summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Mikhail Kashkarov [Fri, 13 Dec 2019 08:08:07 +0000 (11:08 +0300)]
[Tizen 6.0] Enable build with updated glibc
Since glibc 2.25 sys/sysmacros.h is not included by sys/types.h.
system-log.cpp:266:10: error: 'makedev' was not declared in this scope
266 | *dev = makedev(majorNum, minorNum);
Signed-off-by: Mikhail Kashkarov <m.kashkarov@partner.samsung.com>
Sungbae Yoo [Wed, 24 Jul 2019 04:07:54 +0000 (13:07 +0900)]
Remove services from default units
Change-Id: I9e856a9db6773288ef89459b19d581ab47602b47
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
INSUN PYO [Tue, 23 Jul 2019 10:31:59 +0000 (19:31 +0900)]
Remove unnecessary setting
Change-Id: I1357858763d60d74fb5d7434c95d72fd4e18ae47
INSUN PYO [Tue, 2 Jul 2019 07:26:18 +0000 (16:26 +0900)]
Remove unnecessary setting
Change-Id: I756189ae48efb3cf2e84f89e3632784fec524239
seolheui, kim [Wed, 14 Nov 2018 06:33:03 +0000 (15:33 +0900)]
Change addAll() to apply rules in rule-apply-engine
- Change addAll() to apply() since it does not need to separate removeAll() and addAll()
- Instead of using optimizedList, changed it to import rules in real time to reset rules
Change-Id: I9169ed588b6c46a3e414b97da67238e1af77ebd0
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Wed, 14 Nov 2018 06:08:33 +0000 (15:08 +0900)]
Rework addRule() and removeRule() in rule-apply-engine
- remove dirty code for rule verification in addRule()
- modify rule iteration code in removeRule()
Change-Id: I8fe18265190c067bd9929e2e0de9620e7b5cc5a4
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Wed, 14 Nov 2018 05:33:53 +0000 (14:33 +0900)]
Remove unused headers in rule-apply-engine
Change-Id: If0e81d4a4146364d69195d7de6b4a4e8a079bb86
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
yeji01.kim [Mon, 1 Oct 2018 07:33:47 +0000 (16:33 +0900)]
Fix to catch exceptions
Change-Id: Ia028ecbb1f0b4fa255c019560d8013ac1335f71d
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
yeji01.kim [Mon, 1 Oct 2018 07:27:54 +0000 (16:27 +0900)]
Remove unnecessary negative value checks
Change-Id: Idba2e0b33c2d02cdeaddd123219707d0bc0c1632
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
yeji01.kim [Wed, 8 Aug 2018 02:26:31 +0000 (11:26 +0900)]
Add parsing of ppid of subject in systemlog
Change-Id: I2cdddbeb0dac73c7b0adf47eb7af6d918e31603c
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
yeji01.kim [Mon, 6 Aug 2018 05:33:17 +0000 (14:33 +0900)]
Add parsing of device id in AUDIT_PATH type
Change-Id: Ib6e18c2102a831db02a514a56e86974b8fa8fde9
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
seolheui, kim [Tue, 7 Aug 2018 06:55:50 +0000 (15:55 +0900)]
Fix the range of string condition field
Change-Id: I1ba3f90955efa21cf8137fe8bd9179bd74186892
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
yeji01.kim [Thu, 26 Jul 2018 05:44:58 +0000 (14:44 +0900)]
Remove deprecated test case
Change-Id: I3c83580a380128a963871eb26e51e3f3fe20229c
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
Sungbae Yoo [Mon, 23 Jul 2018 06:29:55 +0000 (15:29 +0900)]
Change callback notifiers to run on thread due to avoid deadlock
In library, get*Log API call in callback function can make
deadlocks into callback notifier in server.
This can easily occur In situation that a bunch of logs are occuring.
Assume that client is in callback and just called get*Log API and
server just started to handle next audit logs at that moment.
Client will be waiting until server take care of an API request.
And then, server will be waiting after processing audit logs until
client can receive its message.
Server and client get waiting for each other.
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I9b6c38db5648adc26310ab6086fd0354417ef3f8
Sungbae Yoo [Tue, 17 Jul 2018 07:53:09 +0000 (16:53 +0900)]
Plugin : Change not to leave logs about that open() failed by ENOENT
Library traversal tries a bunch of trials to find arch-dependent libraries.
It causes a lot of false-positive logs so we decided not to do that.
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I29307439f555511747f3de7410eab254eff35452
yeji01.kim [Tue, 12 Jun 2018 07:19:26 +0000 (16:19 +0900)]
Add report of audit log for optimizing audit rule
Change-Id: I1278e1b850551c4b0985b5854f043d0216e46ebd
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
Sungbae Yoo [Fri, 13 Jul 2018 10:52:03 +0000 (19:52 +0900)]
Change audit_rule_condition doesn't check null value if value is an integer
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I6b0e80966e55d1697aad6933738c8bf03b31530b
Sungbae Yoo [Thu, 14 Jun 2018 09:19:57 +0000 (18:19 +0900)]
Remove cyclic dependency with audit-trail and libaudit-trail
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I110a386e0553644563e7747eefbba5f001ec7e9c
yeji01.kim [Thu, 7 Jun 2018 06:53:40 +0000 (15:53 +0900)]
Fix coverity issues
- Buffer not null terminated
- Unchecked return value from library
Change-Id: Idc43d3153ed29bf975083ea57c8db6128873d782
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
seolheui kim [Mon, 4 Jun 2018 09:54:12 +0000 (18:54 +0900)]
Add tag for indexing optimized list
Change-Id: I32f2ed554778000d153a0d4a470e8a046254df0d
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Mon, 4 Jun 2018 06:37:23 +0000 (15:37 +0900)]
Add error handler for applying rules
- common/audit/audit.* : remove to catch exceptions
- lib/audit-rule/field.h : fix to check invalid type
- server/* : fix to handle errors for applying or loading rules
Change-Id: I71cff4fc71cf33f722542b0d3468154fbbb8ad02
Signed-off-by: seolheui kim <s414.kim@samsung.com>
yeji01.kim [Fri, 25 May 2018 06:49:35 +0000 (15:49 +0900)]
Add test cases for event types
Change-Id: I58560b43830d7dd2762ab5d22cf4310927eff7bd
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
seolheui kim [Fri, 18 May 2018 04:44:00 +0000 (13:44 +0900)]
Add never rules to optimized rule list
Change-Id: I4a51c6805f4a0954f6e596d85ac0d62f08a804dc
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Tue, 15 May 2018 12:56:47 +0000 (21:56 +0900)]
Add rule-apply-engine to optimize rules
- RuleApplyEngine : add/remove optimized rules
- add exception handler to addRule/removeRule
Change-Id: I9d17fb92b15f32aa8613e989c22d6aa4d1454aec
seolheui kim [Tue, 15 May 2018 02:41:20 +0000 (11:41 +0900)]
Add combine rules methods
Change-Id: Ic446c41786619e5fbac7d726ac6c746bc2bf3a83
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Sungbae Yoo [Thu, 24 May 2018 09:31:06 +0000 (18:31 +0900)]
Change unexpected error to show on klay logger
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I4676cfb1e3642a67d91e8a7f5bcf406320a0c75b
Sungbae Yoo [Thu, 24 May 2018 09:23:22 +0000 (18:23 +0900)]
plugin: fix a typo of path in base-ruleset
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: Ie44dfd9e3232f2131764875851fd6af5381b033e
Sungbae Yoo [Fri, 18 May 2018 08:14:43 +0000 (17:14 +0900)]
Add '=' condition when fd is compared for checking succeed status
This is for solving svace issues
Change-Id: I0b38eab8e3cd0cbeaf3d134232a22bcf4f118490
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
yeji01.kim [Mon, 14 May 2018 06:39:28 +0000 (15:39 +0900)]
Fix build fail on 64bit architecture
Change-Id: Ib10f9e15464ace1012d906349a128b4677cd9a10
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
Sungbae Yoo [Thu, 3 May 2018 10:55:53 +0000 (19:55 +0900)]
Fix default rules to reduce overheads
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I5365dc708e178eaa844410c6acbdaf142718ebe7
Sungbae Yoo [Wed, 9 May 2018 06:02:32 +0000 (15:02 +0900)]
Add a TC to measure overheads of auditing rules
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I3eb7320efcbc24f18de206f29d81c7f60ea20b13
