+build
+build-gbs
+install
*.pro
-*.pro.*
-cloud/**/.settings
-
-.cproject
-.project
-.settings/
-scripts
\ No newline at end of file
+*.pro.user
+*.dat
void confirm(const std::string& uri, const std::string& response) const;
/**
+ * @brief confirm sends confirmation request
+ * @param uri confirmation uri
+ * @param response confirmation request data
+ */
+ void confirm(const std::string& uri, const Json::Value& response) const;
+
+ /**
* @brief sendData sends data to the server
* @param data data to send
*/
void confirm(const std::string& response = std::string{});
/**
+ * @brief confirm Confirms that event processed correctly
+ * @param response optional confirmation response data
+ */
+ void confirm(const Json::Value& response);
+
+ /**
* @brief getType returns event type
* @return event type
*/
* @brief doPost performs a HTTP POST request on the DSM server using specified URI
* @param info session information
* @param uri relative URI
- * @param data body of the POST response or throws an exception on failure
+ * @param data body of the POST response
*/
virtual void doPost(const SessionInfo& info, const std::string& uri, const std::string& data) = 0;
/**
+ * @brief doPost performs a HTTP POST request on the DSM server using specified URI
+ * @param info session information
+ * @param uri relative URI
+ * @param data body of the POST response
+ */
+ virtual void doPost(const SessionInfo& info, const std::string& uri, const Json::Value& data) = 0;
+
+ /**
* @brief sendData sends data to the DSM server
* @param info session information
* @param data data to send
* @brief str Returns composed JSON report as string
* @return composed report as string
*/
- std::string str();
+ std::string str() const;
/**
* @brief get Returns composed report as Json::Value
* @return report as Json::Value
*/
- const Json::Value& get();
+ const Json::Value& get() const;
private:
Json::Value root;
void doPost(const SessionInfo& info, const std::string& uri, const std::string& data) override;
+ void doPost(const SessionInfo& info, const std::string& uri, const Json::Value& data) override;
+
void sendData(const SessionInfo& info, const std::string& data) override;
void sendData(const SessionInfo& info, const Json::Value& data) override;
--- /dev/null
+/**
+ * Samsung Ukraine R&D Center (SRK under a contract between)
+ * LLC "Samsung Electronics Co", Ltd (Seoul, Republic of Korea)
+ * Copyright (C) 2018 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/**
+ * @file securityoptions.h
+ * @brief Container for the CURL options.
+ * @date Created May 10, 2017
+ * @author Mail to: <A HREF="mailto:d.lomtev@samsung.com">Dmytro Lomtev, d.lomtev@samsung.com</A>
+ */
+#ifndef SECURITYOPTIONS_H
+#define SECURITYOPTIONS_H
+
+#include <curl/curl.h>
+#include <functional>
+#include <list>
+
+namespace communication
+{
+
+/**
+ * @brief The SecurityOptions class container for CURL options
+ */
+class SecurityOptions final : public std::list<std::function<void(CURL*)>>
+{
+public:
+ /**
+ * @brief Adds option.
+ * @param opt curl option
+ * @param val option value
+ */
+ template<typename T>
+ void add(CURLoption opt, T val)
+ {
+ auto wrap = [opt, val](CURL* handle) {
+ curl_easy_setopt(handle, opt, val);
+ };
+
+ push_back(wrap);
+ }
+
+ /**
+ * @brief Applies options for supplied CURL handle.
+ * @param handle pointer to the CURL instance.
+ */
+ void apply(CURL* handle)
+ {
+ for (auto& opt: *this) {
+ opt(handle);
+ }
+ }
+
+ /**
+ * @brief Returns reference to the SecurityOptions instance.
+ * @return reference to the SecurityOptions instance.
+ */
+ static SecurityOptions& instance()
+ {
+ static SecurityOptions inst;
+ return inst;
+ }
+private:
+ SecurityOptions()
+ {
+ }
+};
+
+} // namespace communication
+
+
+#endif // SECURITYOPTIONS_H
}
}
+void Connection::confirm(const std::string& uri, const Json::Value& response) const
+{
+ try {
+ rest->doPost(sinfo, uri, response);
+ } catch (std::exception& e) {
+ LOG_E(TAG, "Fail to confirm update uri: [%s], error: [%s]", uri.c_str(), e.what());
+ }
+}
+
void Connection::sendData(const Json::Value& data) const
{
rest->sendData(sinfo, data);
return;
}
- LOG_D(TAG, "Updates: %.511s", updates.c_str());
+ LOG_D(TAG, "Updates: %.256s", updates.c_str());
+
Json::Reader reader;
Json::Value root;
}
}
+void Event::confirm(const Json::Value& response)
+{
+ if (!confirmed && !confirmUri.empty()) {
+ connection.confirm(confirmUri, response);
+ confirmed = true;
+ }
+}
+
}
root["data"].append(item);
}
-std::string ReportComposer::str()
+std::string ReportComposer::str() const
{
Json::FastWriter writer;
return writer.write(root);
}
-const Json::Value& ReportComposer::get()
+const Json::Value& ReportComposer::get() const
{
return root;
}
#include <sstream>
#include "logging.h"
#include "samonitor_tag.h"
+#include "securityoptions.h"
static class CurlInitializer
{
}
} curlGlobalInitialize;
+namespace
+{
+const std::string HTTP_SECURE{"https://"};
+}
+
namespace communication
{
}
curl_easy_setopt(m_curl_handle, CURLOPT_TIMEOUT, 5);
+
+ if (m_host.substr(0, HTTP_SECURE.size()) == HTTP_SECURE) {
+ SecurityOptions::instance().apply(m_curl_handle);
+ }
}
RestRequest::~RestRequest()
void RestService::doPost(const SessionInfo& info, const std::string& uri, const std::string& data)
{
RestRequest request(host);
+ request.addHeader("Content-Type", "text/plain");
restResultGuard(request.post(RestRequest::QueryParameters{}, uri, data));
}
+void RestService::doPost(const SessionInfo& info, const std::string& uri, const Json::Value& data)
+{
+ RestRequest request(host);
+ request.addHeader("Content-Type", "application/json");
+ Json::FastWriter writer;
+ std::string payload = writer.write(data);
+ LOG_D(TAG, "POST: %s", payload.c_str());
+ restResultGuard(request.post(RestRequest::QueryParameters{}, uri, payload));
+}
+
void RestService::sendData(const SessionInfo& info, const std::string& data)
{
LOG_D(TAG, "Request body: %.511s", data.c_str());
libcurl
dpm
dlog
- audit
audit-trail
capi-system-info
jsoncpp
target_compile_definitions(${PROJECT_NAME}
PRIVATE CONFIG_FILE_PATH=${DAEMON_CONFIG_DIR}/${DAEMON_CONFIG_FILE}
PRIVATE DATA_DIR=${DATA_DIR}
+ PRIVATE DEVICE_CERT=${DEVICE_CERT}
+ PRIVATE DEVICE_KEY=${DEVICE_KEY}
+ PRIVATE DEVICE_KEY_PASS=${DEVICE_KEY_PASS}
+ PRIVATE VCONF_KEY=${VCONF_KEY}
)
install(TARGETS ${PROJECT_NAME} DESTINATION ${BIN_DIR})
--- /dev/null
+/**
+ * Samsung Ukraine R&D Center (SRK under a contract between)
+ * LLC "Samsung Electronics Co", Ltd (Seoul, Republic of Korea)
+ * Copyright (C) 2018 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/**
+ * @file agentexception.h
+ * @brief Agent exception class
+ * @date Created Apr 4, 2018
+ * @author Mail to: <A HREF="mailto:d.lomtev@samsung.com">Dmytro Lomtiev, d.lomtev@samsung.com</A>
+ */
+#ifndef AGENTEXCEPTION_H
+#define AGENTEXCEPTION_H
+
+#include <string>
+
+namespace agent
+{
+
+enum AgentErrors : int
+{
+ AE_OK = 0,
+ AE_WRONG_FORMAT,
+ AE_UNSUPPORTED,
+ AE_INTERNAL_ERROR,
+ AE_UNKNOWN
+};
+
+class AgentException : public std::exception
+{
+public:
+ AgentException(const std::string& text, const int code) : message(text), errorCode(code)
+ {
+ }
+
+ const char* what() const noexcept override
+ {
+ return message.c_str();
+ }
+
+ int error() const
+ {
+ return errorCode;
+ }
+
+private:
+ std::string message;
+ int errorCode;
+};
+
+} // namespace agent
+
+#endif // AGENTEXCEPTION_H
* @author Mail to: <A HREF="mailto:i.metelytsia@samsung.com">Iurii Metelytsia, i.metelytsia@samsung.com</A>
* @author Mail to: <A HREF="mailto:d.lomtev@samsung.com">Dmytro Lomtev, d.lomtev@samsung.com</A>
*/
-#include <iostream>
#include <fstream>
#include <string>
#include <cstdlib>
rule->m_data.m_key = (const char*)value;
} else {
if (f.type() == FieldType::t_int) {
- rule->m_data.m_condition.push_back({(int)field, (int)operation, (int)value});
+ rule->m_data.m_condition.push_back({(int)field, (int)operation, (int)reinterpret_cast<const intptr_t>(value)});
} else if (f.type() == FieldType::t_str) {
rule->m_data.m_condition.push_back({(int)field, (int)operation, (const char*)value});
}
}
}
+Rule::Rule(Rule&& other): m_handle(other.m_handle), m_data(std::move(other.m_data))
+{
+ other.m_handle = nullptr;
+}
+
+Rule& Rule::operator=(Rule&& other)
+{
+ m_handle = other.m_handle;
+ other.m_handle = nullptr;
+ m_data = std::move(other.m_data);
+ return *this;
+}
+
Rule::~Rule()
{
- audit_rule_destroy(m_handle);
+ if (m_handle != nullptr) {
+ audit_rule_destroy(m_handle);
+ }
}
int Rule::addSyscall(int syscall)
int res = 0;
Condition c{field, operation, value};
- if ((res = audit_rule_add_condition(m_handle, c.m_field, c.m_operation, (const void*)value)) == AUDIT_TRAIL_ERROR_NONE) {
+ if ((res = audit_rule_add_condition(m_handle, c.m_field, c.m_operation, (const void*)static_cast<intptr_t>(value))) == AUDIT_TRAIL_ERROR_NONE) {
m_data.m_condition.push_back(c);
}
Condition c{field, operation, value};
ConditionList::iterator it = std::find(m_data.m_condition.begin(), m_data.m_condition.end(), c);
if (it != m_data.m_condition.end()) {
- if ((res = audit_rule_remove_condition(m_handle, c.m_field, c.m_operation, (const void*)value)) == AUDIT_TRAIL_ERROR_NONE) {
+ if ((res = audit_rule_remove_condition(m_handle, c.m_field, c.m_operation, (const void*)static_cast<intptr_t>(value))) == AUDIT_TRAIL_ERROR_NONE) {
m_data.m_condition.erase(it);
}
}
#ifndef RULE_H
#define RULE_H
-#include <iostream>
+#include <algorithm>
#include <string>
#include <list>
#include <set>
#include <jsoncpp/json/value.h>
#include <jsoncpp/json/reader.h>
#include <jsoncpp/json/writer.h>
+#include "../agentexception.h"
namespace audit
{
Field(int field) : m_field(field)
{
if (s_fields.find(m_field) == s_fields.end()) {
- throw std::logic_error("Unsupported audit rule condition field!");
+ throw agent::AgentException("Unsupported audit rule condition field!", agent::AE_UNSUPPORTED);
}
}
Field(const std::string& field) : m_field(-1)
}
}
if (m_field == -1) {
- throw std::logic_error("Unsupported audit rule condition field!");
+ throw agent::AgentException("Unsupported audit rule condition field!", agent::AE_UNSUPPORTED);
}
}
Operation(int operation) : m_operation(operation)
{
if (s_operations.find(m_operation) == s_operations.end()) {
- throw std::logic_error("Unsupported audit rule condition operation!");
+ throw agent::AgentException("Unsupported audit rule condition operation!", agent::AE_UNSUPPORTED);
}
}
Operation(const std::string& operation) : m_operation(-1)
}
}
if (m_operation == -1) {
- throw std::logic_error("Unsupported audit rule condition operation!");
+ throw agent::AgentException("Unsupported audit rule condition operation!", agent::AE_UNSUPPORTED);
}
}
operator const void* () const
{
if (m_value.type() == typeid(int)) {
- return (const void*)boost::get<int>(m_value);
+ return (const void*)static_cast<intptr_t>(boost::get<int>(m_value));
}
return (const void*)boost::get<std::string>(m_value).c_str();
}
}
return res;
}
+
+ friend bool operator ==(const ConditionList& lv, const ConditionList& rv)
+ {
+ for (auto i : lv) {
+ if (std::find(rv.cbegin(), rv.cend(), i) == rv.cend()) {
+ return false;
+ }
+ }
+ for (auto i : rv) {
+ if (std::find(lv.cbegin(), lv.cend(), i) == lv.cend()) {
+ return false;
+ }
+ }
+ return true;
+ }
};
/**
RuleData(const Json::Value& data) : m_key(), m_syscall{}, m_condition{}
{
if (data.empty()) {
- throw std::logic_error("Empty rule!");
+ throw agent::AgentException("Empty rule!", agent::AE_WRONG_FORMAT);
}
- m_key = data.get("key", "").asString();
- if (m_key == "") {
- throw std::logic_error("Field \"key\" is undefined!");
+ if (!data.isMember("key") && !data.isMember("syscall") && !data.isMember("condition")) {
+ throw agent::AgentException("Invalid condition format!", agent::AE_WRONG_FORMAT);
}
+ m_key = data.get("key", "").asString();
+
const Json::Value& syscall = data["syscall"];
for (const Json::Value& v : syscall) {
m_syscall.insert(v.asInt());
const Json::Value& condition = data["condition"];
for (const Json::Value& node : condition) {
if (!node.isMember("field") || !node.isMember("operator") || !node.isMember("value")) {
- throw std::logic_error("Invalid condition format!");
+ throw agent::AgentException("Invalid condition format!", agent::AE_WRONG_FORMAT);
}
std::string f = node.get("field", "").asString();
std::string o = node.get("operator", "").asString();
}
}
+ RuleData(const RuleData&) = default;
+ RuleData& operator=(const RuleData&) = default;
+ RuleData(RuleData&&) = default;
+ RuleData& operator=(RuleData&&) = default;
+
Json::Value asJson() const
{
Json::Value res;
Rule(audit_rule_h handle);
Rule(const RuleData& data);
+ Rule(const Rule& data) = delete;
+ Rule& operator=(const Rule& data) = delete;
+
+ Rule(Rule&& data);
+ Rule& operator=(Rule&& data);
+
/**
* @brief Destructor
*/
*/
#include <algorithm>
-#include <vector>
+#include <list>
#include <sstream>
#include <stdexcept>
#include <cassert>
{
Json::Value data(Json::arrayValue);
LOG_D(TAG, "AuditRuleManager::getRules");
- AuditRules ruls = getRules();
+ AuditRules ruls = getRules();
for (audit_rule_h handle : ruls) {
try {
- Rule rule(handle);
- data.append(rule.data().asJson());
+ data.append(Rule(handle).data().asJson());
} catch (const std::exception& e) {
LOG_E(TAG, "AuditRuleManager::getRules error: %s", e.what());
}
return data;
}
-bool RuleManager::updateRules(const Json::Value& rules)
+bool RuleManager::insertRules(const Json::Value& rules, Json::Value& result)
{
- LOG_D(TAG, "AuditRuleManager::updateRules");
+ LOG_D(TAG, "AuditRuleManager::insertRules");
- if (rules.get("type", "").asString() != "rule" || !rules.isMember("data")) {
