Gecko [ www.thearyasamaj.org ]

Name	Size	Permission
common	[ DIR ]	drwxr-xr-x
ftrace_hooks	[ DIR ]	drwxr-xr-x
lsm_hooks	[ DIR ]	drwxr-xr-x
syscall_hooks	[ DIR ]	drwxr-xr-x
transport	[ DIR ]	drwxr-xr-x
Kbuild	8.88 KB	-rw-r--r--
Makefile	2.23 KB	-rw-r--r--
compat.c	6.18 KB	-rw-r--r--
compat.h	10.89 KB	-rw-r--r--
debug.h	3.56 KB	-rw-r--r--
dkms.conf	146 B	-rw-r--r--
file_contexts.c	41.04 KB	-rw-r--r--
file_contexts.h	2.51 KB	-rw-r--r--
file_contexts_priv.h	4.92 KB	-rw-r--r--
file_handle_tools.h	2.15 KB	-rw-r--r--
file_key_tools.h	869 B	-rw-r--r--
file_path_tools.h	2.09 KB	-rw-r--r--
hashtable_compat.h	2.45 KB	-rw-r--r--
hook_trampoline_common.h	4.2 KB	-rw-r--r--
interval_tree.h	779 B	-rw-r--r--
memory.h	1.37 KB	-rw-r--r--
module.c	1.86 KB	-rw-r--r--
module_ref.h	421 B	-rw-r--r--
module_rundown_protection.c	3.64 KB	-rw-r--r--
module_rundown_protection.h	743 B	-rw-r--r--
path_tools.h	4.42 KB	-rw-r--r--
rundown_protection.c	4.2 KB	-rw-r--r--
rundown_protection.h	2.83 KB	-rw-r--r--
si_common.h	3.93 KB	-rw-r--r--
si_fp_properties.h	858 B	-rw-r--r--
si_fp_properties_x.h	15.41 KB	-rw-r--r--
si_fp_value_types.h	515 B	-rw-r--r--
si_fp_value_types_x.h	1.25 KB	-rw-r--r--
si_size.h	4.15 KB	-rw-r--r--
si_templates.h	2.29 KB	-rw-r--r--
si_writer.h	6.48 KB	-rw-r--r--
si_writer_common.h	6.39 KB	-rw-r--r--
stringify.h	261 B	-rw-r--r--
task_info_map.c	16.45 KB	-rw-r--r--
task_info_map.h	6.24 KB	-rw-r--r--
task_tools.h	1.34 KB	-rw-r--r--
tracepoints.c	3.58 KB	-rw-r--r--
tracepoints.h	299 B	-rw-r--r--
write_protection.h	1.04 KB	-rw-r--r--

Code Editor : si_writer_common.h

/**
 @file     si_writer_common.hpp
 @brief    Common writer
 @details  Copyright (c) 2024 Acronis International GmbH
 @author   Denis Kopyrin (Denis.Kopyrin@acronis.com)
 @since    $Id: $
 */

#include <linux/audit.h>
#include <linux/ktime.h>

#include "file_handle_tools.h"
#include "file_path_tools.h"
#include "si_writer.h"
#include "task_info_map.h"
#include "transport.h"

#ifdef KERNEL_MOCK
#include "mock/mock.h"
#define HAVE_UUID_IN_SUPER_BLOCK
#endif

#define SI_ESTIMATE_SIZE_PATH_INFO(path_info) ((path_info).str.length)
#define SI_ESTIMATE_SIZE_FILE_HANDLE_INFO(fh_info) ((fh_info).handle_bytes + sizeof((fh_info).handle_type))

static inline void si_property_writer_write_common(si_property_writer_t* writer, uint64_t event_uid, pid_t pid, pid_t tgid, task_info_t* task_info)
{
  SiTimeMicroseconds eventUs;
  eventUs.microseconds = ktime_to_us(ktime_get_real());
  si_property_writer_write_event_uid(writer, event_uid);
  si_property_writer_write_thread_id(writer, pid);
  si_property_writer_write_process_id(writer, tgid);
  si_property_writer_write_event_timestamp(writer, eventUs);
  si_property_writer_write_process_id_version(writer, task_info ? READ_ONCE(task_info->pid_version) : 0);
}

#define CONV_TIMESPEC(from, to) to.seconds = (uint64_t) ((from).tv_sec); to.nanoseconds = (uint64_t) ((from).tv_nsec)

