From 79ec6bfff3b8df9cdd57d72127d0a410535d2fa1 Mon Sep 17 00:00:00 2001
From: "i.metelytsia" <i.metelytsia@samsung.com>
Date: Wed, 19 Jul 2017 18:38:37 +0300
Subject: [PATCH] audit-trail client added

---
 device_core/CMakeLists.txt                    |   2 +-
 device_core/nmdaemon/CMakeLists.txt           |   4 +
 device_core/nmdaemon/audit_trail_client.cpp   | 116 ++++++++++++++++++++++++++
 device_core/nmdaemon/audit_trail_client.h     | 108 ++++++++++++++++++++++++
 device_core/nmdaemon/main_thread.cpp          |  33 ++++----
 device_core/nmdaemon/report_stub.cpp          |   2 +-
 device_core/nmdaemon/reporthandlerfactory.cpp |  12 +++
 device_core/nmdaemon/reporthandlerfactory.h   |  25 ++++++
 device_core/packaging/ioswsec.spec            |   1 +
 9 files changed, 284 insertions(+), 19 deletions(-)
 create mode 100644 device_core/nmdaemon/audit_trail_client.cpp
 create mode 100644 device_core/nmdaemon/audit_trail_client.h
 create mode 100644 device_core/nmdaemon/reporthandlerfactory.cpp
 create mode 100644 device_core/nmdaemon/reporthandlerfactory.h

diff --git a/device_core/CMakeLists.txt b/device_core/CMakeLists.txt
index 83106a7..a34aedf 100644
--- a/device_core/CMakeLists.txt
+++ b/device_core/CMakeLists.txt
@@ -88,7 +88,7 @@ else()
 		SET (TESTS_DIR "/usr/apps/network-manager")
 	endif (NOT DEFINED TESTS_DIR)
 
-	pkg_check_modules(pkgs REQUIRED iotivity>=1.3.0 boost libcurl dpm dlog)
+        pkg_check_modules(pkgs REQUIRED iotivity>=1.3.0 boost libcurl dpm dlog audit-trail)
 
 	FOREACH(flag ${pkgs_CFLAGS})
 		SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
diff --git a/device_core/nmdaemon/CMakeLists.txt b/device_core/nmdaemon/CMakeLists.txt
index 75f50ad..e60c1cb 100644
--- a/device_core/nmdaemon/CMakeLists.txt
+++ b/device_core/nmdaemon/CMakeLists.txt
@@ -14,6 +14,9 @@ include_directories(
 
 file(GLOB DPM_SOURCES dpm/*.cpp)
 file(GLOB NMDAEMON_SOURCES *.cpp)
+if("${FLAVOR}" STREQUAL "UBUNTU")
+        list(REMOVE_ITEM NMDAEMON_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/audit_trail_client.cpp)
+endif()
 
 SET (SOURCES
 	${DPM_SOURCES}
@@ -58,6 +61,7 @@ endif()
 
 if (NOT "${FLAVOR}" STREQUAL "UBUNTU")
     target_link_libraries(${PROJECT_NAME} dlog)
+    target_link_libraries(${PROJECT_NAME} audit-trail)
 endif()
 