- LOG_E(TAG, "AuditRuleManager::updateRules: invalid rule format");
+ if (rules.get("type", "").asString() != "response-existing-rules" || !rules.isMember("data")) {
+ LOG_E(TAG, "AuditRuleManager::insertRules: invalid rule format");
return false;
}
- try {
- std::vector<Rule> existing_ruls;
- AuditRules rls = getRules();
- for (audit_rule_h handle : rls) {
- existing_ruls.emplace_back(handle);
- }
+ AuditRules rls = getRules();
+ std::list<Rule> existing_rules(rls.cbegin(), rls.cend());
- std::vector<RuleData> er_data;
- for (const Rule& r : existing_ruls) {
- er_data.push_back(r.data());
+ const Json::Value& data = rules["data"];
+ for (const Json::Value& node : data) {
+ try {
+ RuleData rd{node};
+ const auto& it = std::find_if(existing_rules.cbegin(), existing_rules.cend(), [&rd](const Rule& r){return rd == r.data();});
+ if (it == existing_rules.cend()) {
+ Rule r{rd};
+ if (audit_trail_add_rule(m_audit_trail, (audit_rule_h)r) != AUDIT_TRAIL_ERROR_NONE) {
+ throw agent::AgentException("Failed to add rule.", agent::AE_INTERNAL_ERROR);
+ }
+ existing_rules.push_back(std::move(r));
+ }
+ } catch (const std::exception& e) {
+ LOG_E(TAG, "AuditRuleManager::insertRules failed: %s", e.what());
}
+ }
- std::vector<RuleData> nr_data;
- const Json::Value& data = rules["data"];
- for (const Json::Value& node : data) {
- nr_data.emplace_back(node);
- }
+ for (const auto& it : existing_rules) {
+ result.append(it.data().asJson());
+ }
- std::vector<RuleData> to_remove;
- for (const RuleData& v : er_data) {
- if (std::find(nr_data.cbegin(), nr_data.cend(), v) == nr_data.cend()) {
- to_remove.push_back(v);
- }
- }
+ return true;
+}
- std::vector<RuleData> to_add;
- for (const RuleData& v : nr_data) {
- if (std::find(er_data.cbegin(), er_data.cend(), v) == er_data.cend()) {
- to_add.push_back(v);
- }
- }
+bool RuleManager::updateRules(const Json::Value& rules, Json::Value& result)
+{
+ LOG_D(TAG, "AuditRuleManager::updateRules");
+
+ Json::Value result_array(Json::arrayValue);
+ Json::Value rules_array(Json::arrayValue);
- for (const RuleData& v : to_remove) {
- for (const Rule& r : existing_ruls) {
- if (v == r.data()) {
- if (audit_trail_remove_rule(m_audit_trail, (audit_rule_h)r) != AUDIT_TRAIL_ERROR_NONE) {
- throw std::runtime_error("audit_trail_remove_rule failed!");
+ if (rules.get("type", "").asString() != "update-rule" || !rules.isMember("data")) {
+ LOG_E(TAG, "AuditRuleManager::updateRules: invalid rule format");
+ return false;
+ }
+
+ AuditRules rls = getRules();
+ std::list<Rule> existing_rules(rls.cbegin(), rls.cend());
+
+ const Json::Value& data = rules["data"];
+ for (const Json::Value& node : data) {
+ int status_code = agent::AE_OK;
+ try {
+ const Json::Value& new_rule = node["new"];
+ if (!new_rule.empty()) {
+ Rule r{RuleData{new_rule}};
+ if (audit_trail_add_rule(m_audit_trail, (audit_rule_h)r) != AUDIT_TRAIL_ERROR_NONE) {
+ throw agent::AgentException("Failed to add rule.", agent::AE_INTERNAL_ERROR);
+ }
+ existing_rules.push_back(std::move(r));
+ }
+ const Json::Value& old_rule = node["old"];
+ if (!old_rule.empty()) {
+ RuleData rd{old_rule};
+ while (true) {
+ const auto& it = std::find_if(existing_rules.cbegin(), existing_rules.cend(), [&rd](const Rule& r){return rd == r.data();});
+ if (it == existing_rules.cend())
+ break;
+ if (audit_trail_remove_rule(m_audit_trail, (audit_rule_h)*it) != AUDIT_TRAIL_ERROR_NONE) {
+ throw agent::AgentException("Failed to remove rule.", agent::AE_INTERNAL_ERROR);
}
- break;
+ existing_rules.erase(it);
}
}
+ } catch (const agent::AgentException& e) {
+ LOG_E(TAG, "AuditRuleManager::updateRules failed: %s", e.what());
+ status_code = e.error();
+ } catch (const std::exception& e) {
+ LOG_E(TAG, "AuditRuleManager::updateRules failed: %s", e.what());
+ status_code = agent::AE_UNKNOWN;
}
+ Json::Value item{node};
+ item["status"] = status_code;
+ result_array.append(item);
+ }
- for (const RuleData& v : to_add) {
- if (audit_trail_add_rule(m_audit_trail, (audit_rule_h)Rule(v)) != AUDIT_TRAIL_ERROR_NONE) {
- throw std::runtime_error("audit_trail_add_rule failed!");
- }
- }
- } catch (const std::exception& e) {
- LOG_E(TAG, "AuditRuleManager::updateRules failed: %s", e.what());
- return false;
+ for (const auto& it : existing_rules) {
+ rules_array.append(it.data().asJson());
}
+ result["result"] = result_array;
+ result["rules"] = rules_array;
+
return true;
}
Json::Value getRulesAsJson();
/**
+ * @brief Insert new rules
+ * @param rules [in] rules to apply
+ * @param result [out] rules applying result
+ * @return true/false
+ */
+ bool insertRules(const Json::Value& rules, Json::Value& result);
+
+ /**
* @brief Update all existing rules
* @param rules [in] rules to apply
+ * @param result [out] rules applying result
* @return true/false
*/
- bool updateRules(const Json::Value& rules);
+ bool updateRules(const Json::Value& rules, Json::Value& result);
private:
/**
{
Json::Value rules;
rules["type"] = RULE_STATE_KEY;
-
rules["data"] = audit::RuleManager::GetInstance().getRulesAsJson();
connection.sendData(rules);
event.confirm();
--- /dev/null
+/**
+ * Samsung Ukraine R&D Center (SRK under a contract between)
+ * LLC "Samsung Electronics Co", Ltd (Seoul, Republic of Korea)
+ * Copyright (C) 2018 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/**
+ * @file auditrequestrulehandler.cpp
+ * @brief Handler for request existing rules from server
+ * @date Created May 25, 2018
+ * @author Mail to: <A HREF="mailto:i.metelytsia@samsung.com">Iurii Metelytsia, i.metelytsia@samsung.com</A>
+ */
+#include <thread>
+#include <jsoncpp/json/reader.h>
+#include <jsoncpp/json/writer.h>
+#include "auditrequestrulehandler.h"
+#include "audit/rule_manager.h"
+#include "logging.h"
+#include "settings.h"
+#include "samonitor_tag.h"
+
+namespace
+{
+const std::string REQUEST_KEY{"request-existing-rules"};
+const std::string ENFORCE_KEY{"response-existing-rules"};
+const std::string RESPONSE_KEY{"state-rule"};
+}
+
+namespace agent
+{
+
+AuditRequestRuleHandler::AuditRequestRuleHandler(communication::Connection& conn) :
+ communication::EventListener(conn, ENFORCE_KEY)
+{
+}
+
+void AuditRequestRuleHandler::request()
+{
+ Json::Value data;
+ data["type"] = REQUEST_KEY;
+ bool ok = false;
+
+ do {
+ try {
+ connection.sendData(data);
+ ok = true;
+ } catch (std::exception& e) {
+ LOG_E(TAG, "Update rules request failed: %s", e.what());
+ std::this_thread::sleep_for(Settings::instance().getKeepAliveTimeout());
+ }
+ } while (!ok && connection.isAllowed());
+}
+
+void AuditRequestRuleHandler::accept(communication::Event& event)
+{
+ if (Settings::instance().isLocked()) {
+ return;
+ }
+
+ Json::Value result(Json::arrayValue);
+
+ const std::string& content = event.getContent();
+ if (!content.empty()) {
+ try {
+ Json::Reader reader;
+ Json::Value rules;
+ if (reader.parse(content, rules)) {
+ audit::RuleManager::GetInstance().insertRules(rules, result);
+ }
+ } catch (...) {
+ LOG_E(TAG, "Fail to insert audit-trail rules.");
+ result.clear();
+ }
+ }
+
+ Json::Value response;
+ response["type"] = RESPONSE_KEY;
+ response["data"] = result;
+ connection.sendData(response);
+ event.confirm();
+}
+
+} // namespace agent
* limitations under the License
*/
/**
- * @file audit_utils.cpp
- * @brief Audit helper
- * @date Created Apr 03, 2018
+ * @file auditrequestrulehandler.h
+ * @brief Handler for request existing rules from server
+ * @date Created May 25, 2018
* @author Mail to: <A HREF="mailto:i.metelytsia@samsung.com">Iurii Metelytsia, i.metelytsia@samsung.com</A>
*/
+#ifndef AUDITREQUESTRULEHANDLER_H
+#define AUDITREQUESTRULEHANDLER_H
-#include <libaudit.h>
+#include "eventlistener.h"
-#include "audit_utils.h"
-
-namespace audit
-{
-
-const char* AuditUtils::platformType()
+namespace agent
{
- int pt = platform();
- return (pt != -1) ? audit_machine_to_name(pt) : nullptr;
-}
-AuditUtils::SyscallList AuditUtils::syscallTable()
+class AuditRequestRuleHandler : communication::EventListener
{
- SyscallList res;
+public:
+ /**
+ * @brief Constructor
+ * @param conn a connection to assosiate
+ */
+ AuditRequestRuleHandler(communication::Connection& conn);
- int pt = platform();
- if (pt != -1) {
- for (int i = 0; i < 8192; ++i) {
- const char* name = audit_syscall_to_name(i, pt);
- if (name) {
- res.push_back(std::make_pair(i, std::string(name)));
- }
- }
- }
+ /**
+ * @brief request existing rules from server
+ */
+ void request();
- return res;
-}
+ void accept(communication::Event& event) override;
+};
-int AuditUtils::platform()
-{
- return audit_detect_machine();
-}
+} // namespace agent
-} // namespace audit
+#endif // AUDITREQUESTRULEHANDLER_H
* @author Mail to: <A HREF="mailto:d.lomtev@samsung.com">Dmytro Lomtiev, d.lomtev@samsung.com</A>
*/
#include <jsoncpp/json/reader.h>
+#include <jsoncpp/json/writer.h>
#include "auditupdaterulehandler.h"
#include "audit/rule_manager.h"
#include "logging.h"
#include "settings.h"
#include "samonitor_tag.h"
-
namespace
{
-const std::string RULE_ENFORCE_KEY{"rule"};
+const std::string ENFORCE_KEY{"update-rule"};
+const std::string RESPONSE_KEY{"status-rule"};
}
namespace agent
{
AuditUpdateRuleHandler::AuditUpdateRuleHandler(communication::Connection& conn) :
- communication::EventListener(conn, RULE_ENFORCE_KEY)
+ communication::EventListener(conn, ENFORCE_KEY)
{
}
return;
}
- const std::string& content = event.getContent();
- bool result = true;
+ Json::Value result;
+ const std::string& content = event.getContent();
if (!content.empty()) {
try {
Json::Reader reader;
Json::Value rules;
- reader.parse(content, rules);
-
- result = audit::RuleManager::GetInstance().updateRules(rules);
- } catch (std::exception& e) {
- LOG_E(TAG, "Fail to update audit-trail rules. Reason: %s", e.what());
- result = false;
+ if (reader.parse(content, rules)) {
+ audit::RuleManager::GetInstance().updateRules(rules, result);
+ }
+ } catch (...) {
+ LOG_E(TAG, "Fail to update audit-trail rules.");
+ result.clear();
}
}
- // TODO: clarify response format
- event.confirm(result ? "OK" : "ERROR");
+ if (result.empty()) {
+ result["rules"] = audit::RuleManager::GetInstance().getRulesAsJson();
+ result["result"] = Json::Value(Json::arrayValue);
+ }
+
+ Json::Value response;
+ response["type"] = RESPONSE_KEY;
+ response["data"] = result;
+ event.confirm(response);
}
} // namespace agent
~DropPrivilege()
{
- if (0 != setresuid(euid, euid, -1)) {
- LOG_W(TAG, "Failed to restore privileges.");
- }
+ std::ignore = setresuid(euid, euid, -1);
}
uid_t euid, cuid;
#include "systemdwrapper.h"
#include "logging.h"
#include "samonitor_tag.h"
+#include "macro.h"
using namespace agent;
-const std::string vconfkeyModeState{"db/sam/enable"};
+#if !defined(VCONF_KEY)
+# error "VCONF_KEY must be defined"
+#endif
+const std::string vconfkeyModeState{STRINGIFY(VCONF_KEY)};
static MainThread g_main_thread;
#include "settingshandler.h"
#include "settings.h"
#include "audithandler.h"
+#include "auditrequestrulehandler.h"
#include "auditupdaterulehandler.h"
#include "syscallstatehandler.h"
#include "servicerequest.h"
#include "logging.h"
#include "samonitor_tag.h"
#include "main_thread.h"
+#include "securityoptions.h"
namespace PH = std::placeholders;
extern bool volatile g_running;
# error "DATA_DIR must be defined (directory to store application intermediate files)"
#endif
+#if !defined(DEVICE_CERT)
+# error "DEVICE_CERT must be defined (Device certificate PEM)"
+#endif
+#if !defined(DEVICE_KEY)
+# error "DEVICE_KEY must be defined (Device private key PEM)"
+#endif
+
+#if !defined(DEVICE_KEY_PASS)
+# error "DEVICE_KEY_PASS must be defined (Private key password)"
+#endif
+
namespace
{
const std::string savedConfig{STRINGIFY(DATA_DIR) "/sam.conf"};
throw std::runtime_error("Failed to load settings");
}
+ communication::SecurityOptions& secOpts = communication::SecurityOptions::instance();
+ secOpts.add(CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
+ secOpts.add(CURLOPT_SSL_FALSESTART, 1L);
+ secOpts.add(CURLOPT_SSL_VERIFYPEER, 1L);
+ secOpts.add(CURLOPT_SSL_VERIFYHOST, 2L);
+ // Uncomment lines below to enable security options
+// secOpts.add(CURLOPT_CAINFO, "/opt/data/sam/cacert.pem");
+// secOpts.add(CURLOPT_CAPATH, "/etc/ssl/certs");
+ secOpts.add(CURLOPT_SSLCERT, STRINGIFY(DEVICE_CERT));
+ secOpts.add(CURLOPT_SSLKEY, STRINGIFY(DEVICE_KEY));
+ secOpts.add(CURLOPT_KEYPASSWD, STRINGIFY(DEVICE_KEY_PASS));
+
communication::RestService rest(settings.getServerAddress());
communication::Connection conn(settings.getDeviceId(), settings.getKeepAliveTimeout(), &rest, std::bind(&ThreadBase::is_running, this));
SettingsHandler settings_handler(conn);
SyscallStateHandler syscall_state_handler(conn);
AuditHandler audit_rule_state_handler(conn);
+ AuditRequestRuleHandler audit_request_rule_handler(conn);
AuditUpdateRuleHandler audit_update_rule_handler(conn);
std::shared_ptr<AuditTrailClient> audit_trail_client = nullptr;
ServiceRequest::registerDevice(conn);
}
// Request for rules update
- ServiceRequest::updateRules(conn);
+ audit_request_rule_handler.request();
if (ApplicationService::get_process_id_by_name("audit-trail") != -1) {
audit_trail_client = std::make_shared<AuditTrailClient>(&report_adapter);
+++ /dev/null
-/**
- * Samsung Ukraine R&D Center (SRK under a contract between)
- * LLC "Samsung Electronics Co", Ltd (Seoul, Republic of Korea)
- * Copyright (C) 2018 Samsung Electronics Co., Ltd. All rights reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/**
- * @file report_stub.cpp
- * @brief Report creation stub. Used as temporary solutution for test perposes.
- * Migrate to normal report service when possible.
