Linux host2.homegym.sg 4.18.0-553.8.1.el8_10.x86_64 #1 SMP Tue Jul 2 07:26:33 EDT 2024 x86_64
Apache
Server IP : 159.223.38.192 & Your IP : 159.223.38.192
Domains : 20 Domain
User : eachadea
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Lock Shell
Lock File++
Readme
/
usr /
src /
file_protector-1.1-1578 /
Delete
Unzip
Name
Size
Permission
Date
Action
common
[ DIR ]
drwxr-xr-x
2025-09-08 19:44
ftrace_hooks
[ DIR ]
drwxr-xr-x
2025-09-08 19:44
lsm_hooks
[ DIR ]
drwxr-xr-x
2025-09-08 19:44
syscall_hooks
[ DIR ]
drwxr-xr-x
2025-09-08 19:44
transport
[ DIR ]
drwxr-xr-x
2025-09-08 19:44
Kbuild
10.29
KB
-rw-r--r--
2025-09-08 19:44
Makefile
2.23
KB
-rw-r--r--
2025-09-08 19:44
compat.c
8.42
KB
-rw-r--r--
2025-09-08 19:44
compat.h
11.98
KB
-rw-r--r--
2025-09-08 19:44
debug.h
3.56
KB
-rw-r--r--
2025-09-08 19:44
dkms.conf
146
B
-rw-r--r--
2025-09-08 19:44
file_contexts.c
52.97
KB
-rw-r--r--
2025-09-08 19:44
file_contexts.h
2.86
KB
-rw-r--r--
2025-09-08 19:44
file_contexts_priv.h
5.33
KB
-rw-r--r--
2025-09-08 19:44
file_handle_tools.h
2.53
KB
-rw-r--r--
2025-09-08 19:44
file_key_tools.h
950
B
-rw-r--r--
2025-09-08 19:44
file_path_tools.h
2.09
KB
-rw-r--r--
2025-09-08 19:44
hashtable_compat.h
2.73
KB
-rw-r--r--
2025-09-08 19:44
hook_trampoline_common.h
4.29
KB
-rw-r--r--
2025-09-08 19:44
interval_tree.h
779
B
-rw-r--r--
2025-09-08 19:44
memory.c
3.31
KB
-rw-r--r--
2025-09-08 19:44
memory.h
2.99
KB
-rw-r--r--
2025-09-08 19:44
module.c
2.67
KB
-rw-r--r--
2025-09-08 19:44
module_ref.h
421
B
-rw-r--r--
2025-09-08 19:44
module_rundown_protection.c
3.64
KB
-rw-r--r--
2025-09-08 19:44
module_rundown_protection.h
743
B
-rw-r--r--
2025-09-08 19:44
path_tools.h
5.84
KB
-rw-r--r--
2025-09-08 19:44
rundown_protection.c
4.2
KB
-rw-r--r--
2025-09-08 19:44
rundown_protection.h
2.83
KB
-rw-r--r--
2025-09-08 19:44
safe_kobject.h
1.28
KB
-rw-r--r--
2025-09-08 19:44
si_common.h
4.3
KB
-rw-r--r--
2025-09-08 19:44
si_fp_properties.h
858
B
-rw-r--r--
2025-09-08 19:44
si_fp_properties_x.h
18.53
KB
-rw-r--r--
2025-09-08 19:44
si_fp_value_types.h
515
B
-rw-r--r--
2025-09-08 19:44
si_fp_value_types_x.h
1.25
KB
-rw-r--r--
2025-09-08 19:44
si_size.h
4.26
KB
-rw-r--r--
2025-09-08 19:44
si_templates.h
2.99
KB
-rw-r--r--
2025-09-08 19:44
si_writer.h
7.52
KB
-rw-r--r--
2025-09-08 19:44
si_writer_common.h
14.63
KB
-rw-r--r--
2025-09-08 19:44
stringify.h
261
B
-rw-r--r--
2025-09-08 19:44
task_info_map.c
17.1
KB
-rw-r--r--
2025-09-08 19:44
task_info_map.h
6.33
KB
-rw-r--r--
2025-09-08 19:44
task_tools.h
1.34
KB
-rw-r--r--
2025-09-08 19:44
tracepoints.c
3.58
KB
-rw-r--r--
2025-09-08 19:44
tracepoints.h
299
B
-rw-r--r--
2025-09-08 19:44
write_protection.h
2.2
KB
-rw-r--r--
2025-09-08 19:44
Save
Rename
/** @file si_writer_common.hpp @brief Common writer @details Copyright (c) 2024 Acronis International GmbH @author Denis Kopyrin (Denis.Kopyrin@acronis.com) @since $Id: $ */ #ifdef BPF_PROGRAM #include "compat_ebpf.h" #else #include <linux/audit.h> #include <linux/cgroup.h> #include <linux/ktime.h> #include "file_handle_tools.h" #include "file_path_tools.h" #include "task_info_map.h" #include "transport.h" #endif #include "si_writer.h" static inline uint64_t get_inode_dev(const struct inode *inode) { uint64_t dev = (uint64_t) KERNEL_READ2(inode, i_sb, s_dev); #ifdef BPF_PROGRAM uint64_t fs_dev = get_fs_inode_dev(inode); if (fs_dev != 0) { dev = fs_dev; } #endif return dev; } #ifdef KERNEL_MOCK #include "mock/mock.h" #define HAVE_UUID_IN_SUPER_BLOCK #endif #define SI_ESTIMATE_SIZE_PATH_INFO(path_info) ((path_info).str.length) #define SI_ESTIMATE_SIZE_FILE_HANDLE_INFO(fh_info) ((fh_info).handle_bytes + sizeof((fh_info).handle_type)) #ifndef BPF_PROGRAM #define PATH_FILTERED_STATUS_T int #define PATH_IS_NOT_FILTERED 1 #endif #ifndef BPF_PROGRAM static inline bool si_property_writer_write_object_path(si_property_writer_t *writer, const struct path *path) { (void)writer; (void)path; return true; } static inline bool si_property_writer_write_target_path(si_property_writer_t *writer, const struct path *path) { (void)writer; (void)path; return true; } static inline void si_property_writer_write_image_file_path(si_property_writer_t *writer, const struct path *path) { (void)writer; (void)path; } static inline void si_property_writer_write_image_file_comm(si_property_writer_t *writer, const char *comm) { (void)writer; (void)comm; } #endif static inline void si_property_writer_write_object_key(si_property_writer_t *writer, const file_key_t* key) { SiObjectId object_id; object_id.DeviceId = key->dev; object_id.Id = key->ino; si_property_writer_write_object_id(writer, object_id); si_property_writer_write_object_file_generation(writer, key->gen); // TODO: This pointer should be hidden from userspace! si_property_writer_write_object_file_ptr(writer, key->ptr); } #ifdef BPF_PROGRAM static inline void si_property_writer_write_common(si_property_writer_t* writer, uint64_t event_uid, pid_t pid, pid_t tgid, uint64_t pid_version) #else static inline void si_property_writer_write_common(si_property_writer_t* writer, uint64_t event_uid, pid_t pid, pid_t tgid, task_info_t* task_info) #endif { SiTimeMicroseconds eventUs; #ifndef BPF_PROGRAM eventUs.microseconds = ktime_to_us(ktime_get_real()); #else eventUs.microseconds = bpf_ktime_get_ns () / 1000; #endif si_property_writer_write_event_uid(writer, event_uid); si_property_writer_write_thread_id(writer, pid); si_property_writer_write_process_id(writer, tgid); si_property_writer_write_event_timestamp(writer, eventUs); #ifdef BPF_PROGRAM si_property_writer_write_process_id_version(writer, pid_version); #else si_property_writer_write_process_id_version(writer, task_info ? READ_ONCE(task_info->pid_version) : 0); #endif } #ifdef BPF_PROGRAM #define CONV_TIMESPEC(from, to) do{ struct timespec64 _from = (from); to.seconds = (uint64_t) (_from.tv_sec); to.nanoseconds = (uint64_t) (_from.tv_nsec); }while(0) #else #define CONV_TIMESPEC(from, to) do{ to.seconds = (uint64_t) ((from).tv_sec); to.nanoseconds = (uint64_t) ((from).tv_nsec); }while(0) #endif #ifdef STATX_BTIME // Currently this code is kernel module only #define FILE_WRITER_KSTAT_FUNCTIONS_FOR(name) \ static inline void si_property_writer_write_##name##_kstat(si_property_writer_t* writer, const struct inode *inode, const struct kstat *sb) { \ SiTimeSpec t; \ if (sb->result_mask & STATX_MODE) { \ si_property_writer_write_##name##_file_mode(writer, sb->mode); \ } else { \ si_property_writer_write_##name##_file_mode(writer, inode->i_mode); \ } \ if (sb->result_mask & STATX_SIZE) { \ si_property_writer_write_##name##_file_size(writer, sb->size); \ } else { \ si_property_writer_write_##name##_file_size(writer, i_size_read(inode)); \ } \ if (sb->result_mask & STATX_UID) \ si_property_writer_write_##name##_file_uid(writer, from_kuid_compat(sb->uid)); \ if (sb->result_mask & STATX_GID) \ si_property_writer_write_##name##_file_gid(writer, from_kgid_compat(sb->gid)); \ if (sb->result_mask & STATX_CTIME) { \ CONV_TIMESPEC(sb->ctime, t); \ si_property_writer_write_##name##_file_change_time(writer, t); \ } \ if (sb->result_mask & STATX_MTIME) { \ CONV_TIMESPEC(sb->mtime, t); \ si_property_writer_write_##name##_file_modification_time(writer, t); \ } \ if (sb->result_mask & STATX_ATIME) { \ CONV_TIMESPEC(sb->atime, t); \ si_property_writer_write_##name##_file_access_time(writer, t); \ } \ if (sb->result_mask & STATX_BTIME) { \ CONV_TIMESPEC(sb->btime, t); \ si_property_writer_write_##name##_file_birth_time(writer, t); \ } \ { \ dev_t sb_dev = inode->i_sb->s_dev; \ SiObjectId id; \ id.DeviceId = sb->dev; \ id.Id = sb->ino; \ si_property_writer_write_##name##_id(writer, id); \ if (sb_dev != id.DeviceId) si_property_writer_write_##name##_file_superblock_dev(writer, (uint64_t) sb_dev); \ if (inode->i_ino != id.Id) si_property_writer_write_##name##_file_inode_ino(writer, (uint64_t) inode->i_ino); \ si_property_writer_write_##name##_file_ptr(writer, (uint64_t) inode); \ si_property_writer_write_##name##_file_generation(writer, inode->i_generation); \ } \ } #else // This function will never be called if btime is not available currently #define FILE_WRITER_KSTAT_FUNCTIONS_FOR(name) \ static inline void si_property_writer_write_##name##_kstat(si_property_writer_t* writer, const struct inode *inode, const struct kstat *sb) { (void) writer; (void) inode; (void) sb; } #endif #define FILE_WRITER_FUNCTIONS_FOR(name) \ static inline void si_property_writer_write_##name##_stat(si_property_writer_t* writer, const struct inode *inode) { \ if (inode) { \ SiTimeSpec t; \ si_property_writer_write_##name##_file_mode(writer, KERNEL_READ(inode, i_mode)); \ si_property_writer_write_##name##_file_size(writer, i_size_read(inode)); \ si_property_writer_write_##name##_file_uid(writer, i_uid_read(inode)); \ si_property_writer_write_##name##_file_gid(writer, i_gid_read(inode)); \ CONV_TIMESPEC(inode_get_ctime(inode), t); \ si_property_writer_write_##name##_file_change_time(writer, t); \ CONV_TIMESPEC(inode_get_mtime(inode), t); \ si_property_writer_write_##name##_file_modification_time(writer, t); \ CONV_TIMESPEC(inode_get_atime(inode), t); \ si_property_writer_write_##name##_file_access_time(writer, t); \ } \ } \ static inline void si_property_writer_write_##name##_mini_ids(si_property_writer_t* writer, const struct inode* inode) { \ if (inode) { \ dev_t sb_dev = (uint64_t) KERNEL_READ2(inode, i_sb, s_dev); \ SiObjectId id; \ id.DeviceId = get_inode_dev(inode); \ id.Id = KERNEL_READ(inode, i_ino); \ si_property_writer_write_##name##_id(writer, id); \ si_property_writer_write_##name##_file_superblock_dev(writer, sb_dev); \ si_property_writer_write_##name##_file_ptr(writer, (uint64_t) inode); \ si_property_writer_write_##name##_file_generation(writer, KERNEL_READ(inode, i_generation)); \ } \ } \ static inline void si_property_writer_write_##name##_ids(si_property_writer_t *writer, const struct path *path, const file_handle_info_t *fh) { \ const struct inode *inode = KERNEL_READ2(path, dentry, d_inode); \ if (inode) { \ struct kstat sb; \ si_property_writer_write_##name##_file_attributes(writer, KERNEL_READ(inode, i_flags)); \ if (0 == vfs_getattr_basic_fast(path, &sb)) { \ si_property_writer_write_##name##_kstat(writer, inode, &sb); \ } else { \ si_property_writer_write_##name##_stat(writer, inode); \ si_property_writer_write_##name##_mini_ids(writer, inode); \ } \ } \ if (fh) { \ si_property_writer_write_##name##_file_mount_id(writer, KERNEL_READ(fh, mnt_id)); \ if (fh->f_handle) \ si_property_writer_write_##name##_file_handle(writer, fh); \ } \ } \ static inline PATH_FILTERED_STATUS_T si_property_writer_write_##name##_file(si_property_writer_t *writer, const path_info_t* path_info, const struct path *path, const file_handle_info_t *fh) { \ if (path_info && path_info->buf) { \ si_property_writer_write_##name##_name(writer, path_info->str); \ } \ si_property_writer_write_##name##_ids(writer, path, fh); \ if (path) { \ return si_property_writer_write_##name##_path(writer, path); \ } else { \ return PATH_IS_NOT_FILTERED; \ } \ }; FILE_WRITER_KSTAT_FUNCTIONS_FOR(object) FILE_WRITER_KSTAT_FUNCTIONS_FOR(target) FILE_WRITER_FUNCTIONS_FOR(object) FILE_WRITER_FUNCTIONS_FOR(target) #undef FILE_WRITER_FUNCTIONS_FOR #undef CONV_TIMESPEC struct volume_id { uint64_t low; uint64_t high; }; static inline void si_property_writer_write_volume(si_property_writer_t *writer, const struct inode *inode) { #ifdef HAVE_UUID_IN_SUPER_BLOCK struct volume_id id; #endif #ifdef HAVE_UUID_IN_SUPER_BLOCK #ifndef BPF_PROGRAM memcpy(&id, &inode->i_sb->s_uuid, sizeof(id)); #else uuid_t s_uuid = KERNEL_READ2(inode, i_sb, s_uuid); bpf_core_read(&id, sizeof(id), &s_uuid); #endif si_property_writer_write_volume_id_low(writer, id.low); si_property_writer_write_volume_id_high(writer, id.high); #endif si_property_writer_write_volume_magic(writer, KERNEL_READ2(inode, i_sb, s_magic)); } static inline void si_property_writer_write_object_ids_and_volume(si_property_writer_t *writer, const struct path *path, const file_handle_info_t *fh) { si_property_writer_write_object_ids(writer, path, fh); si_property_writer_write_volume(writer, KERNEL_READ2(path, dentry, d_inode)); } static inline PATH_FILTERED_STATUS_T si_property_writer_write_object_file_and_volume(si_property_writer_t *writer, const path_info_t* path_info, const struct path *path, const file_handle_info_t *fh) { if (path_info && path_info->buf) { si_property_writer_write_object_name(writer, path_info->str); } si_property_writer_write_object_ids_and_volume(writer, path, fh); if (path) { return si_property_writer_write_object_path(writer, path); } else { return PATH_IS_NOT_FILTERED; } } #undef FILE_WRITER_FUNCTIONS_FOR static inline void si_property_writer_write_exe_file(si_property_writer_t *writer, const path_info_t *path_info, const struct path *path, const file_handle_info_t *fh) { #ifndef BPF_PROGRAM if (path_info && path_info->buf) { si_property_writer_write_image_file_name(writer, path_info->str); si_property_writer_write_process_file_name_is_not_path(writer, false /*induced from 'inode'*/); } else { si_property_writer_write_process_file_name_is_not_path(writer, true /*induced from 'comm', not 'inode'*/); } #else if (path) { si_property_writer_write_image_file_path(writer, path); si_property_writer_write_process_file_name_is_not_path(writer, false /*induced from 'inode'*/); } else { si_property_writer_write_process_file_name_is_not_path(writer, true /*induced from 'comm', not 'inode'*/); } #endif si_property_writer_write_object_ids_and_volume(writer, path, fh); } static inline void si_property_writer_write_exe_comm(si_property_writer_t *writer, const char* comm) { #ifndef BPF_PROGRAM si_property_writer_write_image_file_name(writer, (SiSizedString){ comm, strlen(comm) }); #else //#ifndef BPF_PROGRAM si_property_writer_write_image_file_comm(writer, comm); #endif //#ifndef