 install(TARGETS ${PROJECT_NAME} DESTINATION ${TESTS_DIR})
diff --git a/device_core/nmdaemon/audit_trail_client.cpp b/device_core/nmdaemon/audit_trail_client.cpp
new file mode 100644
index 0000000..0ec174f
--- /dev/null
+++ b/device_core/nmdaemon/audit_trail_client.cpp
@@ -0,0 +1,116 @@
+#include <iostream>
+#include <algorithm>
+#include <string>
+#include <sstream>
+#include <stdexcept>
+#include <thread>
+#include <cassert>
+
+#include "iotivity.h"
+#include "report_stub.h"
+
+#include "audit_trail_client.h"
+
+namespace NMD
+{
+
+void threadFunc(AuditTrailClient* client, std::string log)
+{
+    assert(client);
+    client->sendReport(log);
+}
+
+void logCallback(const char* log, void* user_data)
+{
+    assert(log);
+    assert(user_data);
+
+    std::string str{log};
+    str.erase(std::remove(str.begin(), str.end(), '"'), str.end());
+    std::thread thr(threadFunc, reinterpret_cast<AuditTrailClient*>(user_data), str);
+    thr.detach();
+}
+
+AuditTrailClient::AuditTrailClient(const std::string& device_id, std::shared_ptr<ProxyThread> proxy_thread, std::shared_ptr<ReportHandler> report_handler, WorkingMode mode)
+    : m_device_id(device_id), m_proxy_thread(proxy_thread), m_report_handler(report_handler), m_mode(mode),
+      m_audit_trail(nullptr), m_dac_cb_id(-1), m_mac_cb_id(-1), m_syscall_cb_id(-1)
+{
+    assert(m_device_id != "");
+//    assert(m_proxy_thread);
+    assert(m_report_handler);
+
+    if(audit_trail_create(&m_audit_trail) != AUDIT_TRAIL_ERROR_NONE)
+        throw std::runtime_error("Failed to create audit-trail handle!");
+}
+
+AuditTrailClient::~AuditTrailClient()
+{
+    audit_trail_destroy(m_audit_trail);
+}
+
+bool AuditTrailClient::start_dac_auditing()
+{
+    return ((audit_trail_enable_dac(m_audit_trail, true) == AUDIT_TRAIL_ERROR_NONE) &&
+            (audit_trail_add_dac_cb(m_audit_trail, logCallback, (void*)this, &m_dac_cb_id) == AUDIT_TRAIL_ERROR_NONE));
+}
+
+void AuditTrailClient::stop_dac_auditing()
+{
+    assert(m_dac_cb_id != -1);
+    audit_trail_remove_dac_cb(m_audit_trail, m_dac_cb_id);
+}
+
+bool AuditTrailClient::start_mac_auditing()
+{
+    return ((audit_trail_enable_mac(m_audit_trail, true) == AUDIT_TRAIL_ERROR_NONE) &&
+            (audit_trail_add_mac_cb(m_audit_trail, logCallback, (void*)this, &m_mac_cb_id) == AUDIT_TRAIL_ERROR_NONE));
+}
+
+void AuditTrailClient::stop_mac_auditing()
+{
+    assert(m_mac_cb_id != -1);
+    audit_trail_remove_mac_cb(m_audit_trail, m_mac_cb_id);
+}
+
+bool AuditTrailClient::start_syscall_auditing()
+{
+    return ((audit_trail_enable_syscall(m_audit_trail, true) == AUDIT_TRAIL_ERROR_NONE) &&
+            (audit_trail_add_syscall_cb(m_audit_trail, logCallback, (void*)this, &m_syscall_cb_id) == AUDIT_TRAIL_ERROR_NONE));
+}
+
+void AuditTrailClient::stop_syscall_auditing()
+{
+    assert(m_syscall_cb_id != -1);
+    audit_trail_remove_syscall_cb(m_audit_trail, m_syscall_cb_id);
+}
+
+bool AuditTrailClient::start_auditing()
+{
+    return (start_dac_auditing() && start_mac_auditing() && start_syscall_auditing());
+}
+
+void AuditTrailClient::stop_auditing()
+{
+    stop_dac_auditing();
+    stop_mac_auditing();
+    stop_syscall_auditing();
+}
+
+void AuditTrailClient::sendReport(const std::string& report)
+{
+    OC::OCRepresentation rpr;
+    rpr.setValue("report", makeReport(m_device_id, "smack", 0, report));
+    rpr.setValue("duid", m_device_id);
+
+    if (m_mode == WorkingMode::Hub)
+    {
+        assert(m_proxy_thread);
+        m_proxy_thread->addAction(std::async(std::launch::deferred, &ReportHandler::pass, m_report_handler, rpr, OC::QueryParamsMap{}));
+    }
+    else
+    {
+        m_report_handler->pass(rpr, OC::QueryParamsMap{});
+    }
+}
+
+} // namespace NMD
diff --git a/device_core/nmdaemon/audit_trail_client.h b/device_core/nmdaemon/audit_trail_client.h
new file mode 100644
index 0000000..49009ed
--- /dev/null
+++ b/device_core/nmdaemon/audit_trail_client.h
@@ -0,0 +1,108 @@
+#ifndef __AUDIT_TRAIL_CLIENT_H__
+#define __AUDIT_TRAIL_CLIENT_H__
+
+#include <string>
+#include <memory>
+
+#include <audit-trail/dac.h>
+#include <audit-trail/mac.h>
+#include <audit-trail/syscall.h>
+#include <audit-trail/audit-trail.h>
+
+#include "proxythread.h"
+#include "reporthandler.h"
+#include "utils.h"
+
+namespace NMD
+{
+
+/**
+ * @brief The AuditTrailClient class collect logs from system
+ */
+class AuditTrailClient
+{
+    friend void threadFunc(AuditTrailClient* client, std::string log);
+
+    /**
+     * @brief DAC, MAC and system calls log callback
+     * @details Called when a new log occurs
+     * @param[in] log
+     * @param[in] user_data
+     */
+    friend void logCallback(const char* log, void* user_data);
+
+public:
+    /**
+     * @brief CTOR
+     */
+    AuditTrailClient(const std::string& device_id, std::shared_ptr<ProxyThread> proxy_thread, std::shared_ptr<ReportHandler> report_handler, WorkingMode mode);
+
+    /**
+     * @brief DTOR
+     */
+    virtual ~AuditTrailClient();
+
+    /**
+     * @brief Start DAC(Discretionary Access Control) auditing
+     * @details This API can be used to start to collect DAC logs
+     */
+    bool start_dac_auditing();
+
+    /**
+     * @brief Stop DAC(Discretionary Access Control) auditing
+     * @details This API can be used to stop to collect DAC logs
+     */
+    void stop_dac_auditing();
+
+    /**
+     * @brief Start MAC(Mandatory Access Control) auditing
+     * @details This API can be used to start to collect MAC logs
+     */
+    bool start_mac_auditing();
+
+    /**
+     * @brief Stop MAC(Mandatory Access Control) auditing
+     * @details This API can be used to stop to collect MAC logs
+     */
+    void stop_mac_auditing();
+
+    /**
+     * @brief Start system calls auditing
+     * @details This API can be used to start to collect system calls logs
+     */
+    bool start_syscall_auditing();
+
+    /**
+     * @brief Stop system calls auditing
+     * @details This API can be used to stop to collect system calls logs
+     */
+    void stop_syscall_auditing();
+
+    /**
+     * @brief Start DAC, MAC and system calls auditing
+     * @details This API can be used to start to collect logs
+     */
+    bool start_auditing();
+
+    /**
+     * @brief Stop DAC, MAC and system calls auditing
+     * @details This API can be used to stop to collect logs
+     */
+    void stop_auditing();
+
+private:
+    void sendReport(const std::string& report);
+
+    std::string m_device_id;
+    std::shared_ptr<ProxyThread> m_proxy_thread;
+    std::shared_ptr<ReportHandler> m_report_handler;
+    WorkingMode m_mode;
+    audit_trail_h m_audit_trail;
+    int m_dac_cb_id;
+    int m_mac_cb_id;
+    int m_syscall_cb_id;
+};
+
+} // namespace NMD
+
+#endif /* __AUDIT_TRAIL_CLIENT_H__ */
diff --git a/device_core/nmdaemon/main_thread.cpp b/device_core/nmdaemon/main_thread.cpp
index 828c5f4..9d5f282 100644
--- a/device_core/nmdaemon/main_thread.cpp
+++ b/device_core/nmdaemon/main_thread.cpp
@@ -5,7 +5,7 @@
 #include "utils.h"
 #include "hub_resource.h"
 #include "easysetup_server.h"
-#include "reporthandler.h"
+#include "reporthandlerfactory.h"
 #include "policyhandlerfactory.h"
 #include "hub_report_resource.h"
 #include "hub_policy_resource.h"
@@ -15,6 +15,9 @@
 #include "control_resource.h"
 #include "agentpolicyservice.h"
 #include "report_stub.h"  // TODO: Remove after migration on report service
+#ifndef __BUILD_UBUNTU__
+#include "audit_trail_client.h"
+#endif
 