- * @date Created Jul 14, 2017
- * @author Mail to: <A HREF="mailto:d.lomtev@samsung.com">Dmytro Lomtev, d.lomtev@samsung.com</A>
- */
-
-#include <cstdlib>
-#include <sstream>
-#include <ctime>
-#include "report_stub.h"
-
-namespace
-{
-
-/**
- * @brief The TestReport struct used for mocking DPM reports
- */
-struct TestReport {
- std::string name;
- std::string data;
- int result;
-};
-
-const TestReport test_reports[] = {
- {
- "sim",
- R"({"Content":{"deviceInfo":{"model":"UKS9000","tizenVersion":"2.3","tizenName":"Tizen","platform":"Tizen","manufacturer":"Samsung","cpuArch":"armv7","cpuFreq":"1.5GHz","buildStr":"tztv-2.4-main2016-jazz-m_20160930.1","buildDate":"2016-09-30","buildTime":"04:52:44","duid":"BUYD7RXBSUXKICGD"},"timestamp":"2017-02-22 UTC 11:15:20","appid":"0","nonce":"LocalAttestationNonce","AttReport":{"status":"1","report":{"SIMReport":{"version":"2.0","status":"1","protector":{"EVT":{"symbol":{},"status":"0"},"File":{"symbol":{"/usr/lib/systemd/system":{"attackCount":"1"}},"status":"1"},"PageTable":{"symbol":{},"status":"0"},"StaticMemory":{"symbol":{},"status":"0"},"LSM":{"symbol":{},"status":"0"},"LKM":{"symbol":{},"status":"0"},"VFS":{"symbol":{},"status":"0"},"Netfilter":{"symbol":{},"status":"0"}}}}}},"Integrity":{"Sign":"0"}})",
- 0
- },
- {
- "smart-security",
- "{\"status\":\"secured\",\"health\": 100}",
- 11
- }
-};
-
-} // namespace
-
-namespace agent
-{
-
-static std::string currentDateTime();
-
-std::string makeReport(const std::string& id, const std::string& name, int result, const std::string& data)
-{
- std::ostringstream oss;
- std::string current_time = currentDateTime();
- oss << "{\"did\": \"" << id << "\",";
- oss << "\"date\": \"" << current_time << "\",";
- oss << "\"name\": \"" << name << "\",";
- oss << "\"result\": " << result << ",";
- oss << "\"data\": {\"log\": \"" << data << "\"}}";
- return oss.str();
-}
-
-std::string currentDateTime()
-{
- time_t rawtime;
- struct tm* timeinfo;
- char buffer[128];
- time(&rawtime);
- timeinfo = localtime(&rawtime);
- strftime(buffer, sizeof(buffer), "%d-%m-%Y %I:%M:%S", timeinfo);
- return std::string(buffer);
-}
-
-} // namespace agent
#include "logging.h"
#include "samonitor_tag.h"
-namespace
-{
-const std::string UPDATE_RULES_REQUEST_TYPE{"request-rules"};
-}
-
namespace agent
{
} while (!ok && conn.isAllowed());
}
-void ServiceRequest::updateRules(const communication::Connection& conn)
-{
- Json::Value data;
- data["type"] = UPDATE_RULES_REQUEST_TYPE;
- bool ok = false;
-
- do {
- try {
- conn.sendData(data);
- ok = true;
- } catch (std::exception& e) {
- LOG_E(TAG, "Update rules request failed: %s", e.what());
- std::this_thread::sleep_for(Settings::instance().getKeepAliveTimeout());
- }
- } while (!ok && conn.isAllowed());
-}
-
} // namespace agent
{
public:
static void registerDevice(communication::Connection& conn);
-
- static void updateRules(const communication::Connection& conn);
};
} // namespace agent
* limitations under the License
*/
/**
- * @file report_stub.h
- * @brief Create test report
- * @date Created Jul 14, 2017
- * @author Mail to: <A HREF="mailto:d.lomtev@samsung.com">Dmytro Lomtev, d.lomtev@samsung.com</A>
+ * @file syscall.cpp
+ * @brief Syscall helper
+ * @date Created May 15, 2018
+ * @author Mail to: <A HREF="mailto:i.metelytsia@samsung.com">Iurii Metelytsia, i.metelytsia@samsung.com</A>
*/
-#ifndef REPORT_STUB_H
-#define REPORT_STUB_H
-#include <string>
+#include <sys/utsname.h>
+
+#include "syscall.h"
namespace agent
{
-/**
- * @brief Create test report
- * @param id [in] device identifier
- * @param name [in] report name
- * @param result [in] report result
- * @param data [in] report data
- * @return report JSON
- */
-std::string makeReport(const std::string& id, const std::string& name, int result, const std::string& data);
+Syscall::SyscallList Syscall::syscallTable()
+{
+ SyscallList res;
-} // namespace agent
+ const auto& it = m_syscall_map.find(platformType());
+ if (it != m_syscall_map.cend())
+ res = it->second;
-#endif // REPORT_STUB_H
+ return res;
+}
+
+std::string Syscall::platformType()
+{
+ struct utsname nm;
+ return (uname(&nm) == 0) ? std::string(nm.machine) : "";
+}
+
+} // namespace agent
* limitations under the License
*/
/**
- * @file audit_utils.h
- * @brief Audit helper
- * @date Created Apr 03, 2018
+ * @file syscall.h
+ * @brief Syscall helper
+ * @date Created May 15, 2018
* @author Mail to: <A HREF="mailto:i.metelytsia@samsung.com">Iurii Metelytsia, i.metelytsia@samsung.com</A>
*/
-#ifndef AUDIT_UTILS_H
-#define AUDIT_UTILS_H
+#ifndef SYSCALL_H
+#define SYSCALL_H
#include <string>
#include <vector>
+#include <map>
#include <utility>
-namespace audit
+namespace agent
{
/**
- * @brief Audit helper class
+ * @brief Syscall helper class
*/
-class AuditUtils
+class Syscall
{
public:
/**
using SyscallList = std::vector<std::pair<int, std::string>>;
/**
+ * @typedef SyscallsMap
+ * @brief System calls map
+ */
+ using SyscallMap = std::map<std::string, SyscallList>;
+
+ /**
* @brief Get supported system calls
* @return system call list
*/
/**
* @brief Get the platform type
- * @return platform string or nullptr
+ * @return platform string
*/
- static const char* platformType();
+ static std::string platformType();
private:
- /**
- * @brief Get the platform type
- * @return platform type or -1 in case of error
- */
- static int platform();
+ static const SyscallMap m_syscall_map;
};
-} // namespace audit
+} // namespace agent
-#endif // AUDIT_UTILS_H
+#endif // SYSCALL_H
--- /dev/null
+/**
+ * Samsung Ukraine R&D Center (SRK under a contract between)
+ * LLC "Samsung Electronics Co", Ltd (Seoul, Republic of Korea)
+ * Copyright (C) 2018 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/**
+ * @file syscall_list.cpp
+ * @brief Syscalls for supported architectures
+ * @date Created May 15, 2018
+ * @author Mail to: <A HREF="mailto:i.metelytsia@samsung.com">Iurii Metelytsia, i.metelytsia@samsung.com</A>
+ */
+
+#include "syscall.h"
+
+namespace agent
+{
+
+const Syscall::SyscallMap Syscall::m_syscall_map =
+{
+ {
+ "armv7l",
+ {
+ {0, "restart_syscall"},
+ {1, "exit"},
+ {2, "fork"},
+ {3, "read"},
+ {4, "write"},
+ {5, "open"},
+ {6, "close"},
+ {8, "creat"},
+ {9, "link"},
+ {10, "unlink"},
+ {11, "execve"},
+ {12, "chdir"},
+ {13, "time"},
+ {14, "mknod"},
+ {15, "chmod"},
+ {16, "lchown"},
+ {19, "lseek"},
+ {20, "getpid"},
+ {21, "mount"},
+ {22, "umount"},
+ {23, "setuid"},
+ {24, "getuid"},
+ {25, "stime"},
+ {26, "ptrace"},
+ {27, "alarm"},
+ {29, "pause"},
+ {30, "utime"},
+ {33, "access"},
+ {34, "nice"},
+ {36, "sync"},
+ {37, "kill"},
+ {38, "rename"},
+ {39, "mkdir"},
+ {40, "rmdir"},
+ {41, "dup"},
+ {42, "pipe"},
+ {43, "times"},
+ {45, "brk"},
+ {46, "setgid"},
+ {47, "getgid"},
+ {49, "geteuid"},
+ {50, "getegid"},
+ {51, "acct"},
+ {52, "umount2"},
+ {54, "ioctl"},
+ {55, "fcntl"},
+ {57, "setpgid"},
+ {60, "umask"},
+ {61, "chroot"},
+ {62, "ustat"},
+ {63, "dup2"},
+ {64, "getppid"},
+ {65, "getpgrp"},
+ {66, "setsid"},
+ {67, "sigaction"},
+ {70, "setreuid"},
+ {71, "setregid"},
+ {72, "sigsuspend"},
+ {73, "sigpending"},
+ {74, "sethostname"},
+ {75, "setrlimit"},
+ {76, "getrlimit"},
+ {77, "getrusage"},
+ {78, "gettimeofday"},
+ {79, "settimeofday"},
+ {80, "getgroups"},
+ {81, "setgroups"},
+ {82, "select"},
+ {83, "symlink"},
+ {85, "readlink"},
+ {86, "uselib"},
+ {87, "swapon"},
+ {88, "reboot"},
+ {89, "readdir"},
+ {90, "mmap"},
+ {91, "munmap"},
+ {92, "truncate"},
+ {93, "ftruncate"},
+ {94, "fchmod"},
+ {95, "fchown"},
+ {96, "getpriority"},
+ {97, "setpriority"},
+ {99, "statfs"},
+ {100, "fstatfs"},
+ {102, "socketcall"},
+ {103, "syslog"},
+ {104, "setitimer"},
+ {105, "getitimer"},
+ {106, "stat"},
+ {107, "lstat"},
+ {108, "fstat"},
+ {111, "vhangup"},
+ {113, "syscall"},
+ {114, "wait4"},
+ {115, "swapoff"},
+ {116, "sysinfo"},
+ {117, "ipc"},
+ {118, "fsync"},
+ {119, "sigreturn"},
+ {120, "clone"},
+ {121, "setdomainname"},
+ {122, "uname"},
+ {124, "adjtimex"},
+ {125, "mprotect"},
+ {126, "sigprocmask"},
+ {128, "init_module"},
+ {129, "delete_module"},
+ {131, "quotactl"},
+ {132, "getpgid"},
+ {133, "fchdir"},
+ {134, "bdflush"},
+ {135, "sysfs"},
+ {136, "personality"},
+ {138, "setfsuid"},
+ {139, "setfsgid"},
+ {140, "_llseek"},
+ {141, "getdents"},
+ {142, "_newselect"},
+ {143, "flock"},
+ {144, "msync"},
+ {145, "readv"},
+ {146, "writev"},
+ {147, "getsid"},
+ {148, "fdatasync"},
+ {149, "_sysctl"},
+ {150, "mlock"},
+ {151, "munlock"},
+ {152, "mlockall"},
+ {153, "munlockall"},
+ {154, "sched_setparam"},
+ {155, "sched_getparam"},
+ {156, "sched_setscheduler"},
+ {157, "sched_getscheduler"},
+ {158, "sched_yield"},
+ {159, "sched_get_priority_max"},
+ {160, "sched_get_priority_min"},
+ {161, "sched_rr_get_interval"},
+ {162, "nanosleep"},
+ {163, "mremap"},
+ {164, "setresuid"},
+ {165, "getresuid"},
+ {168, "poll"},
+ {169, "nfsservctl"},
+ {170, "setresgid"},
+ {171, "getresgid"},
+ {172, "prctl"},
+ {173, "rt_sigreturn"},
+ {174, "rt_sigaction"},
+ {175, "rt_sigprocmask"},
+ {176, "rt_sigpending"},
+ {177, "rt_sigtimedwait"},
+ {178, "rt_sigqueueinfo"},
+ {179, "rt_sigsuspend"},
+ {180, "pread64"},
+ {181, "pwrite64"},
+ {182, "chown"},
+ {183, "getcwd"},
+ {184, "capget"},
+ {185, "capset"},
+ {186, "sigaltstack"},
+ {187, "sendfile"},
+ {190, "vfork"},
+ {191, "ugetrlimit"},
+ {192, "mmap2"},
+ {193, "truncate64"},
+ {194, "ftruncate64"},
+ {195, "stat64"},
+ {196, "lstat64"},
+ {197, "fstat64"},
+ {198, "lchown32"},
+ {199, "getuid32"},
+ {200, "getgid32"},
+ {201, "geteuid32"},
+ {202, "getegid32"},
+ {203, "setreuid32"},
+ {204, "setregid32"},
+ {205, "getgroups32"},
+ {206, "setgroups32"},
+ {207, "fchown32"},
+ {208, "setresuid32"},
+ {209, "getresuid32"},
+ {210, "setresgid32"},
+ {211, "getresgid32"},
+ {212, "chown32"},
+ {213, "setuid32"},
+ {214, "setgid32"},
+ {215, "setfsuid32"},
+ {216, "setfsgid32"},
+ {217, "getdents64"},
+ {218, "pivot_root"},
+ {219, "mincore"},
+ {220, "madvise"},
+ {221, "fcntl64"},
+ {224, "gettid"},
+ {225, "readahead"},
+ {226, "setxattr"},
+ {227, "lsetxattr"},
+ {228, "fsetxattr"},
+ {229, "getxattr"},
+ {230, "lgetxattr"},
+ {231, "fgetxattr"},
+ {232, "listxattr"},
+ {233, "llistxattr"},
+ {234, "flistxattr"},
+ {235, "removexattr"},
+ {236, "lremovexattr"},
+ {237, "fremovexattr"},
+ {238, "tkill"},
+ {239, "sendfile64"},
+ {240, "futex"},
+ {241, "sched_setaffinity"},
+ {242, "sched_getaffinity"},
+ {243, "io_setup"},
+ {244, "io_destroy"},
+ {245, "io_getevents"},
+ {246, "io_submit"},
+ {247, "io_cancel"},
+ {248, "exit_group"},
+ {249, "lookup_dcookie"},
+ {250, "epoll_create"},
+ {251, "epoll_ctl"},
+ {252, "epoll_wait"},
+ {253, "remap_file_pages"},
+ {256, "set_tid_address"},
+ {257, "timer_create"},
+ {258, "timer_settime"},
+ {259, "timer_gettime"},
+ {260, "timer_getoverrun"},
+ {261, "timer_delete"},
+ {262, "clock_settime"},
+ {263, "clock_gettime"},
+ {264, "clock_getres"},
+ {265, "clock_nanosleep"},
+ {266, "statfs64"},
+ {267, "fstatfs64"},
+ {268, "tgkill"},
+ {269, "utimes"},
+ {270, "arm_fadvise64_64"},
+ {271, "pciconfig_iobase"},
+ {272, "pciconfig_read"},
+ {273, "pciconfig_write"},
+ {274, "mq_open"},
+ {275, "mq_unlink"},
+ {276, "mq_timedsend"},
+ {277, "mq_timedreceive"},
+ {278, "mq_notify"},
+ {279, "mq_getsetattr"},
+ {280, "waitid"},
+ {281, "socket"},
+ {282, "bind"},
+ {283, "connect"},
+ {284, "listen"},
+ {285, "accept"},
+ {286, "getsockname"},
+ {287, "getpeername"},
+ {288, "socketpair"},
+ {289, "send"},
+ {290, "sendto"},
+ {291, "recv"},
+ {292, "recvfrom"},
+ {293, "shutdown"},
+ {294, "setsockopt"},
+ {295, "getsockopt"},
+ {296, "sendmsg"},
+ {297, "recvmsg"},
+ {298, "semop"},
+ {299, "semget"},
+ {300, "semctl"},
+ {301, "msgsnd"},
+ {302, "msgrcv"},
+ {303, "msgget"},
+ {304, "msgctl"},
+ {305, "shmat"},
+ {306, "shmdt"},
+ {307, "shmget"},
+ {308, "shmctl"},
+ {309, "add_key"},
+ {310, "request_key"},
+ {311, "keyctl"},
+ {312, "semtimedop"},
+ {313, "vserver"},
+ {314, "ioprio_set"},
+ {315, "ioprio_get"},
+ {316, "inotify_init"},
+ {317, "inotify_add_watch"},
+ {318, "inotify_rm_watch"},
+ {319, "mbind"},
+ {320, "get_mempolicy"},
+ {321, "set_mempolicy"},
+ {322, "openat"},
+ {323, "mkdirat"},
+ {324, "mknodat"},
+ {325, "fchownat"},
+ {326, "futimesat"},
+ {327, "fstatat64"},
+ {328, "unlinkat"},
+ {329, "renameat"},
+ {330, "linkat"},
+ {331, "symlinkat"},
+ {332, "readlinkat"},
+ {333, "fchmodat"},
+ {334, "faccessat"},
+ {335, "pselect6"},
+ {336, "ppoll"},
+ {337, "unshare"},
+ {338, "set_robust_list"},
+ {339, "get_robust_list"},
+ {340, "splice"},
+ {341, "arm_sync_file_range"},
+ {342, "tee"},
+ {343, "vmsplice"},
+ {344, "move_pages"},
+ {345, "getcpu"},
+ {346, "epoll_pwait"},
+ {347, "kexec_load"},
+ {348, "utimensat"},
+ {349, "signalfd"},
+ {350, "timerfd_create"},
+ {351, "eventfd"},
+ {352, "fallocate"},
+ {353, "timerfd_settime"},
+ {354, "timerfd_gettime"},
+ {355, "signalfd4"},
+ {356, "eventfd2"},
+ {357, "epoll_create1"},
+ {358, "dup3"},
+ {359, "pipe2"},
+ {360, "inotify_init1"},
+ {361, "preadv"},