yeji01.kim [Thu, 26 Apr 2018 00:28:51 +0000 (09:28 +0900)]
Add audit-trail rule verification tool
Change-Id: Ic637e71f53629273fd440afcdd6a78dccfd89995
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
seolheui kim [Wed, 9 May 2018 04:53:59 +0000 (13:53 +0900)]
Remove to set default mask, rule type and tag
Change-Id: I4c106f24553fbb65023a5e6bf84db69b01f5195b
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 3 May 2018 08:04:56 +0000 (17:04 +0900)]
Fix parameter type and add methods to get field value
Change-Id: Ibb2ec8eb0e219b8d7d63d25367cd79286cbbaff6
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Sungbae Yoo [Mon, 30 Apr 2018 09:12:41 +0000 (18:12 +0900)]
Add CAPI to load a ruleset plugin
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I241efc1f2a9853daf438cc90645849953fab4e03
Sungbae Yoo [Thu, 3 May 2018 04:30:58 +0000 (13:30 +0900)]
Change the daemon to be non-root
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I400bf8cbe33dc409e73b8db6f8d58d49cad63815
Sungbae Yoo [Mon, 30 Apr 2018 09:37:42 +0000 (18:37 +0900)]
Channge admin-cli doesn't show foreach systemcalls when the rule has all
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I97ff5598dda048581925301248a8f30995a4710e
Sungbae Yoo [Mon, 30 Apr 2018 11:22:25 +0000 (20:22 +0900)]
Fix some SVACE issues
1. Make new operations no-throw
2. Add missing initializations
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I1387792b32e63d47fbbed21f853037df2f110356
Sungbae Yoo [Wed, 2 May 2018 01:12:52 +0000 (10:12 +0900)]
Change LICENSE file to Apache-2.0 properly
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I79359173ace73a0cab70e8f145a3699e560ef98f
Sungbae Yoo [Tue, 17 Apr 2018 06:24:19 +0000 (15:24 +0900)]
Add default rule plugins of each profiles
The profiles is following
: capp, lspp, nispom, pci-dss, stig
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I44eb3e6d17e05e00c4efd6d0185d37d3f2657be4
seolheui kim [Thu, 26 Apr 2018 06:49:49 +0000 (15:49 +0900)]
Fix to put multiple syscall number to rule
Change-Id: I22b59fb25dcefbec8e9666ff4bc2cf07a3cb3073
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Fri, 27 Apr 2018 09:04:27 +0000 (18:04 +0900)]
Fix to ignore exception for each rule
Change-Id: I3d14e03ba9171c534a25493620dc966c11e0a291
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Fri, 27 Apr 2018 08:34:45 +0000 (17:34 +0900)]
Separate watch rule by WatchPath and WatchDir rules
Change-Id: I57d9569d93f94a79fb3478df6adee722ce0dff66
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Fri, 27 Apr 2018 07:23:30 +0000 (16:23 +0900)]
Fix to apply correct field to rule
- set operator in field constructor
- modify return type of rule when it set fields
Change-Id: Id824da75c029a5a7313dfe8d569e2f7838a1694a
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 26 Apr 2018 07:25:13 +0000 (16:25 +0900)]
Modify loadRuleSet to apply loaded rules
Change-Id: I70f4ece4f8d440de955f19d4a8e15c4d818be355
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 26 Apr 2018 06:13:31 +0000 (15:13 +0900)]
Add all field types to field.h
Change-Id: I579dad39c9ea0eed49dc358a352fa8981bf2aa43
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 26 Apr 2018 04:14:16 +0000 (13:14 +0900)]
Modify rule capi to catch set/unsetMask exceptions
Change-Id: If2a05208f6a99ebf97ce8e9dfe8b61de92204b60
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Wed, 25 Apr 2018 08:51:28 +0000 (17:51 +0900)]
Add supported field types
Change-Id: I2881b118e20c4446ebbc7efe3b552024f9ac36a2
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Wed, 25 Apr 2018 05:43:27 +0000 (14:43 +0900)]
Remove old audit-rule code to replace with a audit-rule library.
