diff --git a/frontend/app/src/main/java/de/amosproj3/ziofa/ui/configuration/ConfigurationViewModel.kt b/frontend/app/src/main/java/de/amosproj3/ziofa/ui/configuration/ConfigurationViewModel.kt index 0554e16f..9a9acf88 100644 --- a/frontend/app/src/main/java/de/amosproj3/ziofa/ui/configuration/ConfigurationViewModel.kt +++ b/frontend/app/src/main/java/de/amosproj3/ziofa/ui/configuration/ConfigurationViewModel.kt @@ -76,7 +76,7 @@ class ConfigurationViewModel( fnName = option.method, target = option.odexFilePath, offset = option.offset, - pid = it.toInt(), + pid = it, ) }, ) diff --git a/frontend/app/src/main/java/de/amosproj3/ziofa/ui/symbols/SymbolsViewModel.kt b/frontend/app/src/main/java/de/amosproj3/ziofa/ui/symbols/SymbolsViewModel.kt index 059a02c4..ed46b58e 100644 --- a/frontend/app/src/main/java/de/amosproj3/ziofa/ui/symbols/SymbolsViewModel.kt +++ b/frontend/app/src/main/java/de/amosproj3/ziofa/ui/symbols/SymbolsViewModel.kt @@ -67,12 +67,7 @@ class SymbolsViewModel( } private fun SymbolsEntry.toUprobeConfigForPid(pid: UInt) = - UprobeConfig( - fnName = this.name, - offset = this.offset, - target = this.odexFile, - pid = pid.toInt(), // TODO why is this not an uint - ) + UprobeConfig(fnName = this.name, offset = this.offset, target = this.odexFile, pid = pid) private fun GetSymbolsRequestState.toUIState(): SymbolsScreenState { return when (this) { diff --git a/frontend/client/src/main/java/de/amosproj3/ziofa/client/Client.kt b/frontend/client/src/main/java/de/amosproj3/ziofa/client/Client.kt index 1c745a65..a3b4604f 100644 --- a/frontend/client/src/main/java/de/amosproj3/ziofa/client/Client.kt +++ b/frontend/client/src/main/java/de/amosproj3/ziofa/client/Client.kt @@ -18,7 +18,7 @@ data class VfsWriteConfig(val entries: Map) data class SysSendmsgConfig(val entries: Map) -data class UprobeConfig(val fnName: String, val offset: ULong, var target: String, val pid: Int?) +data class UprobeConfig(val fnName: String, val offset: ULong, var target: String, val pid: UInt?) data class JniReferencesConfig(val pids: List) @@ -38,9 +38,23 @@ sealed class Event { val fd: ULong, val durationNanoSecs: ULong, ) : Event() + + data class JniReferences( + val pid: UInt, + val tid: UInt, + val beginTimeStamp: ULong, + val jniMethodName: JniMethodName?, + ) : Event() { + enum class JniMethodName { + AddLocalRef, + DeleteLocalRef, + AddGlobalRef, + DeleteGlobalRef, + } + } } -data class Process(val pid: Int, val ppid: Int, val state: String, val cmd: Command?) +data class Process(val pid: UInt, val ppid: UInt, val state: String, val cmd: Command?) data class StringResponse(val name: String) diff --git a/frontend/client/src/mock/java/de/amosproj3/ziofa/client/RustClient.kt b/frontend/client/src/mock/java/de/amosproj3/ziofa/client/RustClient.kt index 8805f974..dbd4a611 100644 --- a/frontend/client/src/mock/java/de/amosproj3/ziofa/client/RustClient.kt +++ b/frontend/client/src/mock/java/de/amosproj3/ziofa/client/RustClient.kt @@ -63,8 +63,8 @@ object RustClient : Client { private val processes = alphabet.indices.map { Process( - pid = Random.nextUInt(1000u).toInt(), - ppid = Random.nextUInt(1000u).toInt(), + pid = Random.nextUInt(1000u), + ppid = Random.nextUInt(1000u), state = "R", cmd = Command.Comm("/bin/sh/${alphabet.substring(it, it + 1)}"), ) @@ -109,6 +109,16 @@ object RustClient : Client { ) ) } + configuration.jniReferences?.pids?.forEach { + emit( + Event.JniReferences( + pid = it, + tid = 1234u, + beginTimeStamp = System.currentTimeMillis().toULong(), + jniMethodName = Event.JniReferences.JniMethodName.AddLocalRef, + ) + ) + } } } diff --git a/frontend/client/src/real/java/de.amosproj3.ziofa.client/RustClient.kt b/frontend/client/src/real/java/de.amosproj3.ziofa.client/RustClient.kt index b21f45a1..da4435ed 100644 --- a/frontend/client/src/real/java/de.amosproj3.ziofa.client/RustClient.kt +++ b/frontend/client/src/real/java/de.amosproj3.ziofa.client/RustClient.kt @@ -11,8 +11,10 @@ import kotlinx.coroutines.flow.map import kotlinx.coroutines.flow.mapNotNull import kotlinx.coroutines.sync.Mutex import kotlinx.coroutines.sync.withLock +import uniffi.client.jniMethodNameFromI32 import uniffi.shared.Cmd import uniffi.shared.EventData +import uniffi.shared.JniMethodName private fun uniffi.shared.Process.into() = Process( @@ -45,6 +47,23 @@ private fun uniffi.shared.Event.into() = fd = d.v1.fd, durationNanoSecs = d.v1.durationNanoSec, ) + is EventData.JniReferences -> + Event.JniReferences( + pid = d.v1.pid, + tid = d.v1.tid, + beginTimeStamp = d.v1.beginTimeStamp, + jniMethodName = + when (jniMethodNameFromI32(d.v1.jniMethodName)) { + JniMethodName.ADD_LOCAL_REF -> Event.JniReferences.JniMethodName.AddLocalRef + JniMethodName.DELETE_LOCAL_REF -> + Event.JniReferences.JniMethodName.DeleteLocalRef + JniMethodName.ADD_GLOBAL_REF -> + Event.JniReferences.JniMethodName.AddGlobalRef + JniMethodName.DELETE_GLOBAL_REF -> + Event.JniReferences.JniMethodName.DeleteGlobalRef + JniMethodName.UNDEFINED -> null + }, + ) null -> null } diff --git a/rust/backend/daemon/src/collector.rs b/rust/backend/daemon/src/collector.rs index 1ed68b08..12e6222d 100644 --- a/rust/backend/daemon/src/collector.rs +++ b/rust/backend/daemon/src/collector.rs @@ -1,4 +1,6 @@ // SPDX-FileCopyrightText: 2024 Felix Hilgers +// SPDX-FileCopyrightText: 2024 Benedikt Zinn +// SPDX-FileCopyrightText: 2024 Robin Seidl // // SPDX-License-Identifier: MIT @@ -12,9 +14,10 @@ use tokio::io::unix::AsyncFd; use tokio::{join, select}; use tonic::Status; use tracing::error; -use backend_common::{SysSendmsgCall, VfsWriteCall}; -use shared::ziofa::{Event, SysSendmsgEvent, VfsWriteEvent}; +use backend_common::{JNICall, JNIMethodName, SysSendmsgCall, VfsWriteCall}; +use shared::ziofa::{Event, JniReferencesEvent, SysSendmsgEvent, VfsWriteEvent}; use shared::ziofa::event::{EventData}; +use shared::ziofa::jni_references_event; pub trait CollectFromMap { const MAP_NAME: &'static str; @@ -23,6 +26,8 @@ pub trait CollectFromMap { } struct VfsWriteCollect; +struct JNICollect; +struct SysSendmsgCollect; impl CollectFromMap for VfsWriteCollect { const MAP_NAME: &'static str = "VFS_WRITE_EVENTS"; @@ -41,7 +46,31 @@ impl CollectFromMap for VfsWriteCollect { } } -struct SysSendmsgCollect; +impl CollectFromMap for JNICollect { + const MAP_NAME: &'static str = "JNI_REF_CALLS"; + + fn convert(item: RingBufItem<'_>) -> Result { + let data = unsafe { &*(item.as_ptr() as *const JNICall) }; + + // manual cast from the ebpf (c rep.) typ to protobuf (rust rep.) type + let jni_method_name = match data.method_name { + JNIMethodName::AddLocalRef => jni_references_event::JniMethodName::AddLocalRef, + JNIMethodName::DeleteLocalRef => jni_references_event::JniMethodName::DeleteLocalRef, + JNIMethodName::AddGlobalRef => jni_references_event::JniMethodName::AddGlobalRef, + JNIMethodName::DeleteGlobalRef => jni_references_event::JniMethodName::DeleteGlobalRef, + }; + + Ok(Event { + event_data: Some(EventData::JniReferences(JniReferencesEvent { + pid: data.pid, + tid: data.tid, + begin_time_stamp: data.begin_time_stamp, + jni_method_name: i32::from(jni_method_name), + })) + }) + } +} + impl CollectFromMap for SysSendmsgCollect { const MAP_NAME: &'static str = "SYS_SENDMSG_EVENTS"; @@ -63,19 +92,22 @@ impl CollectFromMap for SysSendmsgCollect { pub struct MultiCollector { vfs_write: Option>, sys_sendmsg: Option>, + jni_event: Option>, } impl MultiCollector { pub fn from_ebpf(ebpf: &mut Ebpf) -> Result { let vfs_write = Collector::::from_ebpf(ebpf)?; let sys_sendmsg = Collector::::from_ebpf(ebpf)?; - Ok(Self { vfs_write: Some(vfs_write), sys_sendmsg: Some(sys_sendmsg) }) + let jni_collect = Collector::::from_ebpf(ebpf)?; + Ok(Self { vfs_write: Some(vfs_write), sys_sendmsg: Some(sys_sendmsg), jni_event: Some(jni_collect) }) } pub async fn collect(&mut self, tx: Sender>, shutdown: tokio::sync::oneshot::Receiver<()>) -> Result<(), std::io::Error> { let (vfs_write_shutdown_tx, vfs_write_shutdown_rx) = tokio::sync::oneshot::channel(); let (sys_sendmsg_shutdown_tx, sys_sendmsg_shutdown_rx) = tokio::sync::oneshot::channel(); + let (jni_event_shutdown_tx, jni_event_shutdown_rx) = tokio::sync::oneshot::channel(); let cancellation_task = async move { if shutdown.await.is_err() { @@ -87,6 +119,9 @@ impl MultiCollector { if sys_sendmsg_shutdown_tx.send(()).is_err() { error!("Error while cancelling sys_sendmsg collector"); } + if jni_event_shutdown_tx.send(()).is_err() { + error!("Error while cancelling sys_sendmsg collector"); + } }; let vfs_write_tx = tx.clone(); @@ -96,22 +131,31 @@ impl MultiCollector { Ok::<(), std::io::Error>(()) }; - let sys_sendmsg_tx = tx; + let sys_sendmsg_tx = tx.clone(); let mut sys_sendmsg = self.sys_sendmsg.take().expect("sys_sendmsg should be initialized"); let sys_sendmsg_task = async { sys_sendmsg.collect(sys_sendmsg_tx, sys_sendmsg_shutdown_rx).await?; Ok::<(), std::io::Error>(()) }; + + let jni_event_tx = tx; + let mut jni_event = self.jni_event.take().expect("jni_event should be initialized"); + let jni_event_task = async { + jni_event.collect(jni_event_tx, jni_event_shutdown_rx).await?; + Ok::<(), std::io::Error>(()) + }; - let (_, vfs_write_result, sys_sendmsg_result) = join!(cancellation_task, vfs_write_task, sys_sendmsg_task); + let (_, vfs_write_result, sys_sendmsg_result, jni_event_result) = join!(cancellation_task, vfs_write_task, sys_sendmsg_task, jni_event_task); self.vfs_write = Some(vfs_write); self.sys_sendmsg = Some(sys_sendmsg); + self.jni_event = Some(jni_event); // TODO: multiple errors vfs_write_result?; sys_sendmsg_result?; - + jni_event_result?; + Ok(()) } } diff --git a/rust/backend/daemon/src/configuration.rs b/rust/backend/daemon/src/configuration.rs index 1c26cca4..ec64235b 100644 --- a/rust/backend/daemon/src/configuration.rs +++ b/rust/backend/daemon/src/configuration.rs @@ -22,8 +22,3 @@ pub fn save_to_file(config: &Configuration, path: &str) -> io::Result<()> { serde_json::to_writer(writer, config)?; Ok(()) } - -pub fn validate(_config: &Configuration) -> Result<(), io::Error> { - //TODO: Implement this function - Ok(()) -} diff --git a/rust/backend/daemon/src/constants.rs b/rust/backend/daemon/src/constants.rs index 552a35bd..653614d3 100644 --- a/rust/backend/daemon/src/constants.rs +++ b/rust/backend/daemon/src/constants.rs @@ -7,9 +7,7 @@ use std::net::SocketAddr; pub(crate) const DEV_DEFAULT_FILE_PATH: &str = "./ziofa.json"; pub fn sock_addr() -> SocketAddr { - // "learn rust" they said, "it's a great language" they said "[::1]:50051".parse().expect("is valid address") } -// TODO: custom error type for file -pub const OATDUMP_PATH: &str = "/data/local/tmp/dump.json"; \ No newline at end of file +pub const OATDUMP_PATH: &str = "/data/local/tmp/dump.json"; diff --git a/rust/backend/daemon/src/procfs_utils.rs b/rust/backend/daemon/src/procfs_utils.rs index 81eaf0de..08fb82b0 100644 --- a/rust/backend/daemon/src/procfs_utils.rs +++ b/rust/backend/daemon/src/procfs_utils.rs @@ -29,15 +29,15 @@ pub fn list_processes() -> Result { let cmdline = process.cmdline(); match cmdline { Ok(c) if !c.is_empty() => Some(ziofa::Process { - pid: stat.pid, - ppid: stat.ppid, + pid: u32::try_from(stat.pid).unwrap(), + ppid: u32::try_from(stat.ppid).unwrap(), cmd: Some(Cmd::Cmdline(CmdlineData { args: c })), state: stat.state.to_string(), }), // fallback to stat.comm if cmdline is empty _ => Some(ziofa::Process { - pid: stat.pid, - ppid: stat.ppid, + pid: u32::try_from(stat.pid).unwrap(), + ppid: u32::try_from(stat.ppid).unwrap(), cmd: Some(Cmd::Comm(stat.comm)), state: stat.state.to_string(), }), diff --git a/rust/backend/daemon/src/server.rs b/rust/backend/daemon/src/server.rs index ad22a5cc..7ad7cc1f 100644 --- a/rust/backend/daemon/src/server.rs +++ b/rust/backend/daemon/src/server.rs @@ -17,10 +17,7 @@ use crate::{ use async_broadcast::{broadcast, Receiver, Sender}; use aya::Ebpf; use aya_log::EbpfLogger; -use shared::ziofa::{ - Event, GetSymbolsRequest, - PidMessage, StringResponse, Symbol, -}; +use shared::ziofa::{Event, GetSymbolsRequest, PidMessage, StringResponse, Symbol}; use shared::{ config::Configuration, counter::counter_server::CounterServer, @@ -97,9 +94,6 @@ impl Ziofa for ZiofaImpl { ) -> Result, Status> { let config = request.into_inner(); - // TODO: Implement function 'validate' - // TODO: if ? fails needs valid return value for the function so that the server doesn't fail - configuration::validate(&config)?; configuration::save_to_file(&config, constants::DEV_DEFAULT_FILE_PATH)?; let mut ebpf_guard = self.ebpf.lock().await; @@ -171,13 +165,13 @@ impl Ziofa for ZiofaImpl { let odex_file_path = PathBuf::from(odex_file_path_string); let (tx, rx) = mpsc::channel(4); - + let symbol_handler = self.symbol_handler.clone(); tokio::spawn(async move { let mut symbol_handler_guard = symbol_handler.lock().await; - let symbol = match symbol_handler_guard.get_symbols(&odex_file_path).await{ + let symbol = match symbol_handler_guard.get_symbols(&odex_file_path).await { Ok(symbol) => symbol, Err(e) => { tx.send(Err(Status::from(e))) @@ -187,12 +181,12 @@ impl Ziofa for ZiofaImpl { } }; for (symbol, offset) in symbol.iter() { - tx.send(Ok(Symbol{ + tx.send(Ok(Symbol { method: symbol.to_string(), offset: *offset, })) - .await - .expect("Error sending odex file to client"); + .await + .expect("Error sending odex file to client"); } }); diff --git a/rust/backend/ebpf/README.md b/rust/backend/ebpf/README.md index 8480329c..563dea59 100644 --- a/rust/backend/ebpf/README.md +++ b/rust/backend/ebpf/README.md @@ -14,7 +14,7 @@ The maps `_PIDS` are HashMaps that store the pid as key and as value | | type | functions to hook | map | |---------------|------------|------------------------------------------------------------------------------|---------------------------------------------| -| vfs_write | KProbe | `vfs_write`, `vfs_write_ret` | `VFS_WRITE_CALLS` | +| vfs_write | KProbe | `vfs_write`, `vfs_write_ret` | `VFS_WRITE_EVENTS` | | sendmsg | Tracepoint | `sys_enter_sendmsg`, `sys_exit_sendmsg` | `SYS_SENDMSG_CALLS` | | JNIReferences | UProbe | `trace_add_local`, `trace_del_local`, `trace_add_global`, `trace_del_global` | `JNI_REF_CALLS`, `JNI_REF_PIDS` | | ... | ... | ... | ... | diff --git a/rust/backend/ebpf/src/jni_references.rs b/rust/backend/ebpf/src/jni_references.rs index 5b07cb86..55720fef 100644 --- a/rust/backend/ebpf/src/jni_references.rs +++ b/rust/backend/ebpf/src/jni_references.rs @@ -27,13 +27,6 @@ fn handle_trace(ctx: ProbeContext, method: JNIMethodName) -> u32 { return 0; } - let call = JNICall { - pid, - tid, - begin_time_stamp: time_stamp, - method_name: method, - }; - let mut entry = match JNI_REF_CALLS.reserve::(0) { Some(entry) => entry, None => { @@ -42,7 +35,16 @@ fn handle_trace(ctx: ProbeContext, method: JNIMethodName) -> u32 { } }; - entry.write(call); + let entry_mut = entry.as_mut_ptr(); + + unsafe { + (&raw mut (*entry_mut).pid).write(pid); + (&raw mut (*entry_mut).pid).write(pid); + (&raw mut (*entry_mut).tid).write(tid); + (&raw mut (*entry_mut).begin_time_stamp).write(time_stamp); + (&raw mut (*entry_mut).method_name).write(method); + } + entry.submit(0); 0 diff --git a/rust/backend/ebpf/src/sys_sendmsg.rs b/rust/backend/ebpf/src/sys_sendmsg.rs index e2a5e2d7..a1151d9f 100644 --- a/rust/backend/ebpf/src/sys_sendmsg.rs +++ b/rust/backend/ebpf/src/sys_sendmsg.rs @@ -2,6 +2,7 @@ // // SPDX-License-Identifier: MIT + use aya_ebpf::{macros::{tracepoint, map}, maps::{HashMap, RingBuf}, programs::{TracePointContext}, EbpfContext, helpers::gen::bpf_ktime_get_ns}; use aya_log_ebpf::error; use backend_common::{generate_id, SysSendmsgCall}; @@ -59,9 +60,8 @@ pub fn sys_exit_sendmsg(ctx: TracePointContext) -> u32 { Some(duration) => duration, }; - - let tgid = ctx.tgid(); - let call_id = generate_id(pid, tgid); + let tid = ctx.tgid(); + let call_id = generate_id(pid, tid); let data = match unsafe { SYS_SENDMSG_TIMESTAMPS.get(&call_id) } { None => {return 1} Some(entry) => {entry} @@ -74,19 +74,25 @@ pub fn sys_exit_sendmsg(ctx: TracePointContext) -> u32 { return 0; } - let result_data = SysSendmsgCall::new(pid, tgid, data.begin_time_stamp, data.fd, duration_nano_sec); - let mut entry = match SYS_SENDMSG_EVENTS.reserve::(0) { Some(entry) => entry, None => { - error!(&ctx, "could not reserve space in SYS_SENDMSG_MAP"); + error!(&ctx, "could not reserve space in map: SYS_SENDMSG_CALLS"); return 1; } }; - entry.write(result_data); - entry.submit(0); + let entry_mut = entry.as_mut_ptr(); + unsafe { + (&raw mut (*entry_mut).pid).write(pid); + (&raw mut (*entry_mut).tid).write(tid); + (&raw mut (*entry_mut).begin_time_stamp).write(data.begin_time_stamp); + (&raw mut (*entry_mut).fd).write(data.fd); + (&raw mut (*entry_mut).duration_nano_sec).write(duration_nano_sec); + } + + entry.submit(0); 0 } diff --git a/rust/backend/ebpf/src/vfs_write.rs b/rust/backend/ebpf/src/vfs_write.rs index 78a17aeb..651daa4c 100644 --- a/rust/backend/ebpf/src/vfs_write.rs +++ b/rust/backend/ebpf/src/vfs_write.rs @@ -2,6 +2,7 @@ // // SPDX-License-Identifier: MIT + use aya_ebpf::{ macros::{kprobe, map, kretprobe}, maps::{HashMap, RingBuf}, @@ -75,8 +76,8 @@ pub fn vfs_write_ret(ctx: RetProbeContext) -> Result<(), u32> { Some(duration) => duration, }; - let tgid = ctx.tgid(); - let call_id = generate_id(pid, tgid); + let tid = ctx.tgid(); + let call_id = generate_id(pid, tid); let data = match unsafe { VFS_WRITE_TIMESTAMPS.get(&call_id) } { None => {return Err(0)} Some(entry) => {entry} @@ -88,17 +89,24 @@ pub fn vfs_write_ret(ctx: RetProbeContext) -> Result<(), u32> { return Ok(()); } - let data = VfsWriteCall::new(pid, tgid, data.begin_time_stamp, data.fp, data.bytes_written); - let mut entry = match VFS_WRITE_EVENTS.reserve::(0) { Some(entry) => entry, None => { - error!