +{ + auto it = iteratorMap.find(iterator); + if (it != iteratorMap.end()) { + if (it->second + 1 < smackLogs.size()) { + it->second++; + return true; + } + } + return false; +} + +int Smack::destroyIterator(int iterator) +{ + auto it = iteratorMap.find(iterator); + if (it != iteratorMap.end()) { + iteratorMap.erase(it); + return 0; + } + return -1; +} + +int Smack::clear() +{ + smackLogs.clear(); + return 0; +} + +} // namespace AuditTrail diff --git a/server/systemd/audit-trail.service.in b/server/systemd/audit-trail.service.in new file mode 100644 index 0000000..11a2abb --- /dev/null +++ b/server/systemd/audit-trail.service.in @@ -0,0 +1,14 @@ +[Unit] +Description=@PROJECT_NAME@ daemon + +[Service] +Type=simple +SmackProcessLabel=System +ExecStart=@BIN_DIR@/@PROJECT_NAME@-daemon +Restart=on-failure +ExecReload=/bin/kill -HUP $MAINPID +CapabilityBoundingSet=~CAP_MAC_ADMIN +CapabilityBoundingSet=~CAP_MAC_OVERRIDE + +[Install] +WantedBy=multi-user.target diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt new file mode 100755 index 0000000..ab8eb8e --- /dev/null +++ b/tools/CMakeLists.txt @@ -0,0 +1,18 @@ +# +# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +SET(AUDIT_TRAIL_CLI ${AUDIT_TRAIL_TOOLS}/cli) + +ADD_SUBDIRECTORY(${AUDIT_TRAIL_CLI}) diff --git a/tools/cli/CMakeLists.txt b/tools/cli/CMakeLists.txt new file mode 100644 index 0000000..88d18b1 --- /dev/null +++ b/tools/cli/CMakeLists.txt @@ -0,0 +1,35 @@ +# +# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +FILE(GLOB CLI_SRCS audit-trail-admin-cli.cpp +) + +SET(CLI_NAME ${PROJECT_NAME}-admin-cli) + +ADD_EXECUTABLE(${CLI_NAME} ${CLI_SRCS}) +SET_TARGET_PROPERTIES(${CLI_NAME} PROPERTIES PREFIX "" + COMPILE_FLAGS "-fPIE" + LINK_FLAGS "-pie" +) + +PKG_CHECK_MODULES(CLI_DEPS REQUIRED + klay +) + +INCLUDE_DIRECTORIES(SYSTEM ${CLI_DEPS_INCLUDE_DIRS} ${AUDIT_TRAIL_LIB}) +TARGET_LINK_LIBRARIES(${CLI_NAME} ${CLI_DEPS_LIBRARIES} ${PROJECT_NAME} audit-trail) + +INSTALL(TARGETS ${CLI_NAME} DESTINATION sbin) diff --git a/tools/cli/audit-trail-admin-cli.cpp b/tools/cli/audit-trail-admin-cli.cpp new file mode 100644 index 0000000..1efaca4 --- /dev/null +++ b/tools/cli/audit-trail-admin-cli.cpp @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +/** + * @file + * @brief CLI tool to encrypt/decrypt storage and secure erase + */ +#include +#include +#include +#include + +#include +#include +#include +#include + +#include +#include + +GMainLoop *gmainloop = NULL; +extern char** environ; + +static inline int usage(const std::string name) +{ + std::cout << "Usage: " << name << " [Option]" << std::endl + << std::endl + << "Options :" << std::endl + << " -s, --smack show the audit logs" << std::endl + << " -c, --clear clear the audit logs" << std::endl + << " -m, --monitor monitor all audit logs" << std::endl + << " -h, --help show this" << std::endl + << std::endl; + + return -1; +} + +int showSmackLog() +{ + return 0; +} + +int clearLog(const std::string type) +{ + return 0; +} +void monitorSigHandler(int sig) +{ + g_main_loop_quit(gmainloop); +} + +void smackCallback(const char* log, void *user_data) +{ + std::cout << "SMACK - " << log << std::endl; +} + +int monitorLog() +{ + int smackCbId; + audit_trail_h auditTrail; + audit_trail_create(&auditTrail); + + audit_trail_add_smack_cb(auditTrail, smackCallback, NULL, &smackCbId); + + std::cout << "=== Monitoring start ===" << std::endl << std::endl; + + signal(SIGINT, monitorSigHandler); + + gmainloop = g_main_loop_new(NULL, FALSE); + g_main_loop_run(gmainloop); + g_main_loop_unref(gmainloop); + + audit_trail_remove_smack_cb(auditTrail, smackCbId); + + std::cout << std::endl << "=== Monitoring end ===" << std::endl; + + audit_trail_destroy(auditTrail); + + return 0; +} + + +int main(int argc, char* argv[]) +{ + int opt = 0, index, ret = 0; + + struct option options[] = { + {"help", no_argument, 0, 'h'}, + {"smack", no_argument, 0, 's'}, + {"clear", required_argument, 0, 'c'}, + {"monitor", no_argument, 0, 'm'}, + {0, 0, 0, 0} + }; + + if (argc <= 1) { + usage(argv[0]); + return EXIT_SUCCESS; + } + + while ((opt = getopt_long(argc, argv, "sc:mh", options, &index)) != -1) { + switch (opt) { + case 's': + ret = showSmackLog(); + break; + case 'c': + ret = clearLog(optarg); + break; + case 'm': + ret = monitorLog(); + break; + case 'h': + default: + usage(argv[0]); + } + } + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +}