void KThread::run() { QString address; struct sockaddr_in addr_; struct hostent * hote = NULL; qDebug("KThread: Starting kernel loop"); while(_keep_going && (auditsec_question(KC->usai()) == 0)){ qDebug() << ""; qDebug() << "KThread: " << KC->usai()->execname << " (" << KC->usai()->pid << ")"; if(KC->is_registered() == KERNEL_ERROR){ KC->register_application(KC->usai()->execname); } switch (KC->usai()->type){ case AUDITSEC_FILE: qDebug() << "KThread: File: " << KC->usai()->auditsec_struct.file.fullpath; KC->domain_changed(xmlContext( "fullpath", KC->usai()->auditsec_struct.file.fullpath, //"filename", KC->usai()->auditsec_struct.file.name, NULL, NULL)); #ifdef DEBUG read_execpath(KC->usai()->pid, exec_path); qDebug() << "file access: " << KC->usai()->auditsec_struct.file.fullpath << "/" << KC->usai()->auditsec_struct.file.name << ", pid: " << KC->usai()->pid << ", execname: " << exec_path /*<< ", mask: " << KC->usai()->auditsec_struct.file.mask*/; #endif /* DEBUG */ break; case AUDITSEC_DIR: qDebug() << "KThread : Directory: " << KC->usai()->auditsec_struct.file.fullpath; KC->domain_changed(xmlContext( "fullpath", KC->usai()->auditsec_struct.file.fullpath, NULL, NULL)); #ifdef DEBUG read_execpath(KC->usai()->pid, exec_path); qDebug(); << "mkdir: " << KC->usai()->auditsec_struct.dir.fullpath << ", pid: " << KC->usai()->pid << ", execname: " << exec_path << KC->usai()->execname /*<< ", mode: " << KC->usai()->auditsec_struct.dir.mode*/; #endif /* DEBUG */ break; case AUDITSEC_SOCKET: /* TODO qDebug() << "KThread socket"; address = inet_ntoa(KC->usai()->auditsec_struct.socket.addr.addr4.sin_addr); addr_.sin_addr.s_addr = inet_addr(address.toStdString().c_str()); hote = gethostbyaddr((char *) &addr_.sin_addr, 4, AF_INET); if (hote == NULL) qDebug() << "KThread: IP: " << address; else qDebug() << "KThread: IP: " << address << " " << hote->h_name; */ auditsec_answer(true); break; case AUDITSEC_MSG: // TODO auditsec_answer(true); break; default: qCritical("KernelContext: can't determine struct type !"); auditsec_answer(0); break; } }
int main(int argc, char* argv[]) { struct auditsec_info * usai = (struct auditsec_info *) malloc(sizeof(struct auditsec_info)); #ifdef DEBUG char exec_path[PATH_MAX]; #endif struct sigaction action; if(argc > 1) { std::cerr << "Usage: " << argv[0] << std::endl; return -1; } //TODO Finir de bloquer les signaux memset(&action, 0, sizeof(struct sigaction)); action.sa_handler = signal_manager; sigaction(SIGINT, &action, NULL); std::cout << "Trying to register with the kernel" << std::endl; if(auditsec_register(1) != 1){ std::cerr << "FAILED to register with the kernel." << std::endl; return -1; } std::cout << "The daemon is registered with the kernel." << std::endl; std::cout << "Trying to register with contextd" << std::endl; if(context_register_application("daemon") != CONTEXT_TRUE){ std::cerr << "FAILED to register with contextd." << std::endl; if(auditsec_register(0) == 1){ std::cerr << "The kernel state may NOT be ok. You should reboot." << std::endl; }else{ std::cout << "The kernel is ok." << std::endl; } return -1; } std::cout << "The daemon is registered with contextd." << std::endl; while(keep_going){ switch (usai->type){ case AUDITSEC_FILE: switch (context_changed(//"pid", usai->pid, "fullpath", usai->auditsec_struct.file.fullpath, // "filename", usai->auditsec_struct.file.name, NULL, NULL)){ case CONTEXT_ACCEPTED: auditsec_answer(true); std::cout << "Transition acceptée." << std::endl; break; case CONTEXT_REFUSED: auditsec_answer(false); std::cerr << "Transition refusée." << std::endl; break; case CONTEXT_ERROR: auditsec_answer(false); std::cerr << "Erreur dans la transition : " << context_getLastError() << std::endl; break; default: auditsec_answer(false); std::cerr << "Default ! On ne devrait pas être là !" << std::endl; break; } #ifdef DEBUG read_execpath(usai->pid, exec_path); std::cout << "AuditSec, file access: " << usai->auditsec_struct.file.fullpath << "/" << usai->auditsec_struct.file.name << ", pid: " << usai->pid << ", execname: " << exec_path /*<< ", mask: " << usai->auditsec_struct.file.mask*/ << std::endl; #endif /* DEBUG */ break; case AUDITSEC_DIR: switch (context_changed("pid", usai->pid, "fullpath", usai->auditsec_struct.dir.fullpath, NULL, NULL)){ case CONTEXT_ACCEPTED: auditsec_answer(true); std::cout << "Transition acceptée." << std::endl; break; case CONTEXT_REFUSED: auditsec_answer(false); std::cerr << "Transition refusée." << std::endl; break; case CONTEXT_ERROR: auditsec_answer(false); std::cerr << "Erreur dans la transition : " << context_getLastError() << std::endl; break; default: auditsec_answer(false); std::cerr << "Default ! On ne devrait pas être là !" << std::endl; break; } #ifdef DEBUG read_execpath(usai->pid, exec_path); std::cout << "AuditSec, mkdir: " << usai->auditsec_struct.dir.fullpath << ", pid: " << usai->pid << ", execname: " << exec_path << usai->execname /*<< ", mode: " << usai->auditsec_struct.dir.mode*/ << std::endl; #endif /* DEBUG */ break; default: std::cerr << "AuditSec, can't determine struct type !" << std::endl; auditsec_answer(false); break; } } std::cout << "Stopping daemon and telling the kenel." << std::endl; if(auditsec_register(0) != 0){ std::cerr << "The kernel state may NOT be ok. You should reboot." << std::endl; return -1; } std::cout << "The kernel is ok." << std::endl; return 0; }