--- /dev/null
+# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Aleksander Zdyb <a.zdyb@samsung.com>
+#
+
+CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3)
+PROJECT(nice-lad)
+
+OPTION(WITH_TESTS "Build tests" ON)
+
+# Check for C++11 support and enable proper compilation flags
+INCLUDE(CheckCXXCompilerFlag)
+CHECK_CXX_COMPILER_FLAG("-std=c++11" COMPILER_SUPPORTS_CXX11)
+IF(COMPILER_SUPPORTS_CXX11)
+ SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
+ELSE()
+ CHECK_CXX_COMPILER_FLAG("-std=c++0x" COMPILER_SUPPORTS_CXX0X)
+ IF(COMPILER_SUPPORTS_CXX0X)
+ SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++0x")
+ ELSE()
+ MESSAGE(STATUS "The compiler ${CMAKE_CXX_COMPILER} has no C++11 support. Please use a different C++ compiler.")
+ ENDIF()
+ENDIF()
+
+SET(BIN_DIR
+ "${CMAKE_INSTALL_PREFIX}/bin"
+ CACHE PATH
+ "User executables directory"
+)
+
+SET(SBIN_DIR
+ "${CMAKE_INSTALL_PREFIX}/sbin"
+ CACHE PATH
+ "System admin executables directory"
+)
+
+SET(SYS_CONFIG_DIR
+ "${CMAKE_INSTALL_PREFIX}/etc"
+ CACHE PATH
+ "Read-only single-machine data directory"
+)
+
+INCLUDE(FindPkgConfig)
+
+SET(TARGET_NICE_LAD "nice-lad")
+
+ADD_SUBDIRECTORY(src)
+ADD_SUBDIRECTORY(conf)
+
+IF(WITH_TESTS)
+ SET(TARGET_NICE_LAD_TESTS "nice-lad-tests")
+ ADD_SUBDIRECTORY(tests)
+ENDIF(WITH_TESTS)
--- /dev/null
+# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file src/CMakeLists.txt
+# @author Aleksander Zdyb <a.zdyb@samsung.com>
+#
+
+OPTION(WITH_SECURITY_MANAGER "Use Security Manager to obtain resource groups" OFF)
+OPTION(WITH_JOURNALD "Use journald to log denials. Syslog will be used otherwise" OFF)
+
+IF(WITH_JOURNALD)
+ PKG_CHECK_MODULES(journald REQUIRED libsystemd-journal)
+ELSE(WITH_JOURNALD) # journald may still be possibly used for informational logging
+ PKG_CHECK_MODULES(journald QUIET libsystemd-journal)
+ENDIF(WITH_JOURNALD)
+
+IF(journald_FOUND)
+ ADD_DEFINITIONS("-DWITH_JOURNALD")
+ENDIF(journald_FOUND)
+
+IF(WITH_SECURITY_MANAGER)
+ PKG_CHECK_MODULES(security_manager REQUIRED security-manager)
+ ADD_DEFINITIONS("-DWITH_SECURITY_MANAGER")
+ENDIF(WITH_SECURITY_MANAGER)
+
+FIND_PACKAGE(Boost 1.57 REQUIRED)
+
+PKG_CHECK_MODULES(audit
+ REQUIRED
+ audit>=2.4.2
+ auparse>=2.4.2
+)
+
+INCLUDE_DIRECTORIES(
+ ${CMAKE_CURRENT_SOURCE_DIR}
+ ${audit_INCLUDE_DIRS}
+ ${Boost_INCLUDE_DIRS}
+ ${journald_INCLUDE_DIRS}
+ ${security_manager_INCLUDE_DIRS}
+)
+
+LINK_DIRECTORIES(
+ ${audit_LIBRARY_DIRS}
