From 71a5843fa215d0e856e31ba1f72b5698f6031c98 Mon Sep 17 00:00:00 2001 From: Aleksander Zdyb Date: Fri, 19 Jun 2015 14:08:08 +0200 Subject: [PATCH] Implement Audit::Auditctl This class is used to apply audit rules. Change-Id: I93aa936837f664487360109a817d5e9830734149 --- src/Audit/Auditctl.cpp | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++ src/Audit/Auditctl.h | 49 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+) create mode 100644 src/Audit/Auditctl.cpp create mode 100644 src/Audit/Auditctl.h diff --git a/src/Audit/Auditctl.cpp b/src/Audit/Auditctl.cpp new file mode 100644 index 0000000..3f38c44 --- /dev/null +++ b/src/Audit/Auditctl.cpp @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file src/Audit/Auditctl.cpp + * @author Aleksander Zdyb + * @version 1.0 + */ + +#include + +#include "Auditctl.h" + +namespace Audit { + +Auditctl::Auditctl(BaseAuditWrapper &auditApi) : m_auditApi(auditApi) { + m_auditFd = m_auditApi.audit_open(); + if (m_auditFd == -1) { + throw ErrorException("Could not open audit fd"); + } +} + +Auditctl::~Auditctl() { + m_auditApi.audit_close(m_auditFd); +} + +void Auditctl::addSyscallRule(const SyscallRuleData &ruleData) { + auto rd = ruleData.get(); + m_auditApi.audit_add_rule_data(m_auditFd, rd, m_auditApi.AUDIT_FILTER_EXIT_CONST(), + m_auditApi.AUDIT_ALWAYS_CONST()); + m_auditApi.audit_rule_free_data(rd); +} + +void Auditctl::deleteSyscallRule(const SyscallRuleData &ruleData) { + auto rd = ruleData.get(); + m_auditApi.audit_delete_rule_data(m_auditFd, rd, m_auditApi.AUDIT_FILTER_EXIT_CONST(), + m_auditApi.AUDIT_ALWAYS_CONST()); + m_auditApi.audit_rule_free_data(rd); +} + +} /* namespace Audit */ diff --git a/src/Audit/Auditctl.h b/src/Audit/Auditctl.h new file mode 100644 index 0000000..1491b20 --- /dev/null +++ b/src/Audit/Auditctl.h @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file src/Audit/Auditctl.h + * @author Aleksander Zdyb + * @version 1.0 + */ + +#ifndef SRC_AUDIT_AUDITCTL_H +#define SRC_AUDIT_AUDITCTL_H + +#include +#include + +namespace Audit { + +class Auditctl { +public: + Auditctl(BaseAuditWrapper &auditApi); + ~Auditctl(); + + void addSyscallRule(const SyscallRuleData &ruleData); + void deleteSyscallRule(const SyscallRuleData &ruleData); + + BaseAuditWrapper &auditApi(void) { + return m_auditApi; + } + +private: + BaseAuditWrapper &m_auditApi; + int m_auditFd; +}; + +} /* namespace Audit */ + +#endif /* SRC_AUDIT_AUDITCTL_H */ -- 2.7.4