+ {362, "pwritev"},
+ {363, "rt_tgsigqueueinfo"},
+ {364, "perf_event_open"},
+ {365, "recvmmsg"},
+ {366, "accept4"},
+ {367, "fanotify_init"},
+ {368, "fanotify_mark"},
+ {369, "prlimit64"},
+ {370, "name_to_handle_at"},
+ {371, "open_by_handle_at"},
+ {372, "clock_adjtime"},
+ {373, "syncfs"},
+ {374, "sendmmsg"},
+ {375, "setns"},
+ {376, "process_vm_readv"},
+ {377, "process_vm_writev"},
+ {378, "kcmp"},
+ {379, "finit_module"},
+ }
+ },
+ {
+ "aarch64",
+ {
+ {0, "io_setup"},
+ {1, "io_destroy"},
+ {2, "io_submit"},
+ {3, "io_cancel"},
+ {4, "io_getevents"},
+ {5, "setxattr"},
+ {6, "lsetxattr"},
+ {7, "fsetxattr"},
+ {8, "getxattr"},
+ {9, "lgetxattr"},
+ {10, "fgetxattr"},
+ {11, "listxattr"},
+ {12, "llistxattr"},
+ {13, "flistxattr"},
+ {14, "removexattr"},
+ {15, "lremovexattr"},
+ {16, "fremovexattr"},
+ {17, "getcwd"},
+ {18, "lookup_dcookie"},
+ {19, "eventfd2"},
+ {20, "epoll_create1"},
+ {21, "epoll_ctl"},
+ {22, "epoll_pwait"},
+ {23, "dup"},
+ {24, "dup3"},
+ {26, "inotify_init1"},
+ {27, "inotify_add_watch"},
+ {28, "inotify_rm_watch"},
+ {29, "ioctl"},
+ {30, "ioprio_set"},
+ {31, "ioprio_get"},
+ {32, "flock"},
+ {33, "mknodat"},
+ {34, "mkdirat"},
+ {35, "unlinkat"},
+ {36, "symlinkat"},
+ {37, "linkat"},
+ {38, "renameat"},
+ {39, "umount2"},
+ {40, "mount"},
+ {41, "pivot_root"},
+ {42, "nfsservctl"},
+ {47, "fallocate"},
+ {48, "faccessat"},
+ {49, "chdir"},
+ {50, "fchdir"},
+ {51, "chroot"},
+ {52, "fchmod"},
+ {53, "fchmodat"},
+ {54, "fchownat"},
+ {55, "fchown"},
+ {56, "openat"},
+ {57, "close"},
+ {58, "vhangup"},
+ {59, "pipe2"},
+ {60, "quotactl"},
+ {61, "getdents64"},
+ {63, "read"},
+ {64, "write"},
+ {65, "readv"},
+ {66, "writev"},
+ {67, "pread64"},
+ {68, "pwrite64"},
+ {69, "preadv"},
+ {70, "pwritev"},
+ {72, "pselect6"},
+ {73, "ppoll"},
+ {74, "signalfd4"},
+ {75, "vmsplice"},
+ {76, "splice"},
+ {77, "tee"},
+ {78, "readlinkat"},
+ {81, "sync"},
+ {82, "fsync"},
+ {83, "fdatasync"},
+ {84, "sync_file_range2"},
+ {84, "sync_file_range"},
+ {85, "timerfd_create"},
+ {86, "timerfd_settime"},
+ {87, "timerfd_gettime"},
+ {88, "utimensat"},
+ {89, "acct"},
+ {90, "capget"},
+ {91, "capset"},
+ {92, "personality"},
+ {93, "exit"},
+ {94, "exit_group"},
+ {95, "waitid"},
+ {96, "set_tid_address"},
+ {97, "unshare"},
+ {98, "futex"},
+ {99, "set_robust_list"},
+ {100, "get_robust_list"},
+ {101, "nanosleep"},
+ {102, "getitimer"},
+ {103, "setitimer"},
+ {104, "kexec_load"},
+ {105, "init_module"},
+ {106, "delete_module"},
+ {107, "timer_create"},
+ {108, "timer_gettime"},
+ {109, "timer_getoverrun"},
+ {110, "timer_settime"},
+ {111, "timer_delete"},
+ {112, "clock_settime"},
+ {113, "clock_gettime"},
+ {114, "clock_getres"},
+ {115, "clock_nanosleep"},
+ {116, "syslog"},
+ {117, "ptrace"},
+ {118, "sched_setparam"},
+ {119, "sched_setscheduler"},
+ {120, "sched_getscheduler"},
+ {121, "sched_getparam"},
+ {122, "sched_setaffinity"},
+ {123, "sched_getaffinity"},
+ {124, "sched_yield"},
+ {125, "sched_get_priority_max"},
+ {126, "sched_get_priority_min"},
+ {127, "sched_rr_get_interval"},
+ {128, "restart_syscall"},
+ {129, "kill"},
+ {130, "tkill"},
+ {131, "tgkill"},
+ {132, "sigaltstack"},
+ {133, "rt_sigsuspend"},
+ {134, "rt_sigaction"},
+ {135, "rt_sigprocmask"},
+ {136, "rt_sigpending"},
+ {137, "rt_sigtimedwait"},
+ {138, "rt_sigqueueinfo"},
+ {139, "rt_sigreturn"},
+ {140, "setpriority"},
+ {141, "getpriority"},
+ {142, "reboot"},
+ {143, "setregid"},
+ {144, "setgid"},
+ {145, "setreuid"},
+ {146, "setuid"},
+ {147, "setresuid"},
+ {148, "getresuid"},
+ {149, "setresgid"},
+ {150, "getresgid"},
+ {151, "setfsuid"},
+ {152, "setfsgid"},
+ {153, "times"},
+ {154, "setpgid"},
+ {155, "getpgid"},
+ {156, "getsid"},
+ {157, "setsid"},
+ {158, "getgroups"},
+ {159, "setgroups"},
+ {160, "uname"},
+ {161, "sethostname"},
+ {162, "setdomainname"},
+ {163, "getrlimit"},
+ {164, "setrlimit"},
+ {165, "getrusage"},
+ {166, "umask"},
+ {167, "prctl"},
+ {168, "getcpu"},
+ {169, "gettimeofday"},
+ {170, "settimeofday"},
+ {171, "adjtimex"},
+ {172, "getpid"},
+ {173, "getppid"},
+ {174, "getuid"},
+ {175, "geteuid"},
+ {176, "getgid"},
+ {177, "getegid"},
+ {178, "gettid"},
+ {179, "sysinfo"},
+ {180, "mq_open"},
+ {181, "mq_unlink"},
+ {182, "mq_timedsend"},
+ {183, "mq_timedreceive"},
+ {184, "mq_notify"},
+ {185, "mq_getsetattr"},
+ {186, "msgget"},
+ {187, "msgctl"},
+ {188, "msgrcv"},
+ {189, "msgsnd"},
+ {190, "semget"},
+ {191, "semctl"},
+ {192, "semtimedop"},
+ {193, "semop"},
+ {194, "shmget"},
+ {195, "shmctl"},
+ {196, "shmat"},
+ {197, "shmdt"},
+ {198, "socket"},
+ {199, "socketpair"},
+ {200, "bind"},
+ {201, "listen"},
+ {202, "accept"},
+ {203, "connect"},
+ {204, "getsockname"},
+ {205, "getpeername"},
+ {206, "sendto"},
+ {207, "recvfrom"},
+ {208, "setsockopt"},
+ {209, "getsockopt"},
+ {210, "shutdown"},
+ {211, "sendmsg"},
+ {212, "recvmsg"},
+ {213, "readahead"},
+ {214, "brk"},
+ {215, "munmap"},
+ {216, "mremap"},
+ {217, "add_key"},
+ {218, "request_key"},
+ {219, "keyctl"},
+ {220, "clone"},
+ {221, "execve"},
+ {224, "swapon"},
+ {225, "swapoff"},
+ {226, "mprotect"},
+ {227, "msync"},
+ {228, "mlock"},
+ {229, "munlock"},
+ {230, "mlockall"},
+ {231, "munlockall"},
+ {232, "mincore"},
+ {233, "madvise"},
+ {234, "remap_file_pages"},
+ {235, "mbind"},
+ {236, "get_mempolicy"},
+ {237, "set_mempolicy"},
+ {238, "migrate_pages"},
+ {239, "move_pages"},
+ {240, "rt_tgsigqueueinfo"},
+ {241, "perf_event_open"},
+ {242, "accept4"},
+ {243, "recvmmsg"},
+ {244, "arch_specific_syscall"},
+ {260, "wait4"},
+ {261, "prlimit64"},
+ {262, "fanotify_init"},
+ {263, "fanotify_mark"},
+ {264, "name_to_handle_at"},
+ {265, "open_by_handle_at"},
+ {266, "clock_adjtime"},
+ {267, "syncfs"},
+ {268, "setns"},
+ {269, "sendmmsg"},
+ {270, "process_vm_readv"},
+ {271, "process_vm_writev"},
+ {272, "kcmp"},
+ {273, "finit_module"},
+ }
+ },
+ {
+ "i386",
+ {
+ {0, "restart_syscall"},
+ {1, "exit"},
+ {2, "fork"},
+ {3, "read"},
+ {4, "write"},
+ {5, "open"},
+ {6, "close"},
+ {7, "waitpid"},
+ {8, "creat"},
+ {9, "link"},
+ {10, "unlink"},
+ {11, "execve"},
+ {12, "chdir"},
+ {13, "time"},
+ {14, "mknod"},
+ {15, "chmod"},
+ {16, "lchown"},
+ {17, "break"},
+ {18, "oldstat"},
+ {19, "lseek"},
+ {20, "getpid"},
+ {21, "mount"},
+ {22, "umount"},
+ {23, "setuid"},
+ {24, "getuid"},
+ {25, "stime"},
+ {26, "ptrace"},
+ {27, "alarm"},
+ {28, "oldfstat"},
+ {29, "pause"},
+ {30, "utime"},
+ {31, "stty"},
+ {32, "gtty"},
+ {33, "access"},
+ {34, "nice"},
+ {35, "ftime"},
+ {36, "sync"},
+ {37, "kill"},
+ {38, "rename"},
+ {39, "mkdir"},
+ {40, "rmdir"},
+ {41, "dup"},
+ {42, "pipe"},
+ {43, "times"},
+ {44, "prof"},
+ {45, "brk"},
+ {46, "setgid"},
+ {47, "getgid"},
+ {48, "signal"},
+ {49, "geteuid"},
+ {50, "getegid"},
+ {51, "acct"},
+ {52, "umount2"},
+ {53, "lock"},
+ {54, "ioctl"},
+ {55, "fcntl"},
+ {56, "mpx"},
+ {57, "setpgid"},
+ {58, "ulimit"},
+ {59, "oldolduname"},
+ {60, "umask"},
+ {61, "chroot"},
+ {62, "ustat"},
+ {63, "dup2"},
+ {64, "getppid"},
+ {65, "getpgrp"},
+ {66, "setsid"},
+ {67, "sigaction"},
+ {68, "sgetmask"},
+ {69, "ssetmask"},
+ {70, "setreuid"},
+ {71, "setregid"},
+ {72, "sigsuspend"},
+ {73, "sigpending"},
+ {74, "sethostname"},
+ {75, "setrlimit"},
+ {76, "getrlimit"},
+ {77, "getrusage"},
+ {78, "gettimeofday"},
+ {79, "settimeofday"},
+ {80, "getgroups"},
+ {81, "setgroups"},
+ {82, "select"},
+ {83, "symlink"},
+ {84, "oldlstat"},
+ {85, "readlink"},
+ {86, "uselib"},
+ {87, "swapon"},
+ {88, "reboot"},
+ {89, "readdir"},
+ {90, "mmap"},
+ {91, "munmap"},
+ {92, "truncate"},
+ {93, "ftruncate"},
+ {94, "fchmod"},
+ {95, "fchown"},
+ {96, "getpriority"},
+ {97, "setpriority"},
+ {98, "profil"},
+ {99, "statfs"},
+ {100, "fstatfs"},
+ {101, "ioperm"},
+ {102, "socketcall"},
+ {103, "syslog"},
+ {104, "setitimer"},
+ {105, "getitimer"},
+ {106, "stat"},
+ {107, "lstat"},
+ {108, "fstat"},
+ {109, "olduname"},
+ {110, "iopl"},
+ {111, "vhangup"},
+ {112, "idle"},
+ {113, "vm86old"},
+ {114, "wait4"},
+ {115, "swapoff"},
+ {116, "sysinfo"},
+ {117, "ipc"},
+ {118, "fsync"},
+ {119, "sigreturn"},
+ {120, "clone"},
+ {121, "setdomainname"},
+ {122, "uname"},
+ {123, "modify_ldt"},
+ {124, "adjtimex"},
+ {125, "mprotect"},
+ {126, "sigprocmask"},
+ {127, "create_module"},
+ {128, "init_module"},
+ {129, "delete_module"},
+ {130, "get_kernel_syms"},
+ {131, "quotactl"},
+ {132, "getpgid"},
+ {133, "fchdir"},
+ {134, "bdflush"},
+ {135, "sysfs"},
+ {136, "personality"},
+ {137, "afs_syscall"},
+ {138, "setfsuid"},
+ {139, "setfsgid"},
+ {140, "_llseek"},
+ {141, "getdents"},
+ {142, "_newselect"},
+ {143, "flock"},
+ {144, "msync"},
+ {145, "readv"},
+ {146, "writev"},
+ {147, "getsid"},
+ {148, "fdatasync"},
+ {149, "_sysctl"},
+ {150, "mlock"},
+ {151, "munlock"},
+ {152, "mlockall"},
+ {153, "munlockall"},
+ {154, "sched_setparam"},
+ {155, "sched_getparam"},
+ {156, "sched_setscheduler"},
+ {157, "sched_getscheduler"},
+ {158, "sched_yield"},
+ {159, "sched_get_priority_max"},
+ {160, "sched_get_priority_min"},
+ {161, "sched_rr_get_interval"},
+ {162, "nanosleep"},
+ {163, "mremap"},
+ {164, "setresuid"},
+ {165, "getresuid"},
+ {166, "vm86"},
+ {167, "query_module"},
+ {168, "poll"},
+ {169, "nfsservctl"},
+ {170, "setresgid"},
+ {171, "getresgid"},
+ {172, "prctl"},
+ {173, "rt_sigreturn"},
+ {174, "rt_sigaction"},
+ {175, "rt_sigprocmask"},
+ {176, "rt_sigpending"},
+ {177, "rt_sigtimedwait"},
+ {178, "rt_sigqueueinfo"},
+ {179, "rt_sigsuspend"},
+ {180, "pread64"},
+ {181, "pwrite64"},
+ {182, "chown"},
+ {183, "getcwd"},
+ {184, "capget"},
+ {185, "capset"},
+ {186, "sigaltstack"},
+ {187, "sendfile"},
+ {188, "getpmsg"},
+ {189, "putpmsg"},
+ {190, "vfork"},
+ {191, "ugetrlimit"},
+ {192, "mmap2"},
+ {193, "truncate64"},
+ {194, "ftruncate64"},
+ {195, "stat64"},
+ {196, "lstat64"},
+ {197, "fstat64"},
+ {198, "lchown32"},
+ {199, "getuid32"},
+ {200, "getgid32"},
+ {201, "geteuid32"},
+ {202, "getegid32"},
+ {203, "setreuid32"},
+ {204, "setregid32"},
+ {205, "getgroups32"},
+ {206, "setgroups32"},
+ {207, "fchown32"},
+ {208, "setresuid32"},
+ {209, "getresuid32"},
+ {210, "setresgid32"},
+ {211, "getresgid32"},
+ {212, "chown32"},
+ {213, "setuid32"},
+ {214, "setgid32"},
+ {215, "setfsuid32"},
+ {216, "setfsgid32"},
+ {217, "pivot_root"},
+ {218, "mincore"},
+ {219, "madvise"},
+ {220, "getdents64"},
+ {221, "fcntl64"},
+ {224, "gettid"},
+ {225, "readahead"},
+ {226, "setxattr"},
+ {227, "lsetxattr"},
+ {228, "fsetxattr"},
+ {229, "getxattr"},
+ {230, "lgetxattr"},
+ {231, "fgetxattr"},
+ {232, "listxattr"},
+ {233, "llistxattr"},
+ {234, "flistxattr"},
+ {235, "removexattr"},
+ {236, "lremovexattr"},
+ {237, "fremovexattr"},
+ {238, "tkill"},
+ {239, "sendfile64"},
+ {240, "futex"},
+ {241, "sched_setaffinity"},
+ {242, "sched_getaffinity"},
+ {243, "set_thread_area"},
+ {244, "get_thread_area"},
+ {245, "io_setup"},
+ {246, "io_destroy"},
+ {247, "io_getevents"},
+ {248, "io_submit"},
+ {249, "io_cancel"},
+ {250, "fadvise64"},
+ {252, "exit_group"},
+ {253, "lookup_dcookie"},
+ {254, "epoll_create"},
+ {255, "epoll_ctl"},
+ {256, "epoll_wait"},
+ {257, "remap_file_pages"},
+ {258, "set_tid_address"},
+ {259, "timer_create"},
+ {260, "timer_settime"},
+ {261, "timer_gettime"},
+ {262, "timer_getoverrun"},
+ {263, "timer_delete"},
+ {264, "clock_settime"},
+ {265, "clock_gettime"},
+ {266, "clock_getres"},
+ {267, "clock_nanosleep"},
+ {268, "statfs64"},
+ {269, "fstatfs64"},
+ {270, "tgkill"},
+ {271, "utimes"},
+ {272, "fadvise64_64"},
+ {273, "vserver"},
+ {274, "mbind"},
+ {275, "get_mempolicy"},
+ {276, "set_mempolicy"},
+ {277, "mq_open"},
+ {278, "mq_unlink"},
+ {279, "mq_timedsend"},
+ {280, "mq_timedreceive"},
+ {281, "mq_notify"},
+ {282, "mq_getsetattr"},
+ {283, "kexec_load"},
+ {284, "waitid"},
+ {286, "add_key"},
+ {287, "request_key"},
+ {288, "keyctl"},
+ {289, "ioprio_set"},
+ {290, "ioprio_get"},
+ {291, "inotify_init"},
+ {292, "inotify_add_watch"},
+ {293, "inotify_rm_watch"},
+ {294, "migrate_pages"},
+ {295, "openat"},
+ {296, "mkdirat"},
+ {297, "mknodat"},
+ {298, "fchownat"},
+ {299, "futimesat"},
+ {300, "fstatat64"},
+ {301, "unlinkat"},
+ {302, "renameat"},
+ {303, "linkat"},
+ {304, "symlinkat"},
+ {305, "readlinkat"},
+ {306, "fchmodat"},
+ {307, "faccessat"},
+ {308, "pselect6"},
+ {309, "ppoll"},
+ {310, "unshare"},
+ {311, "set_robust_list"},
+ {312, "get_robust_list"},
+ {313, "splice"},
+ {314, "sync_file_range"},
+ {315, "tee"},
+ {316, "vmsplice"},
+ {317, "move_pages"},
+ {318, "getcpu"},
+ {319, "epoll_pwait"},
+ {320, "utimensat"},
+ {321, "signalfd"},
+ {322, "timerfd_create"},
+ {323, "eventfd"},
+ {324, "fallocate"},
+ {325, "timerfd_settime"},
+ {326, "timerfd_gettime"},
+ {327, "signalfd4"},
+ {328, "eventfd2"},
+ {329, "epoll_create1"},
+ {330, "dup3"},
+ {331, "pipe2"},
+ {332, "inotify_init1"},
+ {333, "preadv"},
+ {334, "pwritev"},
+ {335, "rt_tgsigqueueinfo"},
+ {336, "perf_event_open"},
+ {337, "recvmmsg"},
+ {338, "fanotify_init"},
+ {339, "fanotify_mark"},