(&ctx, "could not reserve space in VFS_WRITE_MAP"); + error!(&ctx, "could not reserve space in map: VFS_WRITE_EVENTS"); return Err(0) }, }; - entry.write(data); + let entry_mut = entry.as_mut_ptr(); + + unsafe { + (&raw mut (*entry_mut).pid).write(pid); + (&raw mut (*entry_mut).tid).write(tid); + (&raw mut (*entry_mut).begin_time_stamp).write(data.begin_time_stamp); + (&raw mut (*entry_mut).fp).write(data.fp); + (&raw mut (*entry_mut).bytes_written).write(data.bytes_written); + } + entry.submit(0); diff --git a/rust/client/src/bindings.rs b/rust/client/src/bindings.rs index bce060f8..24ea894f 100644 --- a/rust/client/src/bindings.rs +++ b/rust/client/src/bindings.rs @@ -9,6 +9,7 @@ use shared::{config::Configuration, ziofa::Process}; use tokio::sync::Mutex; use tokio_stream::{Stream, StreamExt}; use shared::ziofa::{Event, StringResponse, Symbol}; +use shared::ziofa::jni_references_event::JniMethodName; type Result = core::result::Result; @@ -171,3 +172,8 @@ impl Client { Ok(SymbolStream(Mutex::new(Box::pin(stream)))) } } + +#[uniffi::export] +pub fn jni_method_name_from_i32(num: i32) -> JniMethodName { + JniMethodName::try_from(num).unwrap() +} \ No newline at end of file diff --git a/rust/shared/build.rs b/rust/shared/build.rs index f8a751c3..14b2c133 100644 --- a/rust/shared/build.rs +++ b/rust/shared/build.rs @@ -21,6 +21,7 @@ static UNIFFI_RECORDS: LazyLock> = LazyLock::new(|| { "Event", "VfsWriteEvent", "SysSendmsgEvent", + "JniReferencesEvent", "VfsWriteConfig", "SysSendmsgConfig", "JniReferencesConfig", @@ -35,7 +36,7 @@ static UNIFFI_RECORDS: LazyLock> = LazyLock::new(|| { static UNIFFI_ENUMS: LazyLock> = LazyLock::new(|| { if cfg!(feature = "uniffi") { - vec!["Process.cmd", "Event.event_data"] + vec!["Process.cmd", "Event.event_data", "JniReferencesEvent.JniMethodName"] } else { vec![] } diff --git a/rust/shared/proto/config.proto b/rust/shared/proto/config.proto index 20a232be..74635dcb 100644 --- a/rust/shared/proto/config.proto +++ b/rust/shared/proto/config.proto @@ -14,7 +14,7 @@ message UprobeConfig { string fn_name = 1; uint64 offset = 2; // offset of the aya attach function string target = 3; // target of the aya attach function - optional int32 pid = 4; // pid of the aya attach function + optional uint32 pid = 4; // pid of the aya attach function } message Configuration { diff --git a/rust/shared/proto/ziofa.proto b/rust/shared/proto/ziofa.proto index 11d8bc7f..a4a571de 100644 --- a/rust/shared/proto/ziofa.proto +++ b/rust/shared/proto/ziofa.proto @@ -50,8 +50,8 @@ message ProcessList { } message Process { - int32 pid = 1; - int32 ppid = 2; + uint32 pid = 1; + uint32 ppid = 2; oneof cmd { CmdlineData cmdline = 3; string comm = 4; @@ -68,6 +68,7 @@ message Event { oneof event_data { VfsWriteEvent vfs_write = 1; SysSendmsgEvent sys_sendmsg = 2; + JniReferencesEvent jni_references = 3; } } @@ -86,3 +87,18 @@ message SysSendmsgEvent { uint64 fd = 4; uint64 duration_nano_sec = 5; } + +message JniReferencesEvent { + enum JniMethodName { + Undefined = 0; + AddLocalRef = 1; + DeleteLocalRef = 2; + AddGlobalRef = 3; + DeleteGlobalRef = 4; + } + uint32 pid = 1; + uint32 tid = 2; + uint64 begin_time_stamp = 3; + JniMethodName jni_method_name = 4; +} +