From: yeji01.kim <yeji01.kim@samsung.com>
Date: Wed, 8 Aug 2018 02:26:31 +0000 (+0900)
Subject: Add parsing of ppid of subject in systemlog
X-Git-Tag: submit/tizen/20181001.080809~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Fdemo;p=platform%2Fcore%2Fsecurity%2Faudit-trail.git

Add parsing of ppid of subject in systemlog

Change-Id: I2cdddbeb0dac73c7b0adf47eb7af6d918e31603c
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
---

diff --git a/common/audit/audit-system-log.cpp b/common/audit/audit-system-log.cpp
index c71e89e..1bf8efb 100644
--- a/common/audit/audit-system-log.cpp
+++ b/common/audit/audit-system-log.cpp
@@ -108,6 +108,8 @@ void AuditLogBuilder<AuditSystemLog>::addMessage(int type, const std::string &lo
 					instance.subject.egid = std::stoul(value);
 				} else if (name == "pid") {
 					instance.subject.pid = std::stoul(value);
+				} else if (name == "ppid") {
+					instance.subject.ppid = std::stoul(value);
 				} else if (name == "exe") {
 					instance.subject.name = value;
 				} else if (name == "subj") {
diff --git a/common/audit/audit-system-log.h b/common/audit/audit-system-log.h
index 5c5178f..8b390e1 100644
--- a/common/audit/audit-system-log.h
+++ b/common/audit/audit-system-log.h
@@ -40,6 +40,7 @@ struct AuditSystemLog final {
 		std::string label;
 		std::string name;
 		pid_t pid = UINT_MAX;
+		pid_t ppid = UINT_MAX;
 	} subject;
 
 	struct {
diff --git a/lib/audit-trail/system-log.cpp b/lib/audit-trail/system-log.cpp
index 3aa63e7..7ef310d 100644
--- a/lib/audit-trail/system-log.cpp
+++ b/lib/audit-trail/system-log.cpp
@@ -113,6 +113,17 @@ int audit_system_log_get_subject_pid(audit_system_log_h handle, pid_t *pid)
 	return AUDIT_TRAIL_ERROR_NONE;
 }
 
+int audit_system_log_get_subject_ppid(audit_system_log_h handle, pid_t *ppid)
+{
+	RET_ON_FAILURE(handle, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+	RET_ON_FAILURE(ppid, AUDIT_TRAIL_ERROR_INVALID_PARAMETER);
+
+	const auto &log = GetSystemLog(handle).log;
+	*ppid = log.subject.ppid;
+
+	return AUDIT_TRAIL_ERROR_NONE;
+}
+
 int audit_system_log_get_subject_smack_label(audit_system_log_h handle,
 												char **label)
 {
diff --git a/lib/audit-trail/system-log.h b/lib/audit-trail/system-log.h
index 61de681..f647881 100644
--- a/lib/audit-trail/system-log.h
+++ b/lib/audit-trail/system-log.h
@@ -128,6 +128,20 @@ AUDIT_TRAIL_API int audit_system_log_get_subject_effective_owner(audit_system_lo
  */
 AUDIT_TRAIL_API int audit_system_log_get_subject_pid(audit_system_log_h handle, pid_t *pid);
 
+/**
+ * @brief       Get the subject parent process ID from the system audit log
+ * @details     This API can be used to get the subject parent process ID in
+ *              each system audit logs.
+ * @since_tizen 5.0
+ * @param[in]   handle The system audit log handle
+ * @param[out]  ppid The subject parent process ID
+ * @return      #AUDIT_TRAIL_ERROR_NONE on success, otherwise a negative value
+ * @retval      #AUDIT_TRAIL_ERROR_NONE Successful
+ * @retval      #AUDIT_TRAIL_ERROR_TIMED_OUT Time out
+ * @retval      #AUDIT_TRAIL_ERROR_INVALID_PARAMETER Invalid parameter
+ */
+AUDIT_TRAIL_API int audit_system_log_get_subject_ppid(audit_system_log_h handle, pid_t *ppid);
+
 /**
  * @brief       Get the subject smack label from the system audit log
  * @details     This API can be used to get the subject smack label in
diff --git a/rmi/log-management.h b/rmi/log-management.h
index c675384..8bfd876 100644
--- a/rmi/log-management.h
+++ b/rmi/log-management.h
@@ -30,7 +30,8 @@ struct SystemLog {
 				log.time.time, log.time.millisec,
 				log.subject.uid, log.subject.euid,
 				log.subject.gid, log.subject.egid,
-				log.subject.label, log.subject.name, log.subject.pid,
+				log.subject.label, log.subject.name,
+				log.subject.pid, log.subject.ppid,
 				log.object.type, log.object.uid, log.object.gid,
 				log.object.mode, log.object.label,
 				log.object.name, log.object.socketAddr,
diff --git a/tools/cli/audit-trail-admin-cli.cpp b/tools/cli/audit-trail-admin-cli.cpp
index c71d4db..1bfc424 100644
--- a/tools/cli/audit-trail-admin-cli.cpp
+++ b/tools/cli/audit-trail-admin-cli.cpp
@@ -138,7 +138,7 @@ std::string printSystemLog(audit_system_log_h log)
 		char *sub_name, *sub_label;
 		uid_t sub_uid, sub_euid;
 		gid_t sub_gid, sub_egid;
-		pid_t sub_pid;
+		pid_t sub_pid, sub_ppid;
 
 		audit_system_log_get_subject_name(log, &sub_name);
 		str << "name=" << sub_name;
@@ -155,6 +155,9 @@ std::string printSystemLog(audit_system_log_h log)
 		audit_system_log_get_subject_pid(log, &sub_pid);
 		str << ",pid=" << sub_pid;
 
+		audit_system_log_get_subject_ppid(log, &sub_ppid);
+		str << ",ppid=" << sub_ppid;
+
 		::free(sub_name);
 		::free(sub_label);
 	}