+ {340, "prlimit64"},
+ {341, "name_to_handle_at"},
+ {342, "open_by_handle_at"},
+ {343, "clock_adjtime"},
+ {344, "syncfs"},
+ {345, "sendmmsg"},
+ {346, "setns"},
+ {347, "process_vm_readv"},
+ {348, "process_vm_writev"},
+ {349, "kcmp"},
+ {350, "finit_module"},
+ },
+ },
+ {
+ "x86_64",
+ {
+ {0, "read"},
+ {1, "write"},
+ {2, "open"},
+ {3, "close"},
+ {4, "stat"},
+ {5, "fstat"},
+ {6, "lstat"},
+ {7, "poll"},
+ {8, "lseek"},
+ {9, "mmap"},
+ {10, "mprotect"},
+ {11, "munmap"},
+ {12, "brk"},
+ {13, "rt_sigaction"},
+ {14, "rt_sigprocmask"},
+ {15, "rt_sigreturn"},
+ {16, "ioctl"},
+ {17, "pread64"},
+ {18, "pwrite64"},
+ {19, "readv"},
+ {20, "writev"},
+ {21, "access"},
+ {22, "pipe"},
+ {23, "select"},
+ {24, "sched_yield"},
+ {25, "mremap"},
+ {26, "msync"},
+ {27, "mincore"},
+ {28, "madvise"},
+ {29, "shmget"},
+ {30, "shmat"},
+ {31, "shmctl"},
+ {32, "dup"},
+ {33, "dup2"},
+ {34, "pause"},
+ {35, "nanosleep"},
+ {36, "getitimer"},
+ {37, "alarm"},
+ {38, "setitimer"},
+ {39, "getpid"},
+ {40, "sendfile"},
+ {41, "socket"},
+ {42, "connect"},
+ {43, "accept"},
+ {44, "sendto"},
+ {45, "recvfrom"},
+ {46, "sendmsg"},
+ {47, "recvmsg"},
+ {48, "shutdown"},
+ {49, "bind"},
+ {50, "listen"},
+ {51, "getsockname"},
+ {52, "getpeername"},
+ {53, "socketpair"},
+ {54, "setsockopt"},
+ {55, "getsockopt"},
+ {56, "clone"},
+ {57, "fork"},
+ {58, "vfork"},
+ {59, "execve"},
+ {60, "exit"},
+ {61, "wait4"},
+ {62, "kill"},
+ {63, "uname"},
+ {64, "semget"},
+ {65, "semop"},
+ {66, "semctl"},
+ {67, "shmdt"},
+ {68, "msgget"},
+ {69, "msgsnd"},
+ {70, "msgrcv"},
+ {71, "msgctl"},
+ {72, "fcntl"},
+ {73, "flock"},
+ {74, "fsync"},
+ {75, "fdatasync"},
+ {76, "truncate"},
+ {77, "ftruncate"},
+ {78, "getdents"},
+ {79, "getcwd"},
+ {80, "chdir"},
+ {81, "fchdir"},
+ {82, "rename"},
+ {83, "mkdir"},
+ {84, "rmdir"},
+ {85, "creat"},
+ {86, "link"},
+ {87, "unlink"},
+ {88, "symlink"},
+ {89, "readlink"},
+ {90, "chmod"},
+ {91, "fchmod"},
+ {92, "chown"},
+ {93, "fchown"},
+ {94, "lchown"},
+ {95, "umask"},
+ {96, "gettimeofday"},
+ {97, "getrlimit"},
+ {98, "getrusage"},
+ {99, "sysinfo"},
+ {100, "times"},
+ {101, "ptrace"},
+ {102, "getuid"},
+ {103, "syslog"},
+ {104, "getgid"},
+ {105, "setuid"},
+ {106, "setgid"},
+ {107, "geteuid"},
+ {108, "getegid"},
+ {109, "setpgid"},
+ {110, "getppid"},
+ {111, "getpgrp"},
+ {112, "setsid"},
+ {113, "setreuid"},
+ {114, "setregid"},
+ {115, "getgroups"},
+ {116, "setgroups"},
+ {117, "setresuid"},
+ {118, "getresuid"},
+ {119, "setresgid"},
+ {120, "getresgid"},
+ {121, "getpgid"},
+ {122, "setfsuid"},
+ {123, "setfsgid"},
+ {124, "getsid"},
+ {125, "capget"},
+ {126, "capset"},
+ {127, "rt_sigpending"},
+ {128, "rt_sigtimedwait"},
+ {129, "rt_sigqueueinfo"},
+ {130, "rt_sigsuspend"},
+ {131, "sigaltstack"},
+ {132, "utime"},
+ {133, "mknod"},
+ {134, "uselib"},
+ {135, "personality"},
+ {136, "ustat"},
+ {137, "statfs"},
+ {138, "fstatfs"},
+ {139, "sysfs"},
+ {140, "getpriority"},
+ {141, "setpriority"},
+ {142, "sched_setparam"},
+ {143, "sched_getparam"},
+ {144, "sched_setscheduler"},
+ {145, "sched_getscheduler"},
+ {146, "sched_get_priority_max"},
+ {147, "sched_get_priority_min"},
+ {148, "sched_rr_get_interval"},
+ {149, "mlock"},
+ {150, "munlock"},
+ {151, "mlockall"},
+ {152, "munlockall"},
+ {153, "vhangup"},
+ {154, "modify_ldt"},
+ {155, "pivot_root"},
+ {156, "_sysctl"},
+ {157, "prctl"},
+ {158, "arch_prctl"},
+ {159, "adjtimex"},
+ {160, "setrlimit"},
+ {161, "chroot"},
+ {162, "sync"},
+ {163, "acct"},
+ {164, "settimeofday"},
+ {165, "mount"},
+ {166, "umount2"},
+ {167, "swapon"},
+ {168, "swapoff"},
+ {169, "reboot"},
+ {170, "sethostname"},
+ {171, "setdomainname"},
+ {172, "iopl"},
+ {173, "ioperm"},
+ {174, "create_module"},
+ {175, "init_module"},
+ {176, "delete_module"},
+ {177, "get_kernel_syms"},
+ {178, "query_module"},
+ {179, "quotactl"},
+ {180, "nfsservctl"},
+ {181, "getpmsg"},
+ {182, "putpmsg"},
+ {183, "afs_syscall"},
+ {184, "tuxcall"},
+ {185, "security"},
+ {186, "gettid"},
+ {187, "readahead"},
+ {188, "setxattr"},
+ {189, "lsetxattr"},
+ {190, "fsetxattr"},
+ {191, "getxattr"},
+ {192, "lgetxattr"},
+ {193, "fgetxattr"},
+ {194, "listxattr"},
+ {195, "llistxattr"},
+ {196, "flistxattr"},
+ {197, "removexattr"},
+ {198, "lremovexattr"},
+ {199, "fremovexattr"},
+ {200, "tkill"},
+ {201, "time"},
+ {202, "futex"},
+ {203, "sched_setaffinity"},
+ {204, "sched_getaffinity"},
+ {205, "set_thread_area"},
+ {206, "io_setup"},
+ {207, "io_destroy"},
+ {208, "io_getevents"},
+ {209, "io_submit"},
+ {210, "io_cancel"},
+ {211, "get_thread_area"},
+ {212, "lookup_dcookie"},
+ {213, "epoll_create"},
+ {214, "epoll_ctl_old"},
+ {215, "epoll_wait_old"},
+ {216, "remap_file_pages"},
+ {217, "getdents64"},
+ {218, "set_tid_address"},
+ {219, "restart_syscall"},
+ {220, "semtimedop"},
+ {221, "fadvise64"},
+ {222, "timer_create"},
+ {223, "timer_settime"},
+ {224, "timer_gettime"},
+ {225, "timer_getoverrun"},
+ {226, "timer_delete"},
+ {227, "clock_settime"},
+ {228, "clock_gettime"},
+ {229, "clock_getres"},
+ {230, "clock_nanosleep"},
+ {231, "exit_group"},
+ {232, "epoll_wait"},
+ {233, "epoll_ctl"},
+ {234, "tgkill"},
+ {235, "utimes"},
+ {236, "vserver"},
+ {237, "mbind"},
+ {238, "set_mempolicy"},
+ {239, "get_mempolicy"},
+ {240, "mq_open"},
+ {241, "mq_unlink"},
+ {242, "mq_timedsend"},
+ {243, "mq_timedreceive"},
+ {244, "mq_notify"},
+ {245, "mq_getsetattr"},
+ {246, "kexec_load"},
+ {247, "waitid"},
+ {248, "add_key"},
+ {249, "request_key"},
+ {250, "keyctl"},
+ {251, "ioprio_set"},
+ {252, "ioprio_get"},
+ {253, "inotify_init"},
+ {254, "inotify_add_watch"},
+ {255, "inotify_rm_watch"},
+ {256, "migrate_pages"},
+ {257, "openat"},
+ {258, "mkdirat"},
+ {259, "mknodat"},
+ {260, "fchownat"},
+ {261, "futimesat"},
+ {262, "newfstatat"},
+ {263, "unlinkat"},
+ {264, "renameat"},
+ {265, "linkat"},
+ {266, "symlinkat"},
+ {267, "readlinkat"},
+ {268, "fchmodat"},
+ {269, "faccessat"},
+ {270, "pselect6"},
+ {271, "ppoll"},
+ {272, "unshare"},
+ {273, "set_robust_list"},
+ {274, "get_robust_list"},
+ {275, "splice"},
+ {276, "tee"},
+ {277, "sync_file_range"},
+ {278, "vmsplice"},
+ {279, "move_pages"},
+ {280, "utimensat"},
+ {281, "epoll_pwait"},
+ {282, "signalfd"},
+ {283, "timerfd_create"},
+ {284, "eventfd"},
+ {285, "fallocate"},
+ {286, "timerfd_settime"},
+ {287, "timerfd_gettime"},
+ {288, "accept4"},
+ {289, "signalfd4"},
+ {290, "eventfd2"},
+ {291, "epoll_create1"},
+ {292, "dup3"},
+ {293, "pipe2"},
+ {294, "inotify_init1"},
+ {295, "preadv"},
+ {296, "pwritev"},
+ {297, "rt_tgsigqueueinfo"},
+ {298, "perf_event_open"},
+ {299, "recvmmsg"},
+ {300, "fanotify_init"},
+ {301, "fanotify_mark"},
+ {302, "prlimit64"},
+ {303, "name_to_handle_at"},
+ {304, "open_by_handle_at"},
+ {305, "clock_adjtime"},
+ {306, "syncfs"},
+ {307, "sendmmsg"},
+ {308, "setns"},
+ {309, "getcpu"},
+ {310, "process_vm_readv"},
+ {311, "process_vm_writev"},
+ {312, "kcmp"},
+ {313, "finit_module"},
+ }
+ },
+};
+
+} // namespace agent
*/
#include <jsoncpp/json/writer.h>
#include "syscallstatehandler.h"
-#include "audit/audit_utils.h"
+#include "syscall.h"
namespace
{
void SyscallStateHandler::accept(communication::Event& event)
{
- auto syscallList = audit::AuditUtils::syscallTable();
+ auto syscallList = Syscall::syscallTable();
Json::Value root;
root["type"] = SYSCALL_STATE_KEY;
* @author Mail to: <A HREF="mailto:d.lomtev@samsung.com">Dmytro Lomtev, d.lomtev@samsung.com</A>
*/
-#include "sysinfo.h"
#include <system/system_info.h>
+#include "sysinfo.h"
+
namespace
{
*/
bool getStringSystemProperty(system_info_key_e prop, std::string& property)
{
- char* val;
+ char* val = NULL;
if (0 == system_info_get_value_string(prop, &val)) {
property.assign(val);
*/
bool getStringPlatformProperty(const char* prop, std::string& property)
{
- char* val;
+ char* val = NULL;
if (0 == system_info_get_platform_string(prop, &val)) {
property.assign(val);
namespace agent
{
-std::string current_path(void)
-{
- char buff[PATH_MAX];
- ssize_t cnt = readlink("/proc/self/exe", buff, PATH_MAX);
-
- if (cnt <= 0) {
- return std::string();
- }
-
- std::string path(buff, cnt);
- std::string::size_type pos = path.find_last_of("\\/");
-
- return pos == std::string::npos ? path : path.substr(0, pos);
-}
-
uid_t getUidByName(const std::string& name)
{
#if !defined(UNIT_TESTS)
{
/**
- * @brief Returns current path
- * @return path on success, empty string on error
- */
-std::string current_path(void);
-
-/**
* @brief Get user id by name
* @param name user name
* @return user id or throws upon error
-Name: sam
+Name: sam-agent
Version: 1.0.0
Release: 9
-Summary: TODO
-
-License: Apache
+Summary: Suspicious Activity Monitor device agent
+License: Apache-2.0
Source0: %{name}-%{version}.tar.gz
-
+Group: Security/Other
+Requires: device-policy-manager
+Requires: libaudit-trail
+Requires: libcurl
+BuildRequires: gcc
BuildRequires: cmake
BuildRequires: pkgconfig(capi-system-info)
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(boost)
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(jsoncpp)
-BuildRequires: pkgconfig(audit)
BuildRequires: pkgconfig(audit-trail)
BuildRequires: pkgconfig(libtzplatform-config)
BuildRequires: pkgconfig(gmock)
%define _conf_dir /etc/%{_project_name}
%define _conf_file %{_project_name}.conf
%define _data_dir /opt/data/%{_project_name}
+%define _device_cert %{_data_dir}/dev1.crt
+%define _device_key %{_data_dir}/dev1.key
+%define _device_key_pass
+%define _vconf_key db/audit/enable
%description
-Suspicious Activity Monitor
+Suspicious Activity Monitor device agent
%prep
%setup -q
-DCMAKE_BUILD_TYPE=%{build_type} \
-DDAEMON_NAME=%{_app_name} \
-DDATA_DIR=%{_data_dir} \
+ -DDEVICE_CERT=%{_device_cert} \
+ -DDEVICE_KEY=%{_device_key} \
+ -DDEVICE_KEY_PASS=%{_device_key_pass} \
+ -DVCONF_KEY=%{_vconf_key} \
#eol
%install
%clean
%if %{build_type} == "CCOV"
cd build-gbs/
- make runtests && make coverage
+ make runtests
%endif
rm -rf %{buildroot}
-##############################################
-# Suspicious Activity Monitor
-##############################################
-
-%package agent
-Summary: Suspicious Activity Monitor
-Provides: sam-agent
-Requires: dpm
-Requires: libaudit
-Requires: libaudit-trail
-%description agent
-Suspicious Activity Monitor daemon
-
-
-%post agent
-vconftool set -f -t bool db/sam/enable 1
+%post
+vconftool set -f -t bool %{_vconf_key} 1
mkdir -p %{_data_dir}
ln -sf %{_service_dir}/%{_project_name}.service %{_service_symlink_dir}/%{_project_name}.service
systemctl daemon-reload
systemctl restart device-policy-manager
systemctl restart %{_project_name}
-%postun agent
+%postun
systemctl stop %{_project_name}
rm -r %{_data_dir}
-%files agent
+%files
%manifest %{_manifestdir}/%{_app_name}.manifest
%attr(0755,root,root) %{_app_dir}/%{_app_name}
%attr(0664,root,root) %{_service_dir}/%{_project_name}.service
%package test
Summary: Unit tests
+Group: Security/Development
%description test
Google tests
add_definitions(-D__MOCK_THIRDPARTY__ -DUNIT_TESTS)
-file(GLOB SRCS *.cpp ../daemon/*.cpp ../daemon/dpm/*.cpp mock/*.cpp ../daemon/audit/*.cpp)
+file(GLOB SRCS *.cpp ../daemon/*.cpp ../daemon/dpm/*.cpp ../daemon/audit/*.cpp mock/*.cpp)
file(GLOB DAEMON_MAIN ../daemon/main.cpp)
file(GLOB DAEMON_MAIN_THREAD ../daemon/main_thread.cpp)
add_executable (${PROJECT_NAME} ${SRCS})
-pkg_check_modules(UTEST_DEPS REQUIRED boost libcurl dpm dlog audit audit-trail capi-system-info systemd)
+pkg_check_modules(UTEST_DEPS REQUIRED boost libcurl dpm dlog audit-trail capi-system-info systemd)
add_dependencies(${PROJECT_NAME} communication)
jsoncpp
boost_system
dlog
- curl
- capi-system-info)
+ curl)
install(TARGETS ${PROJECT_NAME} DESTINATION ${BIN_DIR})
install(FILES tests.manifest DESTINATION ${MANIFESTDIR})
MOCK_METHOD2(auth, std::string(const communication::SessionInfo& info, const std::string& secret));
MOCK_METHOD2(doGet, std::string(const communication::SessionInfo& info, const std::string& uri));
MOCK_METHOD3(doPost, void(const communication::SessionInfo& info, const std::string& uri, const std::string& data));
+ MOCK_METHOD3(doPost, void(const communication::SessionInfo& info, const std::string& uri, const Json::Value& data));
MOCK_METHOD2(sendData, void(const communication::SessionInfo& info, const std::string& report));
MOCK_METHOD2(sendData, void(const communication::SessionInfo& info, const Json::Value& report));
};
--- /dev/null
+/**
+ * Samsung Ukraine R&D Center (SRK under a contract between)
+ * LLC "Samsung Electronics Co", Ltd (Seoul, Republic of Korea)
+ * Copyright (C) 2018 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#ifndef SYSMOCK_H
+#define SYSMOCK_H
+
+#include <gmock/gmock.h>
+
+#include "sys_stub.h"
+
+class SysMock : public SysI
+{
+public:
+ SysMock() : SysI()
+ {
+ }
+
+ MOCK_METHOD1(uname, int(struct utsname*));
+
+ MOCK_METHOD2(system_info_get_platform_string, int(const char*, char**));
+ MOCK_METHOD2(system_info_get_value_string, int(system_info_key_e, char**));
+};
+
+#endif // SYSMOCK_H
--- /dev/null
+/**