Change-Id: If93ffa704448ef41d9d825aa2584a07fd2bf4e6b
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Sungbae Yoo [Wed, 25 Apr 2018 05:30:36 +0000 (14:30 +0900)]
Add error handling in admin-cli when audit daemon doesn't work
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I6db0778c859fb34c591d4429031ef8fdddf9aeda
seolheui kim [Fri, 20 Apr 2018 07:34:57 +0000 (16:34 +0900)]
Apply modified rule presentation logic to audit-trail rule capis
Change-Id: I11ff9dbd46be5ad982f143b7a044679a023fc395
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Sungbae Yoo [Thu, 19 Apr 2018 09:20:00 +0000 (18:20 +0900)]
Change not to failed when kernel has no audit features
When an initialization of audit socket failed,
Just not initialize all functions of daemon.
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I6e3cde3adaddbf59050f1e0d4c2683f7a8daff6c
seolheui kim [Thu, 19 Apr 2018 02:40:24 +0000 (11:40 +0900)]
Rename libaudit-trail-rule to libaudit-rule
Change-Id: Id2bcbf32c579a5d73b9c0503005f525a9e3596a8
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Wed, 18 Apr 2018 12:13:42 +0000 (21:13 +0900)]
Add rule data get method
Change-Id: I5022f87162e85eff80f503c6c3f95551251e4207
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Wed, 18 Apr 2018 10:29:29 +0000 (19:29 +0900)]
Fix input/return data type for rule and loader
Change-Id: Id5942993bfd912b2174d72b50555c4f7c81d249b
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Tue, 10 Apr 2018 09:53:26 +0000 (18:53 +0900)]
Add rule apply engine and loader
- rule apply engine : to add/remove rules
- rule loader : to load rule set library
Change-Id: I6c22cadab25937b016dce72bea413dd274575457
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Sungbae Yoo [Fri, 30 Mar 2018 09:52:51 +0000 (18:52 +0900)]
Change the daemon to be on-demand
This daemon will be running when VCONFKEY is set or
there is any service who connects to the daemon.
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I523b9e0027bd4f8b5cb51e321ec7ad9724c3f607
Sungbae Yoo [Fri, 13 Apr 2018 05:17:58 +0000 (14:17 +0900)]
Add listing and removing the rules in audit-admin-cli
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I06dea01c97e2f4c76b1c27c46090600e60787381
seolheui kim [Thu, 5 Apr 2018 11:13:01 +0000 (20:13 +0900)]
Add audit rule presentation logic
- Add Rule and Field to define audit rules
- Add rule formats to make syscall/watch rules
Change-Id: I028ad2abbe604e779d1c2c337d06f6f891452eaa
Signed-off-by: seolheui kim <s414.kim@samsung.com>
yeji01.kim [Wed, 11 Apr 2018 07:58:39 +0000 (16:58 +0900)]
Modify the doxygen about audit_rule_cb
- rule handle was created dynamically inside foreach_rule api.
so it must be freed.
- It is for doing postponed processing using rule handle.
Change-Id: I966b4256be4ea5db9273f11254244da58cbaf76c
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
yeji01.kim [Tue, 10 Apr 2018 06:53:19 +0000 (15:53 +0900)]
Fix a invalid parsing in object field
Change-Id: I7ce7a37645d7d6c3b6356a5fd27926f1b62457e6
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
Sungbae Yoo [Fri, 13 Apr 2018 04:48:41 +0000 (13:48 +0900)]
Add a mutex for netlink socket
This is to prevent the race conditions between parser and controller.