#define FILE_WRITER_FUNCTIONS_FOR(name) \
static inline void si_property_writer_write_##name##_ids(si_property_writer_t *writer, const struct inode *inode, const file_handle_info_t *fh) { \
	if (inode) { \
		SiTimeSpec t; \
		{ \
			SiObjectId id; \
			id.DeviceId = inode->i_sb->s_dev; \
			id.Id = inode->i_ino; \
			si_property_writer_write_##name##_id(writer, id); \
		} \
 \
		si_property_writer_write_##name##_file_ptr(writer, (uint64_t) inode); \
		si_property_writer_write_##name##_file_generation(writer, inode->i_generation); \
		si_property_writer_write_##name##_file_attributes(writer, inode->i_flags); \
		si_property_writer_write_##name##_file_mode(writer, inode->i_mode); \
		si_property_writer_write_##name##_file_size(writer, i_size_read(inode)); \
		si_property_writer_write_##name##_file_uid(writer, i_uid_read(inode)); \
		si_property_writer_write_##name##_file_gid(writer, i_gid_read(inode)); \
		CONV_TIMESPEC(inode_get_ctime(inode), t); \
		si_property_writer_write_##name##_file_change_time(writer, t); \
		CONV_TIMESPEC(inode_get_mtime(inode), t); \
		si_property_writer_write_##name##_file_modification_time(writer, t); \
		CONV_TIMESPEC(inode_get_atime(inode), t); \
		si_property_writer_write_##name##_file_access_time(writer, t); \
	} \
	if (fh) { \
		si_property_writer_write_##name##_file_mount_id(writer, fh->mnt_id); \
		if (fh->f_handle) \
			si_property_writer_write_##name##_file_handle(writer, fh); \
	} \
} \
static inline void si_property_writer_write_##name##_file(si_property_writer_t *writer, const path_info_t* path_info, const struct inode *inode, const file_handle_info_t *fh) { \
	if (path_info && path_info->buf) { \
		si_property_writer_write_##name##_name(writer, path_info->str); \
	} \
  si_property_writer_write_##name##_ids(writer, inode, fh); \
};

FILE_WRITER_FUNCTIONS_FOR(object)
FILE_WRITER_FUNCTIONS_FOR(target)
#undef FILE_WRITER_FUNCTIONS_FOR
#undef CONV_TIMESPEC

struct volume_id
{
	uint64_t low;
	uint64_t high;
};

static inline void si_property_writer_write_object_ids_and_volume(si_property_writer_t *writer, const struct inode *inode, const file_handle_info_t *fh) {
#ifdef HAVE_UUID_IN_SUPER_BLOCK
	struct volume_id id;
#endif
	si_property_writer_write_object_ids(writer, inode, fh);
#ifdef HAVE_UUID_IN_SUPER_BLOCK
	memcpy(&id, &inode->i_sb->s_uuid, sizeof(id));
	si_property_writer_write_volume_id_low(writer, id.low);
	si_property_writer_write_volume_id_high(writer, id.high);
#endif
	si_property_writer_write_volume_magic(writer, inode->i_sb->s_magic);
}

static inline void si_property_writer_write_object_file_and_volume(si_property_writer_t *writer, const path_info_t* path_info, const struct inode *inode, const file_handle_info_t *fh) {
	if (path_info && path_info->buf) {
		si_property_writer_write_object_name(writer, path_info->str);
	}
  si_property_writer_write_object_ids_and_volume(writer, inode, fh);
}

#undef FILE_WRITER_FUNCTIONS_FOR

static inline void si_property_writer_write_exe_file(si_property_writer_t *writer, const path_info_t* path_info, const struct inode *inode, const file_handle_info_t *fh)
{
	if (path_info && path_info->buf) {
		si_property_writer_write_image_file_name(writer, path_info->str);
	}

si_property_writer_write_object_ids_and_volume(writer, inode, fh);
	si_property_writer_write_process_file_name_is_not_path(writer, false /*induced from 'inode'*/);
}

static inline void si_property_writer_write_exe_comm(si_property_writer_t *writer, const char* comm)
{
	si_property_writer_write_image_file_name(writer, (SiSizedString){ comm, strlen(comm) });
	si_property_writer_write_process_file_name_is_not_path(writer, true /*induced from 'comm', not 'inode'*/);
}

static inline void si_property_writer_write_creds(si_property_writer_t *writer, const struct cred *cred)
{
	si_property_writer_write_user_id(writer, from_kuid_compat(cred->uid));
	si_property_writer_write_group_id(writer, from_kgid_compat(cred->gid));
	si_property_writer_write_saved_user_id(writer, from_kuid_compat(cred->suid));
	si_property_writer_write_saved_group_id(writer, from_kgid_compat(cred->sgid));
	si_property_writer_write_effective_user_id(writer, from_kuid_compat(cred->euid));
	si_property_writer_write_effective_group_id(writer, from_kgid_compat(cred->egid));
}

static inline void si_property_writer_write_audit(si_property_writer_t *writer, struct task_struct* tsk)
{
	// I am not sure why it is named 'loginuid' but it is outputted as 'auid' everywhere
	si_property_writer_write_audit_user_id(writer, from_kuid_compat(audit_get_loginuid(tsk)));
	si_property_writer_write_audit_session_id(writer, audit_get_sessionid(tsk));
}

static inline void si_property_writer_write_task_creds(si_property_writer_t *writer, struct task_struct* task)
{
	const struct cred *cred;
	rcu_read_lock();
	cred = __task_cred(task);
	if (!cred) {
		// I expect this to never happen
		rcu_read_unlock();
		return;
	}
	si_property_writer_write_creds(writer, cred);
	si_property_writer_write_audit(writer, task);
	rcu_read_unlock();
}

static inline void si_property_writer_write_current_creds(si_property_writer_t *writer)
{
	si_property_writer_write_creds(writer, current_real_cred());
	si_property_writer_write_audit(writer, current);
}

${this.title}

Code Editor : si_writer_common.h