device: add audit support

src/devices/nm-device.c

@@ -66,6 +66,7 @@
 #include "nm-default-route-manager.h"
 #include "nm-route-manager.h"
 #include "sd-ipv4ll.h"
+#include "nm-audit-manager.h"
 
 #include "nm-device-logging.h"
 _LOG_DECLARE_SELF (NMDevice);
@@ -6177,6 +6178,7 @@ delete_on_deactivate_check_and_schedule (NMDevice *self, int ifindex)
 static void
 disconnect_cb (NMDevice *self,
                DBusGMethodInvocation *context,
+               NMAuthSubject *subject,
                GError *error,
                gpointer user_data)
 {
@@ -6185,6 +6187,7 @@ disconnect_cb (NMDevice *self,
 
 	if (error) {
 		dbus_g_method_return_error (context, error);
+		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, FALSE, subject, error->message);
 		return;
 	}
 
@@ -6194,6 +6197,7 @@ disconnect_cb (NMDevice *self,
 		                             NM_DEVICE_ERROR_NOT_ACTIVE,
 		                             "Device is not active");
 		dbus_g_method_return_error (context, local);
+		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, FALSE, subject, local->message);
 		g_error_free (local);
 	} else {
 		nm_device_set_autoconnect (self, FALSE);
@@ -6202,6 +6206,7 @@ disconnect_cb (NMDevice *self,
 		                         NM_DEVICE_STATE_DEACTIVATING,
 		                         NM_DEVICE_STATE_REASON_USER_REQUESTED);
 		dbus_g_method_return (context);
+		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, TRUE, subject, NULL);
 	}
 }
 
@@ -6245,17 +6250,20 @@ impl_device_disconnect (NMDevice *self, DBusGMethodInvocation *context)
 static void
 delete_cb (NMDevice *self,
            DBusGMethodInvocation *context,
+           NMAuthSubject *subject,
            GError *error,
            gpointer user_data)
 {
 	if (error) {
 		dbus_g_method_return_error (context, error);
+		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DELETE, self, FALSE, subject, error->message);
 		return;
 	}
 
 	/* Authorized */
 	nm_platform_link_delete (NM_PLATFORM_GET, nm_device_get_ifindex (self));
 	dbus_g_method_return (context);
+	nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DELETE, self, TRUE, subject, NULL);
 }
 
 static void

src/devices/nm-device.h

@@ -311,6 +311,7 @@ typedef struct {
 
 typedef void (*NMDeviceAuthRequestFunc) (NMDevice *device,
                                          DBusGMethodInvocation *context,
+                                         NMAuthSubject *subject,
                                          GError *error,
                                          gpointer user_data);
 

src/devices/wifi/nm-device-wifi.c

@@ -1057,6 +1057,7 @@ impl_device_get_all_access_points (NMDeviceWifi *self,
 static void
 request_scan_cb (NMDevice *device,
                  DBusGMethodInvocation *context,
+                 NMAuthSubject *subject,
                  GError *error,
                  gpointer user_data)
 {

src/nm-manager.c

@@ -1357,6 +1357,7 @@ device_auth_done_cb (NMAuthChain *chain,
 	NMDevice *device;
 	const char *permission;
 	NMDeviceAuthRequestFunc callback;
+	NMAuthSubject *subject;
 
 	g_assert (context);
 
@@ -1370,6 +1371,7 @@ device_auth_done_cb (NMAuthChain *chain,
 	g_assert (device);
 
 	result = nm_auth_chain_get_result (chain, permission);
+	subject = nm_auth_chain_get_subject (chain);
 
 	if (auth_error) {
 		/* translate the auth error into a manager permission denied error */
@@ -1390,6 +1392,7 @@ device_auth_done_cb (NMAuthChain *chain,
 
 	callback (device,
 	          context,
+	          subject,
 	          error,
 	          nm_auth_chain_get_data (chain, "user-data"));
 
@@ -1450,9 +1453,10 @@ device_auth_request_cb (NMDevice *device,
 	nm_auth_chain_add_call (chain, permission, allow_interaction);
 
 done:
-	g_clear_object (&subject);
 	if (error)
-		callback (device, context, error, user_data);
+		callback (device, context, subject, error, user_data);
+
+	g_clear_object (&subject);
 	g_clear_error (&error);
 }