+ * Samsung Ukraine R&D Center (SRK under a contract between)
+ * LLC "Samsung Electronics Co", Ltd (Seoul, Republic of Korea)
+ * Copyright (C) 2018 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <stdexcept>
+#include <cassert>
+
+#include "sys_stub.h"
+
+namespace
+{
+static SysI* impl = nullptr;
+}
+
+SysI* SysI::instance()
+{
+ if (impl == nullptr) {
+ throw std::runtime_error("Instance of SysI stub not created.");
+ }
+ return impl;
+}
+
+SysI::SysI()
+{
+ if (impl != nullptr) {
+ throw std::runtime_error("Only one instance of LibAuditI stub implementation is allowed at a time.");
+ }
+ impl = this;
+}
+SysI::~SysI()
+{
+ impl = nullptr;
+}
+
+int __attribute__ ((visibility ("protected"))) uname(struct utsname* buf)
+{
+ return SysI::instance()->uname(buf);
+}
+
+int system_info_get_platform_string(const char* key, char** value)
+{
+ return SysI::instance()->system_info_get_platform_string(key, value);
+}
+int system_info_get_value_string(system_info_key_e key, char** value)
+{
+ return SysI::instance()->system_info_get_value_string(key, value);
+}
--- /dev/null
+/**
+ * Samsung Ukraine R&D Center (SRK under a contract between)
+ * LLC "Samsung Electronics Co", Ltd (Seoul, Republic of Korea)
+ * Copyright (C) 2018 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#ifndef SYSSTUB_H
+#define SYSSTUB_H
+
+#include <sys/utsname.h>
+#include <system/system_info.h>
+
+class SysI
+{
+public:
+ static SysI* instance();
+
+ SysI(const SysI&) = delete;
+ SysI(const SysI&&) = delete;
+ SysI& operator=(const SysI&) = delete;
+ SysI& operator=(SysI&&) = delete;
+
+ virtual int uname(struct utsname* buf) = 0;
+
+ virtual int system_info_get_platform_string(const char* key, char** value) = 0;
+ virtual int system_info_get_value_string(system_info_key_e key, char** value) = 0;
+
+protected:
+ SysI();
+ virtual ~SysI();
+};
+
+#endif // SYSSTUB_H
* See the License for the specific language governing permissions and
* limitations under the License
*/
-#include <iostream>
#include <string>
#include <gtest/gtest.h>
#include <gmock/gmock.h>
+++ /dev/null
-#include <gmock/gmock.h>
-#include <libaudit.h>
-#include "audit/audit_utils.h"
-
-using ::testing::_;
-using ::testing::Eq;
-using ::testing::Return;
-class LibAuditI;
-
-namespace
-{
-static LibAuditI* impl = nullptr;
-}
-
-class LibAuditI
-{
-public:
- static LibAuditI* instance()
- {
- if (impl == nullptr) {
- throw std::runtime_error("Instance of LibAuditI stub not created.");
- }
- return impl;
- }
-
- LibAuditI(const LibAuditI&) = delete;
- LibAuditI(const LibAuditI&&) = delete;
- LibAuditI& operator=(const LibAuditI&) = delete;
- LibAuditI& operator=(LibAuditI&&) = delete;
-
- virtual const char* audit_machine_to_name(int machine) = 0;
- virtual int audit_detect_machine(void) = 0;
- virtual const char* audit_syscall_to_name(int sc, int machine) = 0;
-protected:
- LibAuditI()
- {
- if (impl != nullptr) {
- throw std::runtime_error("Only one instance of LibAuditI stub implementation is allowed at a time.");
- }
- impl = this;
- }
-
- virtual ~LibAuditI()
- {
- impl = nullptr;
- }
-};
-
-const char *audit_machine_to_name(int machine)
-{
- return LibAuditI::instance()->audit_machine_to_name(machine);
-}
-
-int audit_detect_machine(void)
-{
- return LibAuditI::instance()->audit_detect_machine();
-}
-
-const char* audit_syscall_to_name(int sc, int machine)
-{
- return LibAuditI::instance()->audit_syscall_to_name(sc, machine);
-}
-
-class LibAuditMock : public LibAuditI
-{
-public:
- LibAuditMock() : LibAuditI()
- {
- }
-
- MOCK_METHOD1(audit_machine_to_name, const char*(int machine));
- MOCK_METHOD0(audit_detect_machine, int(void));
- MOCK_METHOD2(audit_syscall_to_name, const char*(int sc, int machine));
-};
-
-namespace
-{
-const int TEST_PLATFORM = 123;
-const char* TEST_MACHINE_NAME = "test-machine";
-const char* TEST_SYS_CALL_OPEN = "open";
-const char* TEST_SYS_CALL_READ = "read";
-const char* TEST_SYS_CALL_WRITE = "write";
-}
-
-TEST(TestAuditUtils, test_platformType)
-{
- LibAuditMock audit;
-
- EXPECT_CALL(audit, audit_detect_machine())
- .WillOnce(Return(-1))
- .WillOnce(Return(TEST_PLATFORM));
- EXPECT_CALL(audit, audit_machine_to_name(Eq(TEST_PLATFORM)))
- .WillOnce(Return(TEST_MACHINE_NAME));
-
- EXPECT_EQ(nullptr, audit::AuditUtils::platformType());
- EXPECT_EQ(TEST_MACHINE_NAME, audit::AuditUtils::platformType());
-}
-
-TEST(TestAuditUtils, test_syscallTable)
-{
- LibAuditMock audit;
-
- EXPECT_CALL(audit, audit_detect_machine())
- .WillOnce(Return(-1))
- .WillOnce(Return(TEST_PLATFORM));
- EXPECT_CALL(audit, audit_syscall_to_name(_, Eq(TEST_PLATFORM)))
- .WillOnce(Return(TEST_SYS_CALL_OPEN))
- .WillOnce(Return(TEST_SYS_CALL_READ))
- .WillOnce(Return(TEST_SYS_CALL_WRITE))
- .WillRepeatedly(Return(nullptr));
-
- EXPECT_TRUE(audit::AuditUtils::syscallTable().empty());
- EXPECT_EQ(3, audit::AuditUtils::syscallTable().size());
-}
.WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
EXPECT_CALL(rest, sendData(_, A<const Json::Value&>()))
.WillOnce(DoAll(SaveArg<1>(&response), Return()));
- EXPECT_CALL(rest, doPost(_, Eq(TEST_EVENT_CURI), _));
+ EXPECT_CALL(rest, doPost(_, Eq(TEST_EVENT_CURI), A<const std::string&>()));
ASSERT_NO_THROW(handler.accept(event));
EXPECT_TRUE(response.isMember("data"));
EXPECT_EQ(TEST_EVENT_TYPE, response["type"].asString());
#include <gmock/gmock.h>
+#include <jsoncpp/json/reader.h>
#include "auditupdaterulehandler.h"
#include "restservicemock.h"
#include "audit_trail_mock.h"
#include "settings.h"
using ::testing::_;
+using ::testing::A;
+using ::testing::DoAll;
+using ::testing::SaveArg;
using ::testing::Eq;
+using ::testing::TypedEq;
using ::testing::Return;
namespace
const std::string TEST_EVENT_URI{"test-uri"};
const std::string TEST_EVENT_CURI{"test-curi"};
const std::string TEST_UPDATE_CONTENT{R"#({"type":"rule", "data":[]})#"};
+const std::string TEST_RESP_CONTENT{R"#({"type":"status-rule","data":{"rules":[],"result":[]}})#"};
+const std::string TEST_RESP_EMPTY_CONTENT{R"#({"type":"status-rule","data":{"rules":[],"result":[]}})#"};
const std::string TEST_OK_RESULT{"OK"};
const std::string TEST_ERROR_RESULT{"ERROR"};
const std::string TEST_MALFORMED_CONTENT{"!@#$%^&*()_"};
event_msg["type"] = TEST_EVENT_TYPE;
event_msg["uri"] = TEST_EVENT_URI;
event_msg["curi"] = TEST_EVENT_CURI;
+ Json::Reader reader;
+ Json::Value response;
+ reader.parse(TEST_RESP_CONTENT, response);
communication::Connection conn(TEST_DUID, TEST_KEEPALIVE, &rest, [](){return true;});
agent::AuditUpdateRuleHandler handler(conn);
communication::Event event(event_msg, conn);
.WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
EXPECT_CALL(rest, doGet(_, Eq(TEST_EVENT_URI)))
.WillOnce(Return(TEST_UPDATE_CONTENT));
- EXPECT_CALL(rest, doPost(_, Eq(TEST_EVENT_CURI), Eq(TEST_OK_RESULT)))
+ EXPECT_CALL(rest, doPost(_, Eq(TEST_EVENT_CURI), TypedEq<const Json::Value&>(response)))
.Times(1);
+
ASSERT_NO_THROW(handler.accept(event));
}
TEST(TestAuditUpdateRuleHandler, test_exception_in_accept)
{
RestServiceMock rest;
- Json::Value event_msg;
+ Json::Value event_msg, result;
+ AuditTrailMock audit;
event_msg["type"] = TEST_EVENT_TYPE;
event_msg["uri"] = TEST_EVENT_URI;
event_msg["curi"] = TEST_EVENT_CURI;
agent::AuditUpdateRuleHandler handler(conn);
communication::Event event(event_msg, conn);
+ EXPECT_CALL(audit, audit_trail_create(_))
+ .WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit, audit_trail_foreach_rule(_, _))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
EXPECT_CALL(rest, doGet(_, Eq(TEST_EVENT_URI)))
.WillOnce(Return(TEST_MALFORMED_CONTENT));
- EXPECT_CALL(rest, doPost(_, Eq(TEST_EVENT_CURI), Eq(TEST_ERROR_RESULT)));
+ EXPECT_CALL(rest, doPost(_, Eq(TEST_EVENT_CURI), A<const Json::Value&>()))
+ .WillOnce(SaveArg<2>(&result));
+
ASSERT_NO_THROW(handler.accept(event));
}
{
RestServiceMock rest;
Json::Value event_msg;
+ AuditTrailMock audit;
event_msg["type"] = TEST_EVENT_TYPE;
event_msg["uri"] = TEST_EVENT_URI;
event_msg["curi"] = TEST_EVENT_CURI;
+ Json::Reader reader;
+ Json::Value response;
+ reader.parse(TEST_RESP_EMPTY_CONTENT, response);
communication::Connection conn(TEST_DUID, TEST_KEEPALIVE, &rest, [](){return true;});
agent::AuditUpdateRuleHandler handler(conn);
communication::Event event(event_msg, conn);
+ EXPECT_CALL(audit, audit_trail_create(_))
+ .WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit, audit_trail_foreach_rule(_, _))
+ .WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
EXPECT_CALL(rest, doGet(_, Eq(TEST_EVENT_URI)))
.WillOnce(Return(TEST_EMPTY_CONTENT));
- EXPECT_CALL(rest, doPost(_, Eq(TEST_EVENT_CURI), Eq(TEST_OK_RESULT)));
+ EXPECT_CALL(rest, doPost(_, Eq(TEST_EVENT_CURI), TypedEq<const Json::Value&>(response)))
+ .Times(1);
+
ASSERT_NO_THROW(handler.accept(event));
}
* See the License for the specific language governing permissions and
* limitations under the License
*/
-#include <iostream>
#include <gmock/gmock.h>
#include <gtest/gtest.h>
#include <functional>
#include "eventlistener.h"
#include "restservicemock.h"
#include <jsoncpp/json/reader.h>
+#include <jsoncpp/json/writer.h>
using namespace communication;
using ::testing::_;
])-"};
const std::string TEST_POLICY_URI{"policy-uri"};
const std::string TEST_ACTION_URI{"action-uri"};
-
}
class EventListenerMock: public EventListener
RestServiceMock rest;
Connection conn("", TEST_KEEP_ALIVE, &rest, [](){return true;});
Json::Reader reader;
+ Json::FastWriter writer;
ReportComposer rc;
Json::Value data1, data2;
ASSERT_TRUE(reader.parse(TEST_EVENT_DATA1, data1));
rc.addEvent(std::make_pair(TEST_EVENT_TYPE, data2));
SessionInfo checkSessState{"", ""};
+ EXPECT_EQ(rc.str(), writer.write(rc.get()));
+
EXPECT_CALL(rest, registerDevice(Eq(checkSessState), Eq(data1)))
.WillOnce(Throw(std::runtime_error("")))
.WillOnce(Return(TEST_DEVICE_ID));
using namespace communication;
using ::testing::_;
+using ::testing::TypedEq;
using ::testing::Eq;
using ::testing::Return;
RestServiceMock rest;
Connection conn(TEST_DEVICE_ID, TEST_KEEPALIVE_TIMEOUT, &rest, [](){return true;});
- EXPECT_CALL(rest, doPost(_, Eq(TEST_EVENT_CURI), Eq(TEST_EVENT_CONFIRM_DATA))).Times(1);
+ Json::Value confirmResponse, response;
+ confirmResponse["test"] = 1;
+ response["test"] = 1;
+
+ EXPECT_CALL(rest, doPost(_, Eq(TEST_EVENT_CURI), TypedEq<const std::string&>(TEST_EVENT_CONFIRM_DATA))).Times(1);
+ EXPECT_CALL(rest, doPost(_, Eq(TEST_EVENT_CURI), TypedEq<const Json::Value&>(confirmResponse))).Times(1);
Json::Reader reader;
Json::Value val;
ev.confirm(TEST_EVENT_CONFIRM_DATA);
ev.confirm();
+ Event evjson(val, conn);
+ evjson.confirm(response);
+ evjson.confirm(response);
+
ASSERT_TRUE(reader.parse(TEST_EVENT_JSON_INVALID_3, val));
Event ev_invalid(val, conn);
ev_invalid.confirm();
using ::testing::DoAll;
using ::testing::Invoke;
using ::testing::WithArgs;
+using ::testing::TypedEq;
namespace
{
EXPECT_CALL(dpm, dpm_manager_destroy()).Times(1);
EXPECT_CALL(rest, doGet(_, Eq(TEST_POLICY_URI)))
.WillOnce(Return(TEST_POLICY));
- EXPECT_CALL(rest, doPost(_, Eq(TEST_POLICY_CURI), Eq(std::string{})))
+ EXPECT_CALL(rest, doPost(_, Eq(TEST_POLICY_CURI), TypedEq<const std::string&>(std::string{})))
.Times(1);
settings.setLock(false);
using ::testing::DoAll;
using ::testing::SetArgPointee;
using ::testing::SaveArg;
+using ::testing::TypedEq;
namespace
{
EXPECT_CALL(rest, sendData(_, A<const Json::Value&>()))
.WillOnce(DoAll(SaveArg<1>(&result), Return()))
.WillOnce(DoAll(SaveArg<1>(&result_error), Return()));
- EXPECT_CALL(rest, doPost(_, Eq(TEST_POLICY_CURI), Eq(std::string{})))
+ EXPECT_CALL(rest, doPost(_, Eq(TEST_POLICY_CURI), TypedEq<const std::string&>(std::string{})))
.Times(4);
// test normal
--- /dev/null
+/**
+ * Samsung Ukraine R&D Center (SRK under a contract between)
+ * LLC "Samsung Electronics Co", Ltd (Seoul, Republic of Korea)
+ * Copyright (C) 2018 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <gmock/gmock.h>
+#include <thread>
+#include <chrono>
+#include <jsoncpp/json/reader.h>
+#include <jsoncpp/json/value.h>
+
+#include "connection.h"
+#include "restservicemock.h"
+#include "reportadapter.h"
+#include "settings.h"
+
+using ::testing::_;
+using ::testing::A;
+using ::testing::Eq;
+using ::testing::Return;
+
+namespace
+{
+const std::chrono::milliseconds TEST_TIMEOUT_INTERVAL{1};
+const std::string TEST_REPORT_DATA{"{\"value\": 1}"};
+}
+
+TEST(TestReportAdapter, test_sendReport)
+{
+ try {
+ auto& settings = agent::Settings::instance();
+
+ RestServiceMock rest;
+ communication::Connection conn("", TEST_TIMEOUT_INTERVAL, &rest, [](){return true;});
+ agent::ReportAdapter adapter(conn);
+
+ Json::Reader reader;
+ Json::Value value;
+ ASSERT_TRUE(reader.parse(TEST_REPORT_DATA, value));
+
+ EXPECT_CALL(rest, sendData(_, A<const Json::Value&>())).Times(1);
+ EXPECT_CALL(rest, getUpdates(_)).WillRepeatedly(Return(""));
+
+ std::thread t(&communication::Connection::loop, &conn);
+
+ settings.setLock(false);
+ adapter.sendReport(std::string{"syscall"}, value);
+ settings.setLock(true);
+ adapter.sendReport(std::string{"syscall"}, value);
+
