Implement collector for SysSigquit feature

Signed-off-by: Mr-Kanister <[email protected]>
amosproj · Jan 7, 2025 · c4c6539 · c4c6539
1 parent bd18cba
commit c4c6539
Show file tree

Hide file tree

Showing 11 changed files with 83 additions and 6 deletions.
diff --git a/frontend/app/src/main/java/de/amosproj3/ziofa/api/configuration/LocalConfigurationAccess.kt b/frontend/app/src/main/java/de/amosproj3/ziofa/api/configuration/LocalConfigurationAccess.kt
@@ -7,6 +7,7 @@ package de.amosproj3.ziofa.api.configuration
 
 import de.amosproj3.ziofa.client.JniReferencesConfig
 import de.amosproj3.ziofa.client.SysSendmsgConfig
+import de.amosproj3.ziofa.client.SysSigquitConfig
 import de.amosproj3.ziofa.client.UprobeConfig
 import de.amosproj3.ziofa.client.VfsWriteConfig
 import kotlinx.coroutines.flow.Flow
@@ -35,6 +36,7 @@ interface LocalConfigurationAccess {
         sendMessageFeature: SysSendmsgConfig? = null,
         uprobesFeature: List<UprobeConfig>? = listOf(),
         jniReferencesFeature: JniReferencesConfig? = null,
+        sysSigquitFeature: SysSigquitConfig? = null,
     )
 
     /** Submit the local configuration to the backend. */

diff --git a/frontend/app/src/main/java/de/amosproj3/ziofa/bl/configuration/ConfigDiffHelpers.kt b/frontend/app/src/main/java/de/amosproj3/ziofa/bl/configuration/ConfigDiffHelpers.kt
@@ -6,6 +6,7 @@ package de.amosproj3.ziofa.bl.configuration
 
 import de.amosproj3.ziofa.client.JniReferencesConfig
 import de.amosproj3.ziofa.client.SysSendmsgConfig
+import de.amosproj3.ziofa.client.SysSigquitConfig
 import de.amosproj3.ziofa.client.UprobeConfig
 import de.amosproj3.ziofa.client.VfsWriteConfig
 
@@ -50,3 +51,11 @@ fun JniReferencesConfig?.updatePIDs(
     val config = this ?: JniReferencesConfig(listOf())
     return config.copy(pids = config.pids.plus(pidsToAdd).minus(pidsToRemove.toSet()))
 }
+
+fun SysSigquitConfig?.updatePIDs(
+    pidsToAdd: List<UInt> = listOf(),
+    pidsToRemove: List<UInt> = listOf(),
+): SysSigquitConfig {
+    val config = this ?: SysSigquitConfig(listOf())
+    return config.copy(pids = config.pids.plus(pidsToAdd).minus(pidsToRemove.toSet()))
+}
diff --git a/frontend/app/src/main/java/de/amosproj3/ziofa/bl/configuration/ConfigurationManager.kt b/frontend/app/src/main/java/de/amosproj3/ziofa/bl/configuration/ConfigurationManager.kt
@@ -14,6 +14,7 @@ import de.amosproj3.ziofa.client.ClientFactory
 import de.amosproj3.ziofa.client.Configuration
 import de.amosproj3.ziofa.client.JniReferencesConfig
 import de.amosproj3.ziofa.client.SysSendmsgConfig
+import de.amosproj3.ziofa.client.SysSigquitConfig
 import de.amosproj3.ziofa.client.UprobeConfig
 import de.amosproj3.ziofa.client.VfsWriteConfig
 import de.amosproj3.ziofa.ui.shared.merge
@@ -66,6 +67,7 @@ class ConfigurationManager(val clientFactory: ClientFactory) :
         sendMessageFeature: SysSendmsgConfig?,
         uprobesFeature: List<UprobeConfig>?,
         jniReferencesFeature: JniReferencesConfig?,
+        sysSigquitFeature: SysSigquitConfig?,
     ) {
         _localConfiguration.update { prev ->
             Timber.e("changeFeatureConfigurationForPIDs.prev $prev")
@@ -84,6 +86,7 @@ class ConfigurationManager(val clientFactory: ClientFactory) :
                         sysSendmsg = previousConfiguration.merge(sendMessageFeature, enable),
                         uprobes = previousConfiguration.merge(uprobesFeature, enable),
                         jniReferences = previousConfiguration.merge(jniReferencesFeature, enable),
+                        sysSigquit = previousConfiguration.merge(sysSigquitFeature, enable),
                     )
                     .also { Timber.i("new local configuration = $it") }
                     .let { ConfigurationUpdate.Valid(it) }
@@ -102,7 +105,7 @@ class ConfigurationManager(val clientFactory: ClientFactory) :
 