BPF_PROGRAM si_property_writer_write_process_file_name_is_not_path(writer, true /*induced from 'comm', not 'inode'*/); } static inline void si_property_writer_write_creds(si_property_writer_t *writer, const struct cred *cred) { si_property_writer_write_user_id(writer, from_kuid_compat(KERNEL_READ(cred, uid))); si_property_writer_write_group_id(writer, from_kgid_compat(KERNEL_READ(cred, gid))); si_property_writer_write_saved_user_id(writer, from_kuid_compat(KERNEL_READ(cred, suid))); si_property_writer_write_saved_group_id(writer, from_kgid_compat(KERNEL_READ(cred, sgid))); si_property_writer_write_effective_user_id(writer, from_kuid_compat(KERNEL_READ(cred, euid))); si_property_writer_write_effective_group_id(writer, from_kgid_compat(KERNEL_READ(cred, egid))); } static inline void si_property_writer_write_audit(si_property_writer_t *writer, struct task_struct* tsk) { // I am not sure why it is named 'loginuid' but it is outputted as 'auid' everywhere si_property_writer_write_audit_user_id(writer, from_kuid_compat(audit_get_loginuid(tsk))); si_property_writer_write_audit_session_id(writer, audit_get_sessionid(tsk)); } static inline void si_property_writer_write_task_creds(si_property_writer_t *writer, struct task_struct* task) { const struct cred *cred; rcu_read_lock(); cred = __task_cred(task); if (!cred) { // I expect this to never happen rcu_read_unlock(); return; } si_property_writer_write_creds(writer, cred); si_property_writer_write_audit(writer, task); rcu_read_unlock(); } static inline void si_property_writer_write_current_creds(si_property_writer_t *writer) { si_property_writer_write_creds(writer, current_real_cred()); si_property_writer_write_audit(writer, current); } static inline void si_property_writer_write_cgroup(si_property_writer_t *writer, struct task_struct* task, uint32_t name_limit) { #if defined(HAVE_CGROUP_NAME) || defined(HAVE_CGROUP_KERNFS_NAME) struct cgroup_subsys_state *subsys; struct css_set *css; struct cgroup *cgroup; #ifdef HAVE_CGROUP_NAME struct cgroup_name *cgroup_name; #endif #ifdef HAVE_CGROUP_KERNFS_NAME struct kernfs_node *kn; #endif const char* name; SiSizedString container_name; rcu_read_lock(); css = KERNEL_READ(task, cgroups); if (!css) goto out; // Currently using subsystem 0 which is the subsystem for cpuset subsys = KERNEL_READ(css, subsys[0]); if (!subsys) goto out; cgroup = KERNEL_READ(subsys, cgroup); if (!cgroup) goto out; #ifdef HAVE_CGROUP_NAME cgroup_name = KERNEL_READ(cgroup, name); if (!cgroup_name) goto out; name = KERNEL_READ(cgroup_name, name); #endif #ifdef HAVE_CGROUP_KERNFS_NAME kn = KERNEL_READ(cgroup, kn); if (!kn) goto out; name = KERNEL_READ(kn, name); #endif if (!name) goto out; #ifndef BPF_PROGRAM container_name.value = name; container_name.length = strlen(name); if (container_name.length > name_limit) container_name.length = name_limit; si_property_writer_write_cgroup_name(writer, container_name); #else si_property_writer_write_cgroup_name_ebpf(writer, name); #endif out: rcu_read_unlock(); #else (void) writer; (void) task; (void) name_limit; #endif } static inline void si_property_writer_write_current_cgroup(si_property_writer_t *writer, int name_limit) { si_property_writer_write_cgroup(writer, current, name_limit); } static inline void si_property_writer_write_fsids(si_property_writer_t *writer) { si_property_writer_write_fsuid(writer, get_current_fsuid_compat()); si_property_writer_write_fsgid(writer, get_current_fsgid_compat()); }