+ std::this_thread::sleep_for(std::chrono::milliseconds(50));
+
+ conn.stop();
+
+ t.join();
+ } catch (std::exception& e) {
+ FAIL() << e.what();
+ }
+}
* See the License for the specific language governing permissions and
* limitations under the License
*/
-#include <iostream>
#include <gtest/gtest.h>
#include "rest_request.h"
#include "restservice.h"
#include "rule.h"
#include "rule_manager.h"
+
+
+#include <iostream>
+
+
+
+
using namespace std;
using namespace audit;
namespace
{
-const std::string TEST_JSON_RULE_1{ R"-({"key":"test","syscall":[1,3,5],"condition":[{"field":"uid","operator":"equal","value":"501"},{"field":"watch","operator":"equal","value":"/tmp/qwe.txt"},{"field":"perm","operator":"equal","value":"7"}]})-"};
-const std::string TEST_JSON_RULE_2{ R"-({"key":"test","syscall":[1,2,3,4,5],"condition":[{"field":"uid","operator":"equal","value":"501"},{"field":"watch","operator":"equal","value":"/tmp/qwe.txt"},{"field":"perm","operator":"equal","value":"7"},{"field":"watch","operator":"equal","value":"/tmp/asd.txt"},{"field":"perm","operator":"equal","value":"7"}]})-"};
-const std::string TEST_JSON_RULE_3{ R"-({"type":"rule","data":[{"key":"test","syscall":[1,3,5],"condition":[{"field":"uid","operator":"equal","value":"501"},{"field":"watch","operator":"equal","value":"/tmp/qwe.txt"},{"field":"perm","operator":"equal","value":"7"}]}]})-"};
+const std::string TEST_JSON_RULE_1{ R"-({"key":"test","syscall":[1,3,5],"condition":[{"field":"uid","operator":"equal","value":"501"},{"field":"watch","operator":"equal","value":"/tmp/asd.txt"},{"field":"perm","operator":"equal","value":"7"}]})-"};
+const std::string TEST_JSON_RULE_2{ R"-({"key":"test","syscall":[1,2,3,4,5],"condition":[{"field":"uid","operator":"equal","value":"501"},{"field":"watch","operator":"equal","value":"/tmp/qwe.txt"},{"field":"perm","operator":"equal","value":"15"},{"field":"watch","operator":"equal","value":"/tmp/asd.txt"},{"field":"perm","operator":"equal","value":"7"}]})-"};
+const std::string TEST_JSON_RULE_3{ R"-({"type":"update-rule","data":[{"new":{"key":"test","syscall":[1,3,5],"condition":[{"field":"uid","operator":"equal","value":"501"},{"field":"watch","operator":"equal","value":"/tmp/qwe.txt"},{"field":"perm","operator":"equal","value":"7"}]}}]})-"};
const std::string TEST_RULE_KEY{"test-key"};
}
Rule rule_1(value_1);
rule_1.addSyscall(2);
rule_1.addSyscall(4);
- rule_1.addCondition("watch", "equal", "/tmp/asd.txt");
- rule_1.addCondition("perm", "equal", 7);
- ASSERT_TRUE(rule_1.data().asJson() == value_2);
+ rule_1.addCondition("watch", "equal", "/tmp/qwe.txt");
+ rule_1.addCondition("perm", "equal", 15);
Rule rule_2(value_2);
- ASSERT_TRUE(rule_1.data().asJson() == rule_2.data().asJson());
+ ASSERT_TRUE(rule_1.data() == rule_2.data());
}
TEST_F(TestRule, test_remove_from_rule)
Rule rule_2(value_2);
rule_2.removeSyscall(2);
rule_2.removeSyscall(4);
- rule_2.removeCondition("watch", "equal", "/tmp/asd.txt");
- rule_2.removeCondition("perm", "equal", 7);
- ASSERT_TRUE(rule_2.data().asJson() == value_1);
+ rule_2.removeCondition("watch", "equal", "/tmp/qwe.txt");
+ rule_2.removeCondition("perm", "equal", 15);
Rule rule_1(value_1);
- ASSERT_TRUE(rule_1.data().asJson() == rule_2.data().asJson());
+ ASSERT_TRUE(rule_1.data() == rule_2.data());
+}
+
+TEST_F(TestRule, test_foreach_rule_failed)
+{
+ AuditTrailMock audit_trail;
+
+ EXPECT_CALL(audit_trail, audit_trail_create(_)).Times(AnyNumber()).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_trail, audit_trail_foreach_rule(_, _)).WillOnce(Return(AUDIT_TRAIL_ERROR_INVALID_PARAMETER));
+ EXPECT_CALL(audit_trail, audit_trail_destroy()).Times(AnyNumber()).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+
+ RuleManager::GetInstance().getRulesAsJson();
+}
+
+TEST_F(TestRule, test_foreach_systemcall_failed)
+{
+ AuditTrailMock audit_trail;
+ AuditRuleMock audit_rule;
+
+ auto ruleCbInvoker = [&audit_rule](void (*cb)(audit_rule_h handle, void* user_data), void* data)
+ {
+ cb(&audit_rule, data);
+ };
+
+ EXPECT_CALL(audit_trail, audit_trail_create(_)).Times(AnyNumber()).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_trail, audit_trail_foreach_rule(_, _))
+ .WillOnce(DoAll(
+ Invoke(ruleCbInvoker),
+ Return(AUDIT_TRAIL_ERROR_NONE)));
+ EXPECT_CALL(audit_rule, audit_rule_foreach_systemcall(_, _)).WillOnce(Return(AUDIT_TRAIL_ERROR_INVALID_PARAMETER));
+ EXPECT_CALL(audit_trail, audit_trail_destroy()).Times(AnyNumber()).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+
+ RuleManager::GetInstance().getRulesAsJson();
+}
+
+TEST_F(TestRule, test_foreach_condition_failed)
+{
+ AuditTrailMock audit_trail;
+ AuditRuleMock audit_rule;
+
+ auto ruleCbInvoker = [&audit_rule](void (*cb)(audit_rule_h handle, void* user_data), void* data)
+ {
+ cb(&audit_rule, data);
+ };
+
+ EXPECT_CALL(audit_trail, audit_trail_create(_)).Times(AnyNumber()).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_trail, audit_trail_foreach_rule(_, _))
+ .WillOnce(DoAll(
+ Invoke(ruleCbInvoker),
+ Return(AUDIT_TRAIL_ERROR_NONE)));
+ EXPECT_CALL(audit_rule, audit_rule_foreach_systemcall(_, _)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_rule, audit_rule_foreach_condition(_, _)).WillOnce(Return(AUDIT_TRAIL_ERROR_INVALID_PARAMETER));
+ EXPECT_CALL(audit_trail, audit_trail_destroy()).Times(AnyNumber()).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+
+ RuleManager::GetInstance().getRulesAsJson();
}
TEST_F(TestRule, test_get_rules)
{
AuditTrailMock audit_trail;
AuditRuleMock audit_rule;
+ const int TEST_SYSCALL_N = 123;
+
+ auto ruleCbInvoker = [&audit_rule](void (*cb)(audit_rule_h handle, void* user_data), void* data)
+ {
+ cb(&audit_rule, data);
+ };
+ auto syscallCbInvoker = [&TEST_SYSCALL_N](void (*cb)(unsigned int syscall, void* user_data), void* data)
+ {
+ cb(TEST_SYSCALL_N, data);
+ };
+ auto conditionCbInvoker = [](void (*cb)(unsigned int field, unsigned int operation, const void* value, void* user_data), void* data)
+ {
+ cb(AUDIT_FILTERKEY, AUDIT_EQUAL, reinterpret_cast<const void*>(TEST_RULE_KEY.c_str()), data);
+ };
+
+ EXPECT_CALL(audit_trail, audit_trail_create(_)).Times(AnyNumber()).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_trail, audit_trail_foreach_rule(_, _))
+ .WillOnce(DoAll(
+ Invoke(ruleCbInvoker),
+ Return(AUDIT_TRAIL_ERROR_NONE)));
+ EXPECT_CALL(audit_rule, audit_rule_foreach_systemcall(_, _))
+ .WillOnce(DoAll(
+ Invoke(syscallCbInvoker),
+ Return(AUDIT_TRAIL_ERROR_NONE)));
+ EXPECT_CALL(audit_rule, audit_rule_foreach_condition(_, _))
+ .WillOnce(DoAll(
+ Invoke(conditionCbInvoker),
+ Return(AUDIT_TRAIL_ERROR_NONE)));
+ EXPECT_CALL(audit_rule, audit_rule_destroy()).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_trail, audit_trail_destroy()).Times(AnyNumber()).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+
+ RuleManager::GetInstance().getRulesAsJson();
+}
+
+TEST_F(TestRule, test_update_rules_invalid_rules)
+{
+ AuditTrailMock audit_trail;
+ Json::Value result;
+
+ EXPECT_CALL(audit_trail, audit_trail_create(_)).Times(AnyNumber()).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_trail, audit_trail_destroy()).Times(AnyNumber()).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+
+ EXPECT_FALSE(RuleManager::GetInstance().updateRules(value_1, result));
+}
+
+TEST_F(TestRule, test_update_rules_add_rule_failed)
+{
+ AuditTrailMock audit_trail;
+ AuditRuleMock audit_rule;
+ Json::Value result;
+
+ auto ruleCbInvoker = [&audit_rule](void (*cb)(audit_rule_h handle, void* user_data), void* data)
+ {
+ cb(&audit_rule, data);
+ };
EXPECT_CALL(audit_trail, audit_trail_create(_)).Times(AnyNumber()).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(audit_trail, audit_trail_foreach_rule(_, _)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(audit_rule, audit_rule_foreach_systemcall(_, _)).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(audit_rule, audit_rule_foreach_condition(_, _)).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_trail, audit_trail_foreach_rule(_, _))
+ .WillOnce(DoAll(
+ Invoke(ruleCbInvoker),
+ Return(AUDIT_TRAIL_ERROR_NONE)));
+ EXPECT_CALL(audit_rule, audit_rule_foreach_systemcall(_, _)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_rule, audit_rule_foreach_condition(_, _)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_rule, audit_rule_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_rule, audit_rule_add_systemcall(_)).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_rule, audit_rule_add_condition(_, _, _)).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_trail, audit_trail_remove_rule(_)).Times(0);
+ EXPECT_CALL(audit_trail, audit_trail_add_rule(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_INVALID_PARAMETER));
EXPECT_CALL(audit_rule, audit_rule_destroy()).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
EXPECT_CALL(audit_trail, audit_trail_destroy()).Times(AnyNumber()).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
- RuleManager::GetInstance().getRulesAsJson();
+ RuleManager::GetInstance().updateRules(value_3, result);
+ EXPECT_FALSE(result.empty());
}
TEST_F(TestRule, test_update_rules)
{
AuditTrailMock audit_trail;
AuditRuleMock audit_rule;
+ Json::Value result;
+
+ auto ruleCbInvoker = [&audit_rule](void (*cb)(audit_rule_h handle, void* user_data), void* data)
+ {
+ cb(&audit_rule, data);
+ };
EXPECT_CALL(audit_trail, audit_trail_create(_)).Times(AnyNumber()).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(audit_trail, audit_trail_foreach_rule(_, _)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(audit_rule, audit_rule_foreach_systemcall(_, _)).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(audit_rule, audit_rule_foreach_condition(_, _)).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(audit_rule, audit_rule_create(_)).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_trail, audit_trail_foreach_rule(_, _))
+ .WillOnce(DoAll(
+ Invoke(ruleCbInvoker),
+ Return(AUDIT_TRAIL_ERROR_NONE)));
+ EXPECT_CALL(audit_rule, audit_rule_foreach_systemcall(_, _)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_rule, audit_rule_foreach_condition(_, _)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_rule, audit_rule_create(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
EXPECT_CALL(audit_rule, audit_rule_add_systemcall(_)).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
EXPECT_CALL(audit_rule, audit_rule_add_condition(_, _, _)).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(audit_trail, audit_trail_add_rule(_)).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
- EXPECT_CALL(audit_trail, audit_trail_remove_rule(_)).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
+ EXPECT_CALL(audit_trail, audit_trail_remove_rule(_)).Times(0);
+ EXPECT_CALL(audit_trail, audit_trail_add_rule(_)).WillOnce(Return(AUDIT_TRAIL_ERROR_NONE));
EXPECT_CALL(audit_rule, audit_rule_destroy()).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
EXPECT_CALL(audit_trail, audit_trail_destroy()).Times(AnyNumber()).WillRepeatedly(Return(AUDIT_TRAIL_ERROR_NONE));
- RuleManager::GetInstance().updateRules(value_3);
+ EXPECT_TRUE(RuleManager::GetInstance().updateRules(value_3, result));
}
-
TEST_F(TestRule, test_construction_failure)
{
AuditRuleMock audit_rule;
EXPECT_ANY_THROW(Rule{value_1});
}
-
TEST_F(TestRule, test_construct_from_string)
{
AuditRuleMock audit_rule;
namespace audit
{
-
extern void syscallCallback(unsigned int syscall, void* user_data);
extern void conditionCallback(unsigned int field, unsigned int operation, const void* value, void* user_data);
-
}
TEST_F(TestRule, test_construct_from_handle)
TEST(TestRuleData, test_malformedJson)
{
Json::Value root;
+
// test empty
EXPECT_ANY_THROW(RuleData{root});
// test no key
conditions.append(cond);
root["condition"] = conditions;
EXPECT_ANY_THROW(RuleData{root});
-
root["condition"][0]["field"] = std::string{"pid"};
EXPECT_ANY_THROW(RuleData{root});
-
root["condition"][0]["operator"] = std::string{"equal"};
EXPECT_ANY_THROW(RuleData{root});
-
root["condition"][0]["value"] = std::string{"1"};
try {
--- /dev/null
+#include <gmock/gmock.h>
+#include "securityoptions.h"
+
+/**
+ * @brief TEST for SecurityOptions::add method
+ * 1. Clear all options.
+ * 2. Check that no options set.
+ * 3. Add 3 options.
+ * 4. Check options list size
+ */
+TEST(TestSecurityOptions, test_add)
+{
+ communication::SecurityOptions& secOpts = communication::SecurityOptions::instance();
+ secOpts.clear();
+ ASSERT_TRUE(secOpts.empty());
+ secOpts.add(CURLOPT_SSL_FALSESTART, 1L);
+ secOpts.add(CURLOPT_SSL_VERIFYPEER, 1L);
+ secOpts.add(CURLOPT_SSL_VERIFYHOST, 2L);
+ ASSERT_EQ(3, secOpts.size());
+}
+
+class SetOptWrapInterface
+{
+public:
+ virtual void call(long opt) const = 0;
+ virtual ~SetOptWrapInterface()
+ {
+ }
+};
+
+class SetOptWrapMock : public SetOptWrapInterface
+{
+public:
+ ~SetOptWrapMock()
+ {
+ }
+
+ MOCK_CONST_METHOD1(call, void(long opt));
+};
+
+/**
+ * @brief TEST SecurityOptions::apply method
+ * 1. Clear all options.
+ * 2. Add mock options.
+ * 3. Call apply.
+ * 4. Check that mock options was called.