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: Ib836d82d286231fdd6b7cb7ee9c88177939c4183
yeji01.kim [Fri, 6 Apr 2018 04:52:08 +0000 (13:52 +0900)]
Remove APIs associated with not used fields
- Removed fields : object effective user id, object effective group id
- Removed API : audit_system_log_get_object_effective_owner
Change-Id: I36923a9ae0da29bda0471d4bbbe80bf407257753
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
yeji01.kim [Fri, 6 Apr 2018 04:01:03 +0000 (13:01 +0900)]
Fix API description typo
- Delete meaningless line
Change-Id: If012db76969443eeb88c52bbe9363240e4afd0ce
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
yeji01.kim [Thu, 29 Mar 2018 10:23:04 +0000 (19:23 +0900)]
Add parsing of socket address type
- Apis : Remove const keyword in parameter for memory free
- Cli : Add free memory
Change-Id: If368f079413edf4cd969c3cc90d3ce60ffeb2e1b
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
Sungbae Yoo [Tue, 3 Apr 2018 07:42:08 +0000 (16:42 +0900)]
Add applying rules to catch the dac denied for testing
This includes some bugfix of rule-management CAPIs
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I3a60f2db1880a90a681b994c492dd09c1032b75a
yeji01.kim [Mon, 19 Mar 2018 06:27:41 +0000 (15:27 +0900)]
Add system log related APIs
Change-Id: I8352c61621c9e342b263e841731823ae637c53e5
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
Sungbae Yoo [Thu, 15 Mar 2018 11:54:26 +0000 (20:54 +0900)]
Add user log related APIs
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I2407a82bf6a273bc38cbde7342e8874853050ff5
Sungbae Yoo [Thu, 15 Mar 2018 11:26:56 +0000 (20:26 +0900)]
Add new log management APIs
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I78c34181807c8e0a729a48860e64216fefbce2e7
Sungbae Yoo [Thu, 15 Mar 2018 10:28:27 +0000 (19:28 +0900)]
Add log management classes and remove netlink-related things
Parsing the netlink message header was moved into klay.
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I8eab57a27cb62d9e93d7af3caf597a4946f2402a
Sungbae Yoo [Tue, 27 Feb 2018 01:43:09 +0000 (10:43 +0900)]
Deprecated all old-fashioned APIs
New APIs will be added by another commit.
CLI and speed-test will be commented until new APIs are added.
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: Ia71f5cdf85d7dc7269df638fe42c6e3e9c53f7a7
yeji01.kim [Wed, 10 Jan 2018 04:52:57 +0000 (13:52 +0900)]
Fix build fail in aarch64
Change-Id: I91ffc1e9de161cc660fab1e460b7161562bb0ad3
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
Sungbae Yoo [Thu, 14 Dec 2017 11:14:03 +0000 (20:14 +0900)]
Add rule management APIs
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I6b1c2493f4d3699a4db9b74fa5b1583ede688dff
Sungbae Yoo [Thu, 14 Dec 2017 03:12:08 +0000 (12:12 +0900)]
Move clasees for audit subsystem from klay git
Change-Id: Ibfffdd27a1a9d6dc629466f4a49bc346843dfdc7
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Sungbae Yoo [Tue, 5 Dec 2017 03:20:49 +0000 (12:20 +0900)]
Add a rpm package for TCs
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I0728d2e407ca3193849b86f7c454afd81c8cf899
Sungbae Yoo [Thu, 16 Nov 2017 07:55:41 +0000 (16:55 +0900)]
Add TC for a speed of getting audit log
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I7e543498c74b40a074744dc0a09711dd076ca58c
Sungbae [Thu, 19 Oct 2017 14:24:12 +0000 (23:24 +0900)]
Fix a bug that text log in userspace can't contain blanks
Signed-off-by: Sungbae <sungbae.yoo@samsung.com>
Change-Id: Ic7eb5f16cbc07c2fc34aa0f6c6620636e6728baa
Sungbae Yoo [Tue, 10 Oct 2017 06:41:59 +0000 (15:41 +0900)]
Add APIs to handle audit messages from userspace
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I8b1cdf9064f87b42c47f558ffb1feb8a92afbd42
Sungbae Yoo [Thu, 21 Sep 2017 02:02:33 +0000 (11:02 +0900)]
Add an example of sending audit message on userspace
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I1df0ead80b94347991bc1d34926b8fd5ba2845a5
Sungbae Yoo [Fri, 8 Sep 2017 03:02:33 +0000 (12:02 +0900)]
Add build dependencies with capi-base-common, glib-2.0
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I0d6588ce31ed28c2ef05a3313d0bdf879ddd0dc6
Sungbae Yoo [Mon, 28 Aug 2017 08:06:52 +0000 (17:06 +0900)]
Fix some doxygen errors about missing modules
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I33c059ebcd8bd21d400f0c0df9cab25740c2f5dc
Sungbae Yoo [Fri, 21 Jul 2017 10:38:52 +0000 (19:38 +0900)]
Fix build break when some system calls aren't supported
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: Iaa1a93d32fd3d6575e83de45bfde15abd2701c96
Sungbae Yoo [Wed, 19 Jul 2017 10:55:59 +0000 (19:55 +0900)]
Add more system calls to watch for DAC denied log
- Add to parse other items for kill system calls.