+ ${journald_LIBRARY_DIRS}
+ ${security_manager_LIBRARY_DIRS}
+)
+
+SET(SOURCE_FILES
+ main.cpp
+ Audit/Auditctl.cpp
+ Audit/AuditWrapper.cpp
+ Audit/AuparseSourceFeedWrapper.cpp
+ Audit/AuparseWrapper.cpp
+ Audit/Parser.cpp
+ Audit/SyscallRuleData.cpp
+ Lad/AuditEventHandler.cpp
+ Lad/AuditRulesPopulator.cpp
+ Lad/Options.cpp
+ Log/log.cpp
+ Utils/Feed.cpp
+ Utils/SignalFd.cpp
+)
+
+IF(WITH_JOURNALD)
+SET(SOURCE_FILES
+ ${SOURCE_FILES}
+ Systemd/DataCollector.cpp
+)
+ELSE(WITH_JOURNALD)
+SET(SOURCE_FILES
+ ${SOURCE_FILES}
+ Lad/SyslogDataCollector.cpp
+)
+ENDIF(WITH_JOURNALD)
+
+IF(WITH_SECURITY_MANAGER)
+SET(SOURCE_FILES
+ ${SOURCE_FILES}
+ SecurityManager/DataProvider.cpp
+ SecurityManager/SecurityManagerWrapper.cpp
+)
+ELSE(WITH_SECURITY_MANAGER)
+SET(SOURCE_FILES
+ ${SOURCE_FILES}
+ Lad/DummyDataProvider.cpp
+)
+ENDIF(WITH_SECURITY_MANAGER)
+
+ADD_EXECUTABLE(${TARGET_NICE_LAD} ${SOURCE_FILES})
+
+TARGET_LINK_LIBRARIES(
+ ${TARGET_NICE_LAD}
+ ${audit_LIBRARIES}
+ ${Boost_LIBRARIES}
+ ${journald_LIBRARIES}
+ ${security_manager_LIBRARIES}
+ )
+
+INSTALL(TARGETS ${TARGET_NICE_LAD} DESTINATION ${SBIN_DIR})
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file src/main.cpp
+ * @author Aleksander Zdyb <a.zdyb@samsung.com>
+ * @version 1.0
+ */
+
+#include <csignal>
+#include <cstdlib>
+#include <memory>
+
+#include <Audit/Auditctl.h>
+#include <Audit/AuditWrapper.h>
+#include <Audit/AuparseSourceFeedWrapper.h>
+#include <Audit/ErrorException.h>
+#include <Audit/Parser.h>
+#include <Lad/AuditEventHandler.h>
+#include <Lad/AuditRulesPopulator.h>
+#include <Lad/Options.h>
+#include <Log/log.h>
+#include <Utils/Feed.h>
+#include <Utils/SignalFd.h>
+#include <Utils/WithMessageException.h>
+
+int main(int argc, char **argv) {
+ using std::placeholders::_1;
+ using std::placeholders::_2;
+
+ init_log();
+
+ LOGI("Starting nice-lad");
+
+ try {
+ Audit::AuditWrapper auditApi;
+ Audit::AuparseSourceFeedWrapper auparseApi;
+ Audit::Parser auParser(auparseApi);
+ Audit::Auditctl auditctl(auditApi);
+ auto &dataProvider = Lad::Options::dataProvider();
+ auto &dataCollector = Lad::Options::dataCollector();
+ Lad::AuditRulesPopulator rulesPopulator(auditctl, dataProvider);
+ int sigFd = Utils::SignalFd::createSignalFd({ SIGHUP, SIGTERM });
+
+ Utils::Feed feed(STDIN_FILENO, auditApi.MAX_AUDIT_MESSAGE_LENGTH_CONST(), sigFd);
+
+ feed.onData.connect(std::bind(&Audit::Parser::feed, &auParser, _1, _2));
+
