From c4c6539cd9916d287bbdd1683cb357e3ab7922a1 Mon Sep 17 00:00:00 2001 From: Mr-Kanister <68117355+Mr-Kanister@users.noreply.github.com> Date: Tue, 7 Jan 2025 15:41:16 +0100 Subject: [PATCH] Implement collector for SysSigquit feature Signed-off-by: Mr-Kanister <68117355+Mr-Kanister@users.noreply.github.com> --- .../configuration/LocalConfigurationAccess.kt | 2 ++ .../bl/configuration/ConfigDiffHelpers.kt | 9 ++++++++ .../bl/configuration/ConfigurationManager.kt | 6 +++++- .../ziofa/ui/shared/ConfigurationHelpers.kt | 9 ++++++++ .../java/de/amosproj3/ziofa/client/Client.kt | 10 +++++++++ .../de/amosproj3/ziofa/client/RustClient.kt | 11 ++++++++++ .../de.amosproj3.ziofa.client/RustClient.kt | 9 ++++++++ rust/backend/daemon/src/collector/mod.rs | 21 +++++++++++++++---- .../daemon/src/collector/supervisor.rs | 4 +++- rust/shared/build.rs | 1 + rust/shared/proto/ziofa.proto | 7 +++++++ 11 files changed, 83 insertions(+), 6 deletions(-) diff --git a/frontend/app/src/main/java/de/amosproj3/ziofa/api/configuration/LocalConfigurationAccess.kt b/frontend/app/src/main/java/de/amosproj3/ziofa/api/configuration/LocalConfigurationAccess.kt index b167e98d..4ceb0bba 100644 --- a/frontend/app/src/main/java/de/amosproj3/ziofa/api/configuration/LocalConfigurationAccess.kt +++ b/frontend/app/src/main/java/de/amosproj3/ziofa/api/configuration/LocalConfigurationAccess.kt @@ -7,6 +7,7 @@ package de.amosproj3.ziofa.api.configuration import de.amosproj3.ziofa.client.JniReferencesConfig import de.amosproj3.ziofa.client.SysSendmsgConfig +import de.amosproj3.ziofa.client.SysSigquitConfig import de.amosproj3.ziofa.client.UprobeConfig import de.amosproj3.ziofa.client.VfsWriteConfig import kotlinx.coroutines.flow.Flow @@ -35,6 +36,7 @@ interface LocalConfigurationAccess { sendMessageFeature: SysSendmsgConfig? = null, uprobesFeature: List? = listOf(), jniReferencesFeature: JniReferencesConfig? = null, + sysSigquitFeature: SysSigquitConfig? = null, ) /** Submit the local configuration to the backend. */ diff --git a/frontend/app/src/main/java/de/amosproj3/ziofa/bl/configuration/ConfigDiffHelpers.kt b/frontend/app/src/main/java/de/amosproj3/ziofa/bl/configuration/ConfigDiffHelpers.kt index a68a5153..be706de4 100644 --- a/frontend/app/src/main/java/de/amosproj3/ziofa/bl/configuration/ConfigDiffHelpers.kt +++ b/frontend/app/src/main/java/de/amosproj3/ziofa/bl/configuration/ConfigDiffHelpers.kt @@ -6,6 +6,7 @@ package de.amosproj3.ziofa.bl.configuration import de.amosproj3.ziofa.client.JniReferencesConfig import de.amosproj3.ziofa.client.SysSendmsgConfig +import de.amosproj3.ziofa.client.SysSigquitConfig import de.amosproj3.ziofa.client.UprobeConfig import de.amosproj3.ziofa.client.VfsWriteConfig @@ -50,3 +51,11 @@ fun JniReferencesConfig?.updatePIDs( val config = this ?: JniReferencesConfig(listOf()) return config.copy(pids = config.pids.plus(pidsToAdd).minus(pidsToRemove.toSet())) } + +fun SysSigquitConfig?.updatePIDs( + pidsToAdd: List = listOf(), + pidsToRemove: List = listOf(), +): SysSigquitConfig { + val config = this ?: SysSigquitConfig(listOf()) + return config.copy(pids = config.pids.plus(pidsToAdd).minus(pidsToRemove.toSet())) +} diff --git a/frontend/app/src/main/java/de/amosproj3/ziofa/bl/configuration/ConfigurationManager.kt b/frontend/app/src/main/java/de/amosproj3/ziofa/bl/configuration/ConfigurationManager.kt index 85f4f737..5b3fe0c4 100644 --- a/frontend/app/src/main/java/de/amosproj3/ziofa/bl/configuration/ConfigurationManager.kt +++ b/frontend/app/src/main/java/de/amosproj3/ziofa/bl/configuration/ConfigurationManager.kt @@ -14,6 +14,7 @@ import de.amosproj3.ziofa.client.ClientFactory import de.amosproj3.ziofa.client.Configuration import de.amosproj3.ziofa.client.JniReferencesConfig import de.amosproj3.ziofa.client.SysSendmsgConfig +import de.amosproj3.ziofa.client.SysSigquitConfig import de.amosproj3.ziofa.client.UprobeConfig import de.amosproj3.ziofa.client.VfsWriteConfig import de.amosproj3.ziofa.ui.shared.merge @@ -66,6 +67,7 @@ class ConfigurationManager(val clientFactory: ClientFactory) : sendMessageFeature: SysSendmsgConfig?, uprobesFeature: List?, jniReferencesFeature: JniReferencesConfig?, + sysSigquitFeature: SysSigquitConfig?, ) { _localConfiguration.update { prev -> Timber.e("changeFeatureConfigurationForPIDs.prev $prev") @@ -84,6 +86,7 @@ class ConfigurationManager(val clientFactory: ClientFactory) : sysSendmsg = previousConfiguration.merge(sendMessageFeature, enable), uprobes = previousConfiguration.merge(uprobesFeature, enable), jniReferences = previousConfiguration.merge(jniReferencesFeature, enable), + sysSigquit = previousConfiguration.merge(sysSigquitFeature, enable), ) .also { Timber.i("new local configuration = $it") } .let { ConfigurationUpdate.Valid(it) } @@ -102,7 +105,7 @@ class ConfigurationManager(val clientFactory: ClientFactory) : override fun reset() { runBlocking { - client?.setConfiguration(Configuration(null, null, listOf(), null)) + client?.setConfiguration(Configuration(null, null, listOf(), null, null)) updateBothConfigurations(getFromBackend()) } } @@ -129,6 +132,7 @@ class ConfigurationManager(val clientFactory: ClientFactory) : sysSendmsg = null, uprobes = listOf(), jniReferences = null, + sysSigquit = null, ) ) ConfigurationUpdate.Valid(client!!.getConfiguration()) diff --git a/frontend/app/src/main/java/de/amosproj3/ziofa/ui/shared/ConfigurationHelpers.kt b/frontend/app/src/main/java/de/amosproj3/ziofa/ui/shared/ConfigurationHelpers.kt index 3e14752b..479d8a6a 100644 --- a/frontend/app/src/main/java/de/amosproj3/ziofa/ui/shared/ConfigurationHelpers.kt +++ b/frontend/app/src/main/java/de/amosproj3/ziofa/ui/shared/ConfigurationHelpers.kt @@ -9,6 +9,7 @@ import de.amosproj3.ziofa.bl.configuration.updateUProbes import de.amosproj3.ziofa.client.Configuration import de.amosproj3.ziofa.client.JniReferencesConfig import de.amosproj3.ziofa.client.SysSendmsgConfig +import de.amosproj3.ziofa.client.SysSigquitConfig import de.amosproj3.ziofa.client.UprobeConfig import de.amosproj3.ziofa.client.VfsWriteConfig @@ -43,3 +44,11 @@ fun Configuration.merge(jniReferencesConfig: JniReferencesConfig?, enable: Boole pidsToRemove = if (!enable) requestedChanges.pids else listOf(), ) } ?: this.jniReferences + +fun Configuration.merge(sysSigquitConfig: SysSigquitConfig?, enable: Boolean) = + sysSigquitConfig?.let { requestedChanges -> + this.sysSigquit.updatePIDs( + pidsToAdd = if (enable) requestedChanges.pids else listOf(), + pidsToRemove = if (!enable) requestedChanges.pids else listOf(), + ) + } ?: this.sysSigquit diff --git a/frontend/client/src/main/java/de/amosproj3/ziofa/client/Client.kt b/frontend/client/src/main/java/de/amosproj3/ziofa/client/Client.kt index 70e45182..9b3cffbe 100644 --- a/frontend/client/src/main/java/de/amosproj3/ziofa/client/Client.kt +++ b/frontend/client/src/main/java/de/amosproj3/ziofa/client/Client.kt @@ -12,6 +12,7 @@ data class Configuration( val sysSendmsg: SysSendmsgConfig?, val uprobes: List, val