     override fun reset() {
         runBlocking {
-            client?.setConfiguration(Configuration(null, null, listOf(), null))
+            client?.setConfiguration(Configuration(null, null, listOf(), null, null))
             updateBothConfigurations(getFromBackend())
         }
     }
@@ -129,6 +132,7 @@ class ConfigurationManager(val clientFactory: ClientFactory) :
                     sysSendmsg = null,
                     uprobes = listOf(),
                     jniReferences = null,
+                    sysSigquit = null,
                 )
             )
             ConfigurationUpdate.Valid(client!!.getConfiguration())

diff --git a/frontend/app/src/main/java/de/amosproj3/ziofa/ui/shared/ConfigurationHelpers.kt b/frontend/app/src/main/java/de/amosproj3/ziofa/ui/shared/ConfigurationHelpers.kt
@@ -9,6 +9,7 @@ import de.amosproj3.ziofa.bl.configuration.updateUProbes
 import de.amosproj3.ziofa.client.Configuration
 import de.amosproj3.ziofa.client.JniReferencesConfig
 import de.amosproj3.ziofa.client.SysSendmsgConfig
+import de.amosproj3.ziofa.client.SysSigquitConfig
 import de.amosproj3.ziofa.client.UprobeConfig
 import de.amosproj3.ziofa.client.VfsWriteConfig
 
@@ -43,3 +44,11 @@ fun Configuration.merge(jniReferencesConfig: JniReferencesConfig?, enable: Boole
             pidsToRemove = if (!enable) requestedChanges.pids else listOf(),
         )
     } ?: this.jniReferences
+
+fun Configuration.merge(sysSigquitConfig: SysSigquitConfig?, enable: Boolean) =
+    sysSigquitConfig?.let { requestedChanges ->
+        this.sysSigquit.updatePIDs(
+            pidsToAdd = if (enable) requestedChanges.pids else listOf(),
+            pidsToRemove = if (!enable) requestedChanges.pids else listOf(),
+        )
+    } ?: this.sysSigquit
diff --git a/frontend/client/src/main/java/de/amosproj3/ziofa/client/Client.kt b/frontend/client/src/main/java/de/amosproj3/ziofa/client/Client.kt
@@ -12,6 +12,7 @@ data class Configuration(
     val sysSendmsg: SysSendmsgConfig?,
     val uprobes: List<UprobeConfig>,
     val jniReferences: JniReferencesConfig?,
+    val sysSigquit: SysSigquitConfig?,
 )
 
 data class VfsWriteConfig(val entries: Map<UInt, ULong>)
@@ -22,6 +23,8 @@ data class UprobeConfig(val fnName: String, val offset: ULong, var target: Strin
 
 data class JniReferencesConfig(val pids: List<UInt>)
 
+data class SysSigquitConfig(val pids: List<UInt>)
+
 sealed class Event {
     data class VfsWrite(
         val pid: UInt,
@@ -52,6 +55,13 @@ sealed class Event {
             DeleteGlobalRef,
         }
     }
+
+    data class SysSigquit(
+        val pid: UInt,
+        val tid: UInt,
+        val timeStamp: ULong,
+        val targetPid: ULong,
+    ) : Event()
 }
 
 data class Process(val pid: UInt, val ppid: UInt, val state: String, val cmd: Command?)

diff --git a/frontend/client/src/mock/java/de/amosproj3/ziofa/client/RustClient.kt b/frontend/client/src/mock/java/de/amosproj3/ziofa/client/RustClient.kt
@@ -21,6 +21,7 @@ object RustClient : Client {
             sysSendmsg = SysSendmsgConfig(mapOf(1234u to 30000u, 43124u to 20000u)),
             uprobes = listOf(),
             jniReferences = JniReferencesConfig(pids = listOf()),
+            sysSigquit = SysSigquitConfig(pids = listOf()),
         )
 
     override suspend fun serverCount(): Flow<UInt> = flow {
@@ -119,6 +120,16 @@ object RustClient : Client {
                     )
                 )
             }
+            configuration.sysSigquit?.pids?.forEach {
+                emit(
+                    Event.SysSigquit(
+                        pid = it,
+                        tid = 1234u,
+                        timeStamp = 12312412u,
+                        targetPid = 12874u,
+                    )
+                )
+            }
         }
     }
 

diff --git a/frontend/client/src/real/java/de.amosproj3.ziofa.client/RustClient.kt b/frontend/client/src/real/java/de.amosproj3.ziofa.client/RustClient.kt
@@ -64,6 +64,13 @@ private fun uniffi.shared.Event.into() =
                         JniMethodName.UNDEFINED -> null
                     },
             )
+        is EventData.SysSigquit ->
+            Event.SysSigquit(
+                pid = d.v1.pid,
+                tid = d.v1.tid,
+                timeStamp = d.v1.timeStamp,
+                targetPid = d.v1.targetPid,
+            )
         null -> null
     }
 