+ feed.onTimeout.connect(std::bind(&Audit::Parser::flush, &auParser));
+
+ feed.onEod.connect([&auParser] (void) {
+ auParser.flush();
+ LOGI("End of data. Terminating.");
+ });
+
+ feed.onSignal.connect([&feed] (int sigFd) {
+ const auto sigNo = Utils::SignalFd::readSignalNo(sigFd);
+ if (sigNo == SIGTERM) {
+ LOGI("Got SIGTERM (Terminating)");
+ feed.stop();
+ } else if (sigNo == SIGHUP) {
+ LOGI("Got SIGHUP (Reloading configuration)");
+ } else {
+ LOGW("Unexpected signal (" << sigNo << ")");
+ }
+ });
+
+ Lad::AuditEventHandler eventHandler;
+ auParser.onEvent.connect(std::bind(&Lad::AuditEventHandler::handleEvent, &eventHandler, _1));
+
+ eventHandler.onLogDenial.connect(std::bind(&Lad::DataCollector::log, &dataCollector, _1));
+
+ LOGD("nice-lad up and ready");
+
+ feed.start();
+ } catch (const std::exception &ex) {
+ LOGC(ex.what() << " (Terminating)");
+ return EXIT_FAILURE;
+ } catch (...) {
+ LOGC("Unknown error (Terminating)");
+ return EXIT_FAILURE;
+ }
+
+ return EXIT_SUCCESS;
+}
--- /dev/null
+# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file tests/CMakeLists.txt
+# @author Aleksander Zdyb <a.zdyb@samsung.com>
+#
+
+FIND_PACKAGE(Boost 1.57 REQUIRED)
+
+FIND_PACKAGE(Threads REQUIRED) # Required by gmock
+
+PKG_CHECK_MODULES(gmock QUIET gmock)
+
+IF(NOT gmock_FOUND)
+ ADD_SUBDIRECTORY(${GMOCK_ROOT} gmock)
+ INCLUDE_DIRECTORIES(
+ ${GMOCK_ROOT}/include
+ ${GMOCK_ROOT}/gtest/include
+ )
+ENDIF(NOT gmock_FOUND)
+
+SET(LAD_SRC_DIR ../src)
+
+INCLUDE_DIRECTORIES(
+ ${audit_INCLUDE_DIRS}
+ ${Boost_INCLUDE_DIRS}
+ ${gmock_INCLUDE_DIRS}
+ ${LAD_SRC_DIR}
+)
+
+SET(SOURCE_FILES
+ main.cpp
+ Audit/auditctl.cpp
+ Audit/parser.cpp
+ Audit/syscall_rule_data.cpp
+ Lad/audit_event_handler.cpp
+ SecurityManager/data_provider.cpp
+
+ ${LAD_SRC_DIR}/Audit/Auditctl.cpp
+ ${LAD_SRC_DIR}/Audit/Parser.cpp
+ ${LAD_SRC_DIR}/Audit/SyscallRuleData.cpp
+ ${LAD_SRC_DIR}/Lad/AuditEventHandler.cpp
+ ${LAD_SRC_DIR}/Log/log.cpp
+ ${LAD_SRC_DIR}/SecurityManager/DataProvider.cpp
+)
+
+ADD_EXECUTABLE(${TARGET_NICE_LAD_TESTS} ${SOURCE_FILES})
+
+IF(gmock_FOUND)
+ TARGET_LINK_LIBRARIES(${TARGET_NICE_LAD_TESTS}
+ ${CMAKE_THREAD_LIBS_INIT}
+ ${gmock_LDFLAGS}
+ ${gmock_LIBRARIES}
+ )
+ELSE(gmock_FOUND)
+ TARGET_LINK_LIBRARIES(${TARGET_NICE_LAD_TESTS}
+ ${CMAKE_THREAD_LIBS_INIT}
+ gmock gtest
+ )
+ENDIF(gmock_FOUND)
+
+INSTALL(TARGETS ${TARGET_NICE_LAD_TESTS} DESTINATION ${BIN_DIR})
projects / platform / core / security / nice-lad.git / commitdiff