 using namespace NetworkManager;
 namespace PH = std::placeholders;
@@ -95,9 +98,9 @@ void MainThread::routine()
         std::shared_ptr<HubResource> hub;
         std::shared_ptr<ReportResource> report_hub_resorce;
         std::shared_ptr<PolicyResource> policy_hub_resource;
+        std::shared_ptr<ReportHandler> report_handler;
         std::shared_ptr<PolicyHandler> policy_handler;
         ResourceHandles rhandles;
-        ReportHandler *report_handler;
 
         write_log(  "[MAIN_THREADS] Config : \n\thost[%s] \n\tauth_provider[%s] \n\tauth_code[%s] \n\tuid[%s] \n\taccess_token[%s] \n\tdevice_id[%s]\n",
                     host.c_str(),
@@ -114,12 +117,12 @@ void MainThread::routine()
 
         if(with_cloud)
         {
-            report_handler = new ReportHandlerMQ();
+            report_handler = ReportHandlerFactory::createWithMQ();
             policy_handler = PolicyHandlerFactory::createWithMQ();
         }
         else
         {
-            report_handler = new ReportHandlerRes(config.ssid);
+            report_handler = ReportHandlerFactory::createWithResource(config.ssid);
             policy_handler = PolicyHandlerFactory::createWithResource(config.ssid);
         }
 