@@ -81,6 +88,7 @@ private fun uniffi.shared.Configuration.into() =
                 )
             },
         jniReferences = jniReferences?.let { JniReferencesConfig(pids = it.pids) },
+        sysSigquit = sysSigquit?.let { SysSigquitConfig(pids = it.pids) },
     )
 
 private fun Configuration.into() =
@@ -97,6 +105,7 @@ private fun Configuration.into() =
                 )
             },
         jniReferences = jniReferences?.let { uniffi.shared.JniReferencesConfig(it.pids) },
+        sysSigquit = sysSigquit?.let { uniffi.shared.SysSigquitConfig(it.pids) },
     )
 
 private fun uniffi.shared.StringResponse.into() = StringResponse(name)

diff --git a/rust/backend/daemon/src/collector/mod.rs b/rust/backend/daemon/src/collector/mod.rs
@@ -4,10 +4,10 @@
 //
 // SPDX-License-Identifier: MIT
 
-use backend_common::{JNICall, JNIMethodName, SysSendmsgCall, VfsWriteCall};
-use shared::ziofa::{Event, JniReferencesEvent, SysSendmsgEvent, VfsWriteEvent};
-use shared::ziofa::event::{EventData};
-use shared::ziofa::jni_references_event::{JniMethodName};
+use backend_common::{JNICall, JNIMethodName, SysSendmsgCall, VfsWriteCall, SysSigquitCall};
+use shared::ziofa::{Event, JniReferencesEvent, SysSendmsgEvent, VfsWriteEvent, SysSigquitEvent};
+use shared::ziofa::event::EventData;
+use shared::ziofa::jni_references_event::JniMethodName;
 mod ring_buf;
 mod supervisor;
 mod event_dipatcher;
@@ -63,4 +63,17 @@ impl IntoEvent for JNICall {
             }))
         }
     }
+}
+
+impl IntoEvent for SysSigquitCall {
+    fn into_event(self) -> Event {
+        Event {
+            event_data: Some(EventData::SysSigquit(SysSigquitEvent {
+                pid: self.pid,
+                tid: self.tid,
+                time_stamp: self.time_stamp,
+                target_pid: self.target_pid,
+            }))
+        }
+    }
 }
diff --git a/rust/backend/daemon/src/collector/supervisor.rs b/rust/backend/daemon/src/collector/supervisor.rs
@@ -21,6 +21,7 @@ enum CollectorT {
     VfsWrite,
     SysSendmsg,
     JniCall,
+    SysSigquit,
 }
 
 pub struct CollectorSupervisor;
@@ -48,7 +49,7 @@ impl CollectorRefs {
         self.collectors.remove(cell)
     }
     async fn start_all(&mut self, registry: &EbpfEventRegistry, event_actor: &ActorRef<Event>, supervisor: &ActorCell) -> Result<(), ActorProcessingErr> {
-        for who in [CollectorT::VfsWrite, CollectorT::SysSendmsg, CollectorT::JniCall] {
+        for who in [CollectorT::VfsWrite, CollectorT::SysSendmsg, CollectorT::JniCall, CollectorT::SysSigquit] {
             self.start(who, registry, event_actor, supervisor).await?;
         }
         Ok(())
@@ -58,6 +59,7 @@ impl CollectorRefs {
             CollectorT::VfsWrite => start_collector(registry.vfs_write_events.clone(), event_actor.clone(), supervisor.clone()).await?,
             CollectorT::SysSendmsg => start_collector(registry.sys_sendmsg_events.clone(), event_actor.clone(), supervisor.clone()).await?,
             CollectorT::JniCall => start_collector(registry.jni_ref_calls.clone(), event_actor.clone(), supervisor.clone()).await?,
+            CollectorT::SysSigquit => start_collector(registry.sys_sigquit_events.clone(), event_actor.clone(), supervisor.clone()).await?,
         };
         self.collectors.insert(actor_ref.get_cell(), who);
         Ok(())

diff --git a/rust/shared/build.rs b/rust/shared/build.rs
@@ -22,6 +22,7 @@ static UNIFFI_RECORDS: LazyLock<Vec<&str>> = LazyLock::new(|| {
             "VfsWriteEvent",
             "SysSendmsgEvent",
             "JniReferencesEvent",
+            "SysSigquitEvent",
             "VfsWriteConfig",
             "SysSendmsgConfig",
             "JniReferencesConfig",

diff --git a/rust/shared/proto/ziofa.proto b/rust/shared/proto/ziofa.proto
@@ -70,6 +70,7 @@ message Event {
         VfsWriteEvent vfs_write = 1;
         SysSendmsgEvent sys_sendmsg = 2;
         JniReferencesEvent jni_references = 3;
+        SysSigquitEvent sys_sigquit = 4;
     }
 }
 
@@ -103,3 +104,9 @@ message JniReferencesEvent {
     JniMethodName jni_method_name = 4;
 }
 
+message SysSigquitEvent {
+    uint32 pid = 1;
+    uint32 tid = 2;
+    uint64 time_stamp = 3;
+    uint64 target_pid = 4;
+}