+ */
+TEST(TestSecurityOptions, test_apply)
+{
+ communication::SecurityOptions& secOpts = communication::SecurityOptions::instance();
+ const long VAL1 = 123L;
+ const long VAL2 = 456L;
+
+ auto lambda1 = [VAL1](CURL *curl) {
+ reinterpret_cast<SetOptWrapInterface*>(curl)->call(VAL1);
+ };
+ auto lambda2 = [VAL2](CURL *curl) {
+ reinterpret_cast<SetOptWrapInterface*>(curl)->call(VAL2);
+ };
+
+ SetOptWrapMock optsMock;
+ EXPECT_CALL(optsMock, call(VAL1)).Times(1);
+ EXPECT_CALL(optsMock, call(VAL2)).Times(1);
+
+ secOpts.clear();
+ secOpts.push_back(lambda1);
+ secOpts.push_back(lambda2);
+
+ secOpts.apply(reinterpret_cast<CURL*>(&optsMock));
+}
#include "restservicemock.h"
#include "servicerequest.h"
#include "settings.h"
+#include "mock/sys_mock.h"
using ::testing::_;
using ::testing::Eq;
settings.setKeepAliveTimeout(TEST_TIMEOUT_INTERVAL);
settings.setDeviceId("");
settings.setSaveFileName("/dev/null");
+ SysMock sys;
RestServiceMock rest;
communication::Connection conn("", TEST_TIMEOUT_INTERVAL, &rest, [](){return true;});
+ EXPECT_CALL(sys, system_info_get_platform_string(_, _)).WillRepeatedly(Return(-1));
+ EXPECT_CALL(sys, system_info_get_value_string(_, _)).WillRepeatedly(Return(-1));
+
EXPECT_CALL(rest, registerDevice(_, _))
.WillOnce(Throw(std::runtime_error("")))
.WillOnce(Return(TEST_DEVICE_ID));
-
agent::ServiceRequest::registerDevice(conn);
EXPECT_EQ(TEST_DEVICE_ID, settings.getDeviceId());
} catch (std::exception& e) {
}
}
-TEST(TestServiceRequest, test_updateRules)
-{
- try {
- auto& settings = agent::Settings::instance();
- settings.setKeepAliveTimeout(TEST_TIMEOUT_INTERVAL);
- RestServiceMock rest;
- communication::Connection conn("", TEST_TIMEOUT_INTERVAL, &rest, [](){return true;});
- Json::Value check;
- check["type"] = std::string{"request-rules"};
+//TEST(TestServiceRequest, test_updateRules)
+//{
+// try {
+// auto& settings = agent::Settings::instance();
+// settings.setKeepAliveTimeout(TEST_TIMEOUT_INTERVAL);
+// RestServiceMock rest;
+// communication::Connection conn("", TEST_TIMEOUT_INTERVAL, &rest, [](){return true;});
+// Json::Value check;
+// check["type"] = std::string{"request-rules"};
- EXPECT_CALL(rest, sendData(_, TypedEq<const Json::Value&>(check)))
- .WillOnce(Throw(std::runtime_error("")))
- .WillOnce(Return());
+// EXPECT_CALL(rest, sendData(_, TypedEq<const Json::Value&>(check)))
+// .WillOnce(Throw(std::runtime_error("")))
+// .WillOnce(Return());
- agent::ServiceRequest::updateRules(conn);
- EXPECT_EQ(TEST_DEVICE_ID, settings.getDeviceId());
- } catch (std::exception& e) {
- FAIL() << e.what();
- }
-}
+// agent::ServiceRequest::updateRules(conn);
+// EXPECT_EQ(TEST_DEVICE_ID, settings.getDeviceId());
+// } catch (std::exception& e) {
+// FAIL() << e.what();
+// }
+//}
* See the License for the specific language governing permissions and
* limitations under the License
*/
-#include <iostream>
#include <gtest/gtest.h>
#include <unistd.h>
#include <sys/stat.h>
* See the License for the specific language governing permissions and
* limitations under the License
*/
-#include <iostream>
#include <gmock/gmock.h>
#include <gtest/gtest.h>
#include <functional>
using ::testing::Eq;
using ::testing::Return;
using ::testing::Throw;
+using ::testing::TypedEq;
using ::testing::AtLeast;
#define TAG "Tests"
.WillRepeatedly(Return(TEST_UPDATES));
EXPECT_CALL(rest, doGet(_, Eq(TEST_SETTINGS_URI)))
.WillOnce(Return(TEST_SETTINGS));
- EXPECT_CALL(rest, doPost(_, Eq(TEST_SETTINGS_CURI), Eq("")))
+ EXPECT_CALL(rest, doPost(_, Eq(TEST_SETTINGS_CURI), TypedEq<const std::string&>("")))
.Times(1);
std::thread t(&Connection::loop, &conn);
EXPECT_CALL(rest, doGet(_, Eq(TEST_SETTINGS_URI)))
.Times(AtLeast(1))
.WillRepeatedly(Return(TEST_EMPTY_SETTINGS));
- EXPECT_CALL(rest, doPost(_, Eq(TEST_SETTINGS_CURI), Eq("")))
+ EXPECT_CALL(rest, doPost(_, Eq(TEST_SETTINGS_CURI), TypedEq<const std::string&>("")))
.Times(AtLeast(1));
std::thread t(&Connection::loop, &conn);
EXPECT_CALL(rest, doGet(_, Eq(TEST_SETTINGS_URI)))
.Times(AtLeast(1))
.WillRepeatedly(Return(TEST_SETTINGS_NEG_TIMEOUT));
- EXPECT_CALL(rest, doPost(_, Eq(TEST_SETTINGS_CURI), Eq("")))
+ EXPECT_CALL(rest, doPost(_, Eq(TEST_SETTINGS_CURI), TypedEq<const std::string&>("")))
.Times(AtLeast(1));
std::thread t(&Connection::loop, &conn);
--- /dev/null
+#include <gmock/gmock.h>
+
+#include "syscall.h"
+#include "mock/sys_mock.h"
+
+using ::testing::_;
+using ::testing::Return;
+using ::testing::DoAll;
+using ::testing::Invoke;
+
+TEST(TestSyscall, test_syscallTable)
+{
+ SysMock sys;
+ EXPECT_CALL(sys, uname(_)).WillOnce(DoAll(Invoke([](struct utsname* a) {strcpy(a->machine, "undef");}), Return(-1)));
+ EXPECT_EQ(0, agent::Syscall::syscallTable().size());
+ EXPECT_CALL(sys, uname(_)).WillOnce(DoAll(Invoke([](struct utsname* a) {strcpy(a->machine, "armv7l");}), Return(0)));
+ EXPECT_EQ(347, agent::Syscall::syscallTable().size());
+ EXPECT_CALL(sys, uname(_)).WillOnce(DoAll(Invoke([](struct utsname* a) {strcpy(a->machine, "aarch64");}), Return(0)));
+ EXPECT_EQ(249, agent::Syscall::syscallTable().size());
+ EXPECT_CALL(sys, uname(_)).WillOnce(DoAll(Invoke([](struct utsname* a) {strcpy(a->machine, "i386");}), Return(0)));
+ EXPECT_EQ(347, agent::Syscall::syscallTable().size());
+ EXPECT_CALL(sys, uname(_)).WillOnce(DoAll(Invoke([](struct utsname* a) {strcpy(a->machine, "x86_64");}), Return(0)));
+ EXPECT_EQ(314, agent::Syscall::syscallTable().size());
+}
--- /dev/null
+//#include <gmock/gmock.h>
+//#include "syscallstatehandler.h"
+//#include "restservicemock.h"
+
+//using ::testing::_;
+//using ::testing::A;
+//using ::testing::Eq;
+//using ::testing::DoAll;
+//using ::testing::Return;
+//using ::testing::SaveArg;
+
+//namespace
+//{
+//const std::string TEST_DUID{"device-id"};
+//const std::chrono::milliseconds TEST_KEEPALIVE{1};
+//const std::string TEST_EVENT_TYPE{"state-rule"};
+//const std::string TEST_EVENT_URI{"test-uri"};
+//const std::string TEST_EVENT_CURI{"test-curi"};
+//}
+
+//TEST(TestSyscallStateHandler, test_accept)
+//{
+// RestServiceMock rest;
+// Json::Value event_msg;
+// Json::Value response;
+// AuditTrailMock audit;
+// event_msg["type"] = TEST_EVENT_TYPE;
+// event_msg["uri"] = TEST_EVENT_URI;
+// event_msg["curi"] = TEST_EVENT_CURI;
+// communication::Connection conn(TEST_DUID, TEST_KEEPALIVE, &rest, [](){return true;});
+// agent::AuditHandler handler(conn);
+// communication::Event event(event_msg, conn);
+
+// ASSERT_NO_THROW(handler.accept(event));
+// EXPECT_TRUE(response.isMember("data"));
+// EXPECT_EQ(TEST_EVENT_TYPE, response["type"].asString());
+//}
--- /dev/null
+/**
+ * Samsung Ukraine R&D Center (SRK under a contract between)
+ * LLC "Samsung Electronics Co", Ltd (Seoul, Republic of Korea)
+ * Copyright (C) 2018 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include <thread>
+#include <chrono>
+#include <gmock/gmock.h>
+
+#include "connection.h"
+#include "syscallstatehandler.h"
+#include "mock/sys_mock.h"
+#include "mock/restservicemock.h"
+
+using ::testing::_;
+using ::testing::A;
+using ::testing::Eq;
+using ::testing::Return;
+using ::testing::DoAll;
+using ::testing::Invoke;
+using ::testing::AtLeast;
+
+namespace
+{
+const std::string TEST_DEVICE_ID{"device-id"};
+const std::chrono::milliseconds TEST_KEEP_ALIVE(10);
+const std::string TEST_URI{"syscall-uri"};
+const std::string TEST_CURI{"syscall-curi"};
+const std::string TEST_UPDATES{"[{\"type\":\"state-syscall\",\"uri\":\"" + TEST_URI + "\",\"curi\":\"" + TEST_CURI +"\"}]"};
+}
+
+TEST(TestSyscallStateHandler, test_accept)
+{
+ try {
+ SysMock sys;
+ RestServiceMock rest;
+
+ communication::Connection conn(TEST_DEVICE_ID, TEST_KEEP_ALIVE, &rest, [](){return true;});
+ agent::SyscallStateHandler handler(conn);
+
+ EXPECT_CALL(sys, uname(_)).WillRepeatedly(DoAll(Invoke([](struct utsname* a) {strcpy(a->machine, "armv7l");}), Return(0)));
+
+ EXPECT_CALL(rest, getUpdates(_)).WillRepeatedly(Return(TEST_UPDATES));
+ EXPECT_CALL(rest, doGet(_, Eq(TEST_URI))).Times(0);
+ EXPECT_CALL(rest, sendData(_, A<const Json::Value&>())).Times(AtLeast(1));
+ EXPECT_CALL(rest, doPost(_, Eq(TEST_CURI), A<const std::string&>())).Times(AtLeast(1));
+
+ std::thread t(&communication::Connection::loop, &conn);
+
+ std::this_thread::sleep_for(std::chrono::milliseconds(7));
+
+ conn.stop();
+
+ t.join();
+ } catch (std::exception& e) {
+ FAIL() << e.what();
+ }
+}
* See the License for the specific language governing permissions and
* limitations under the License
*/
-#include <gtest/gtest.h>
-#include <iostream>
+
+#include <cstdlib>
+#include <gmock/gmock.h>
+
#include "sysinfo.h"
+#include "mock/sys_mock.h"
+
+using ::testing::_;
+using ::testing::Return;
+using ::testing::DoAll;
+using ::testing::Invoke;
using namespace agent;
/**
- * Test SysInfo class methods return non empty values
+ * Test SysInfo::model() method
+ */
+TEST(TestSysInfo, test_model)
+{
+ SysMock sys;
+ EXPECT_CALL(sys, system_info_get_value_string(_, _)).WillOnce(DoAll(Invoke([](system_info_key_e key, char** value) {*value = (char*)malloc(32);strcpy(*value, "model");}), Return(0)));
+ EXPECT_CALL(sys, system_info_get_platform_string(_, _)).Times(0);
+ EXPECT_EQ("model", SysInfo::model());
+ EXPECT_CALL(sys, system_info_get_value_string(_, _)).WillOnce(Return(-1));
+ EXPECT_CALL(sys, system_info_get_platform_string(_, _)).WillOnce(DoAll(Invoke([](const char* key, char** value) {*value = (char*)malloc(32);strcpy(*value, "model");}), Return(0)));
+ EXPECT_EQ("model", SysInfo::model());
+ EXPECT_CALL(sys, system_info_get_value_string(_, _)).WillOnce(Return(-1));
+ EXPECT_CALL(sys, system_info_get_platform_string(_, _)).WillOnce(Return(-1));
+ EXPECT_EQ("undefined", SysInfo::model());
+}
+
+/**
+ * Test SysInfo::type() method
+ */
+TEST(TestSysInfo, test_type)
+{
+ SysMock sys;
+ EXPECT_CALL(sys, system_info_get_platform_string(_, _)).WillOnce(DoAll(Invoke([](const char* key, char** value) {*value = (char*)malloc(32);strcpy(*value, "type");}), Return(0)));
+ EXPECT_EQ("type", SysInfo::type());
+ EXPECT_CALL(sys, system_info_get_platform_string(_, _)).WillRepeatedly(Return(-1));
+ EXPECT_EQ("undefined", SysInfo::type());
+}
+
+/**
+ * Test SysInfo::osVersion() method
+ */
+TEST(TestSysInfo, test_osversion)
+{
+ SysMock sys;
+ EXPECT_CALL(sys, system_info_get_platform_string(_, _)).WillOnce(DoAll(Invoke([](const char* key, char** value) {*value = (char*)malloc(32);strcpy(*value, "osver");}), Return(0)));
+ EXPECT_EQ("osver", SysInfo::osVersion());
+ EXPECT_CALL(sys, system_info_get_platform_string(_, _)).WillOnce(Return(-1));
+ EXPECT_EQ("undefined", SysInfo::osVersion());
+}
+
+/**
+ * Test SysInfo::osName() method
+ */
+TEST(TestSysInfo, test_osname)
+{
+ SysMock sys;
+ EXPECT_CALL(sys, system_info_get_value_string(_, _)).WillOnce(DoAll(Invoke([](system_info_key_e key, char** value) {*value = (char*)malloc(32);strcpy(*value, "osname");}), Return(0)));
+ EXPECT_CALL(sys, system_info_get_platform_string(_, _)).Times(0);
+ EXPECT_EQ("osname", SysInfo::osName());
+ EXPECT_CALL(sys, system_info_get_value_string(_, _)).WillOnce(Return(-1));
+ EXPECT_CALL(sys, system_info_get_platform_string(_, _)).WillOnce(DoAll(Invoke([](const char* key, char** value) {*value = (char*)malloc(32);strcpy(*value, "osname");}), Return(0)));
+ EXPECT_EQ("osname", SysInfo::osName());
+ EXPECT_CALL(sys, system_info_get_value_string(_, _)).WillOnce(Return(-1));
+ EXPECT_CALL(sys, system_info_get_platform_string(_, _)).WillOnce(Return(-1));
+ EXPECT_EQ("undefined", SysInfo::osName());
+}
+
+/**
+ * Test SysInfo::swVersion() method
+ */
+TEST(TestSysInfo, test_swversion)
+{
+ SysMock sys;
+ EXPECT_CALL(sys, system_info_get_value_string(_, _)).WillOnce(DoAll(Invoke([](system_info_key_e key, char** value) {*value = (char*)malloc(32);strcpy(*value, "swver");}), Return(0)));
+ EXPECT_CALL(sys, system_info_get_platform_string(_, _)).Times(0);
+ EXPECT_EQ("swver", SysInfo::swVersion());
+ EXPECT_CALL(sys, system_info_get_value_string(_, _)).WillOnce(Return(-1));
+ EXPECT_CALL(sys, system_info_get_platform_string(_, _)).WillOnce(DoAll(Invoke([](const char* key, char** value) {*value = (char*)malloc(32);strcpy(*value, "swver");}), Return(0)));
+ EXPECT_EQ("swver", SysInfo::swVersion());
+ EXPECT_CALL(sys, system_info_get_value_string(_, _)).WillOnce(Return(-1));
+ EXPECT_CALL(sys, system_info_get_platform_string(_, _)).WillOnce(Return(-1));
+ EXPECT_EQ("undefined", SysInfo::swVersion());
+}
+
+/**
+ * Test SysInfo::tizenId() method
*/
-TEST(TestSysInfo, test_api)
+TEST(TestSysInfo, test_tizenid)
{
- try {
- ASSERT_FALSE(SysInfo::model().empty());
- ASSERT_FALSE(SysInfo::type().empty());
- ASSERT_FALSE(SysInfo::osVersion().empty());
- ASSERT_FALSE(SysInfo::osName().empty());
- ASSERT_FALSE(SysInfo::swVersion().empty());
- } catch (std::exception& e) {
- FAIL() << e.what();
- }
+ SysMock sys;
+ EXPECT_CALL(sys, system_info_get_platform_string(_, _)).WillOnce(DoAll(Invoke([](const char* key, char** value) {*value = (char*)malloc(32);strcpy(*value, "tzid");}), Return(0)));
+ EXPECT_EQ("tzid", SysInfo::tizenId());
+ EXPECT_CALL(sys, system_info_get_platform_string(_, _)).WillOnce(Return(-1));
+ EXPECT_EQ("undefined", SysInfo::tizenId());
}
routine_exited = true;
}
- bool isRunning() const
- {
- return m_running;
- }
-
bool routine_called_atleast_once = false;
bool routine_exited = false;
TEST(Test_ThreadBase, test_default_sequence)
{
ThreadBaseTester t;
- EXPECT_FALSE(t.isRunning());
+ EXPECT_FALSE(t.is_running());
EXPECT_FALSE(t.routine_called_atleast_once);
EXPECT_FALSE(t.routine_exited);
t.start();
// Give chance to run to the spawned thread
std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_DELAY_MS));
- EXPECT_TRUE(t.isRunning());
+ EXPECT_TRUE(t.is_running());
EXPECT_TRUE(t.routine_called_atleast_once);
EXPECT_FALSE(t.routine_exited);
t.stop();
// Double join is ok
EXPECT_NO_THROW(t.join());
- EXPECT_FALSE(t.isRunning());
+ EXPECT_FALSE(t.is_running());
EXPECT_TRUE(t.routine_exited);
}
projects / platform / core / security / suspicious-activity-monitor.git / commitdiff