@@ -184,6 +187,11 @@ void MainThread::routine()
         AgentPolicyService agent_policy_service(std::bind(&PolicyHandler::enforceCallback, policy_handler.get(), PH::_1, PH::_2));
         std::thread rmi_thread(&AgentPolicyService::run, &agent_policy_service);
 
+#ifndef __BUILD_UBUNTU__
+        AuditTrailClient audit_trail_client(iotivity->getDeviceID(), proxy_thread, report_handler, g_working_mode);
+        audit_trail_client.start_auditing();
+#endif
+
         while(m_running)
         {
             std::this_thread::sleep_for(std::chrono::milliseconds(10000));
@@ -191,21 +199,12 @@ void MainThread::routine()
             {
                 hub->findDevices();
             }
-
-            OCRepresentation rpr;
-            rpr.setValue("report", getReport(iotivity->getDeviceID()));
-            rpr.setValue("duid", iotivity->getDeviceID());
-
-            if (g_working_mode == WorkingMode::Hub)
-            {
-                proxy_thread->addAction(std::async(std::launch::deferred, &ReportHandler::pass, report_handler, rpr, QueryParamsMap{}));
-            }
-            else
-            {
-                report_handler->pass(rpr, QueryParamsMap{});
-            }
         }
 
+#ifndef __BUILD_UBUNTU__
+        audit_trail_client.stop_auditing();
+#endif
+
         if (proxy_thread)
         {
             proxy_thread->stop();
diff --git a/device_core/nmdaemon/report_stub.cpp b/device_core/nmdaemon/report_stub.cpp
index 3012f1d..1bc077a 100644
--- a/device_core/nmdaemon/report_stub.cpp
+++ b/device_core/nmdaemon/report_stub.cpp
@@ -63,7 +63,7 @@ std::string makeReport(const std::string& id, const std::string& name, int resul
     oss << "\"date\": \"" << current_time << "\",";
     oss << "\"name\": \"" << name << "\",";
     oss << "\"result\": " << result << ",";
-    oss << "\"data\": " << data << "}";
+    oss << "\"data\": {\"log\" = \"" << data << "\"}}";
     return oss.str();
 }
 
diff --git a/device_core/nmdaemon/reporthandlerfactory.cpp b/device_core/nmdaemon/reporthandlerfactory.cpp
new file mode 100644
index 0000000..5f2ff88
--- /dev/null
+++ b/device_core/nmdaemon/reporthandlerfactory.cpp
@@ -0,0 +1,12 @@
+#include "reporthandler.h"
+#include "reporthandlerfactory.h"
+
+std::shared_ptr<ReportHandler> ReportHandlerFactory::createWithResource(const std::string& sid)
+{
+    return std::make_shared<ReportHandlerRes>(sid);
+}
+
+std::shared_ptr<ReportHandler> ReportHandlerFactory::createWithMQ()
+{
+    return std::make_shared<ReportHandlerMQ>();
+}
diff --git a/device_core/nmdaemon/reporthandlerfactory.h b/device_core/nmdaemon/reporthandlerfactory.h
new file mode 100644
index 0000000..ff4fad8
--- /dev/null
+++ b/device_core/nmdaemon/reporthandlerfactory.h
@@ -0,0 +1,25 @@
+#ifndef __REPORT_HANDLER_FACTORY_H__
+#define __REPORT_HANDLER_FACTORY_H__
+
+#include <memory>
+
+#include "reporthandler.h"
+
+class ReportHandlerFactory
+{
+public:
+    /**
+     * @brief createWithResource creates ReportHandler using resource layer for communication
+     * @param sid [in] optional server id (with id used for primitive devices)
+     * @return handler shared pointer
+     */
+    static std::shared_ptr<ReportHandler> createWithResource(const std::string& sid = "");
+
+    /**
+     * @brief createWithMQ creates ReportHandler using Message Queue layer for communication
+     * @return handler shared pointer
+     */
+    static std::shared_ptr<ReportHandler> createWithMQ();
+};
+
+#endif // __REPORT_HANDLER_FACTORY_H__
diff --git a/device_core/packaging/ioswsec.spec b/device_core/packaging/ioswsec.spec
index bb47070..d277a74 100644
--- a/device_core/packaging/ioswsec.spec
+++ b/device_core/packaging/ioswsec.spec
@@ -23,6 +23,7 @@ BuildRequires: pkgconfig(dlog)
 BuildRequires: pkgconfig(boost)
 BuildRequires: pkgconfig(systemd)
 BuildRequires: pkgconfig(jsoncpp)
+BuildRequires: pkgconfig(audit-trail)
 
 %define _tests_dir /usr/apps/network-manager
 %define _manifestdir /usr/share/packages
-- 
2.7.4