- Remove duplicate logs between MAC and DAC.
- Add to consider that some system call logs dont' have UID/GID/mode.
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: Ia9016d913be4dbee30984c48ea44e6a0dc0afb35
Sungbae Yoo [Fri, 21 Jul 2017 05:47:10 +0000 (14:47 +0900)]
Change MAC logs to have system call number instead of smack function
It is more helpful to show system call number than smack function.
For example, whatever file operation is denied, smack function is just
"smack_inode_getattr", which doesn't help to analyze.
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: Id74ec4583b30b82b229b49d27a46fbe254734ca0
Sungbae Yoo [Wed, 19 Jul 2017 06:50:47 +0000 (15:50 +0900)]
Remove kernel module
This code will be moved into hypervisor.
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I6cc59e3341046137ef7b5d67011869a33716e870
Sungbae Yoo [Mon, 10 Jul 2017 12:31:20 +0000 (21:31 +0900)]
Add log parsers of MAC, DAC, SystemCall
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I950abd4eba4d2893fc35962bcc104b4a04dd03da
Sungbae Yoo [Mon, 17 Jul 2017 11:26:15 +0000 (20:26 +0900)]
Add UML diagrams for documentation
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I2dc954ad1eeff8d7b32dd2683ae20051d0e8ae72
Sungbae Yoo [Wed, 12 Jul 2017 08:55:31 +0000 (17:55 +0900)]
Fix the methods for log iteration simply
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I7ac8d340e926b74ca08914d4ca5372e703153311
Sungbae Yoo [Thu, 6 Jul 2017 09:25:32 +0000 (18:25 +0900)]
Add enabling/disabling to each loggers
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: Ib079c7685d85ba2cc422783d42becf7cabcb3b2c
Sungbae Yoo [Thu, 6 Jul 2017 07:46:39 +0000 (16:46 +0900)]
Add system call logger
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I77f8babc9d00c38b011adbff4d867b387e418687
Sungbae Yoo [Tue, 4 Jul 2017 09:49:34 +0000 (18:49 +0900)]
Add DAC logger and rename smack to MAC
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I588e42fb3661219ab59da4bb3bd3ae5fa83b75cb
Sungbae Yoo [Wed, 14 Jun 2017 05:11:32 +0000 (14:11 +0900)]
Add a daemon and library for auditing
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I395aea32c905758009230bc778bcef93a469c8dd
Sungbae Yoo [Tue, 11 Apr 2017 05:57:39 +0000 (14:57 +0900)]
[SECIOTSW-454] Add skeleton codes for command/data path in sysfs
Change-Id: I3a08c8c830f1378734ae638ea5785e48267bc5e5
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Sungbae Yoo [Mon, 10 Apr 2017 09:29:09 +0000 (02:29 -0700)]
Revert "Add base codes of unit tests"
This reverts commit
7859e2369451b65c712e3de157e4f408eb89138f.
Change-Id: I5d12dcd9be167e0c36815c5944b9442c6a763419
Sungbae Yoo [Mon, 10 Apr 2017 11:52:48 +0000 (20:52 +0900)]
[SECIOTSW-456] Change file trees considering adding this module in kernel
When this module is added in kernel, "audittrail" directory
have only to be copied.
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I794ba71dbd66d2031ead6f82953cd4355fd46ad7
Sungbae Yoo [Fri, 7 Apr 2017 09:17:57 +0000 (18:17 +0900)]
Add base codes of unit tests
Change-Id: I56eb570a22a8d1e1b79c7fc3358575f2067edb51
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Sungbae Yoo [Fri, 7 Apr 2017 09:00:26 +0000 (18:00 +0900)]
Add spec, makefile, codes for bases to be used by GBS
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I99296b241204512d78bea66f957c39d985d0d868
Tizen Infrastructure [Fri, 7 Apr 2017 08:50:18 +0000 (01:50 -0700)]
Initial empty repository
projects / platform / core / security / audit-trail.git / log