conf: audit passthrough input devices at domain startup

Introduce virDomainAuditInput and use it to log the evdev passed to the guest.
2025-01-11 15:27:47 +00:00 · 2017-10-16 14:58:51 +02:00 · 2017-10-16 14:58:51 +02:00 · 2690b5b930
commit 2690b5b930
parent d66fc71d31
2 changed files with 49 additions and 0 deletions
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@ -868,6 +868,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
    for (i = 0; i < vm->def->nshmems; i++)
        virDomainAuditShmem(vm, vm->def->shmems[i], "start", true);

+    for (i = 0; i < vm->def->ninputs; i++)
+        virDomainAuditInput(vm, vm->def->inputs[i], "start", true);
+
    virDomainAuditMemory(vm, 0, virDomainDefGetMemoryTotal(vm->def),
                         "start", true);
    virDomainAuditVcpu(vm, 0, virDomainDefGetVcpus(vm->def), "start", true);
@ -983,3 +986,44 @@ virDomainAuditShmem(virDomainObjPtr vm,
    VIR_FREE(shmpath);
    return;
 }
+
+
+void
+virDomainAuditInput(virDomainObjPtr vm,
+                    virDomainInputDefPtr input,
+                    const char *reason,
+                    bool success)
+{
+    char uuidstr[VIR_UUID_STRING_BUFLEN];
+    char *vmname;
+    const char *virt = virDomainVirtTypeToString(vm->def->virtType);
+
+    virUUIDFormat(vm->def->uuid, uuidstr);
+
+    if (!(vmname = virAuditEncode("vm", vm->def->name)))
+        goto no_memory;
+
+    switch ((virDomainInputType) input->type) {
+    case VIR_DOMAIN_INPUT_TYPE_MOUSE:
+    case VIR_DOMAIN_INPUT_TYPE_TABLET:
+    case VIR_DOMAIN_INPUT_TYPE_KBD:
+        break;
+
+    case VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH:
+        VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
+                  "virt=%s resrc=evdev reason=%s %s uuid=%s path=%s",
+                  virt, reason, vmname, uuidstr, VIR_AUDIT_STR(input->source.evdev));
+        break;
+
+    case VIR_DOMAIN_INPUT_TYPE_LAST:
+        break;
+    }
+
+ cleanup:
+    VIR_FREE(vmname);
+    return;
+
+ no_memory:
+    VIR_WARN("OOM while encoding audit message");
+    goto cleanup;
+}
--- a/src/conf/domain_audit.h
+++ b/src/conf/domain_audit.h
@ -133,6 +133,11 @@ void virDomainAuditShmem(virDomainObjPtr vm,
                         virDomainShmemDefPtr def,
                         const char *reason, bool success)
    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
+void virDomainAuditInput(virDomainObjPtr vm,
+                         virDomainInputDefPtr input,
+                         const char *reason,
+                         bool success)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);


 #endif /* __VIR_DOMAIN_AUDIT_H__ */