Implement Audit::SyscallRuleData

This is an objective wrapper on libaudit's audit_rule_data.

Change-Id: Ie5d67e1fa3db0aac46e9b2927666d4d422ed71b8

diff --git a/src/Audit/SyscallRuleData.cpp b/src/Audit/SyscallRuleData.cpp
new file mode 100644 (file)
index 0000000..6b828cb
--- /dev/null
+++ b/src/Audit/SyscallRuleData.cpp
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+/**
+ * @file        src/Audit/SyscallRuleData.cpp
+ * @author      Aleksander Zdyb <a.zdyb@samsung.com>
+ * @version     1.0
+ */
+
+#include <new>
+
+#include <Audit/ErrorException.h>
+
+#include "SyscallRuleData.h"
+
+namespace Audit {
+
+SyscallRuleData::SyscallRuleData(BaseAuditWrapper &auditApi, const std::string &syscall)
+    : m_auditApi(auditApi), m_syscall(syscall) {}
+
+void SyscallRuleData::addPair(const std::string &key, const std::string &value) {
+    m_pairs.insert({ key, value });
+}
+
+struct audit_rule_data *SyscallRuleData::get() const {
+    auto ruleData = m_auditApi.create_rule_data();
+
+    m_auditApi.audit_rule_syscallbyname_data(ruleData, m_syscall.c_str());
+
+    const auto pairLen = m_auditApi.MAX_AUDIT_MESSAGE_LENGTH_CONST();
+    char pair[pairLen];
+
+    for (const auto &kv : m_pairs) {
+        auto ret = snprintf(pair, pairLen, "%s=%s", kv.first.c_str(), kv.second.c_str());
+        if (ret < 0 || ret >= pairLen)
+            throw ErrorException("Could not fill rule data");
+        m_auditApi.audit_rule_fieldpair_data(&ruleData, pair, m_auditApi.AUDIT_FILTER_EXIT_CONST());
+    }
+
+    return ruleData;
+}
+
+} /* namespace Audit */

diff --git a/src/Audit/SyscallRuleData.h b/src/Audit/SyscallRuleData.h
new file mode 100644 (file)
index 0000000..f06b1e6
--- /dev/null
+++ b/src/Audit/SyscallRuleData.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+/**
+ * @file        src/Audit/SyscallRuleData.h
+ * @author      Aleksander Zdyb <a.zdyb@samsung.com>
+ * @version     1.0
+ */
+
+
+#ifndef SRC_AUDIT_RULEDATA_H
+#define SRC_AUDIT_RULEDATA_H
+
+#include <string>
+#include <unordered_map>
+
+#include <Audit/BaseAuditWrapper.h>
+
+namespace Audit {
+
+class SyscallRuleData {
+public:
+    typedef std::unordered_map<std::string, std::string> Pairs;
+
+    SyscallRuleData(BaseAuditWrapper &auditApi, const std::string &syscall = "all");
+    virtual ~SyscallRuleData() = default;
+
+    void addPair(const std::string &key, const std::string &value);
+
+    virtual struct audit_rule_data *get() const;
+
+private:
+    BaseAuditWrapper &m_auditApi;
+    std::string m_syscall;
+    Pairs m_pairs;
+};
+
+} /* namespace Audit */
+
+#endif /* SRC_AUDIT_RULEDATA_H */