jniReferences: JniReferencesConfig?, + val sysSigquit: SysSigquitConfig?, ) data class VfsWriteConfig(val entries: Map) @@ -22,6 +23,8 @@ data class UprobeConfig(val fnName: String, val offset: ULong, var target: Strin data class JniReferencesConfig(val pids: List) +data class SysSigquitConfig(val pids: List) + sealed class Event { data class VfsWrite( val pid: UInt, @@ -52,6 +55,13 @@ sealed class Event { DeleteGlobalRef, } } + + data class SysSigquit( + val pid: UInt, + val tid: UInt, + val timeStamp: ULong, + val targetPid: ULong, + ) : Event() } data class Process(val pid: UInt, val ppid: UInt, val state: String, val cmd: Command?) diff --git a/frontend/client/src/mock/java/de/amosproj3/ziofa/client/RustClient.kt b/frontend/client/src/mock/java/de/amosproj3/ziofa/client/RustClient.kt index 64327c0b..4364c196 100644 --- a/frontend/client/src/mock/java/de/amosproj3/ziofa/client/RustClient.kt +++ b/frontend/client/src/mock/java/de/amosproj3/ziofa/client/RustClient.kt @@ -21,6 +21,7 @@ object RustClient : Client { sysSendmsg = SysSendmsgConfig(mapOf(1234u to 30000u, 43124u to 20000u)), uprobes = listOf(), jniReferences = JniReferencesConfig(pids = listOf()), + sysSigquit = SysSigquitConfig(pids = listOf()), ) override suspend fun serverCount(): Flow = flow { @@ -119,6 +120,16 @@ object RustClient : Client { ) ) } + configuration.sysSigquit?.pids?.forEach { + emit( + Event.SysSigquit( + pid = it, + tid = 1234u, + timeStamp = 12312412u, + targetPid = 12874u, + ) + ) + } } } diff --git a/frontend/client/src/real/java/de.amosproj3.ziofa.client/RustClient.kt b/frontend/client/src/real/java/de.amosproj3.ziofa.client/RustClient.kt index 566803a0..3b75e787 100644 --- a/frontend/client/src/real/java/de.amosproj3.ziofa.client/RustClient.kt +++ b/frontend/client/src/real/java/de.amosproj3.ziofa.client/RustClient.kt @@ -64,6 +64,13 @@ private fun uniffi.shared.Event.into() = JniMethodName.UNDEFINED -> null }, ) + is EventData.SysSigquit -> + Event.SysSigquit( + pid = d.v1.pid, + tid = d.v1.tid, + timeStamp = d.v1.timeStamp, + targetPid = d.v1.targetPid, + ) null -> null } @@ -81,6 +88,7 @@ private fun uniffi.shared.Configuration.into() = ) }, jniReferences = jniReferences?.let { JniReferencesConfig(pids = it.pids) }, + sysSigquit = sysSigquit?.let { SysSigquitConfig(pids = it.pids) }, ) private fun Configuration.into() = @@ -97,6 +105,7 @@ private fun Configuration.into() = ) }, jniReferences = jniReferences?.let { uniffi.shared.JniReferencesConfig(it.pids) }, + sysSigquit = sysSigquit?.let { uniffi.shared.SysSigquitConfig(it.pids) }, ) private fun uniffi.shared.StringResponse.into() = StringResponse(name) diff --git a/rust/backend/daemon/src/collector/mod.rs b/rust/backend/daemon/src/collector/mod.rs index e11eebd6..d25c752d 100644 --- a/rust/backend/daemon/src/collector/mod.rs +++ b/rust/backend/daemon/src/collector/mod.rs @@ -4,10 +4,10 @@ // // SPDX-License-Identifier: MIT -use backend_common::{JNICall, JNIMethodName, SysSendmsgCall, VfsWriteCall}; -use shared::ziofa::{Event, JniReferencesEvent, SysSendmsgEvent, VfsWriteEvent}; -use shared::ziofa::event::{EventData}; -use shared::ziofa::jni_references_event::{JniMethodName}; +use backend_common::{JNICall, JNIMethodName, SysSendmsgCall, VfsWriteCall, SysSigquitCall}; +use shared::ziofa::{Event, JniReferencesEvent, SysSendmsgEvent, VfsWriteEvent, SysSigquitEvent}; +use shared::ziofa::event::EventData; +use shared::ziofa::jni_references_event::JniMethodName; mod ring_buf; mod supervisor; mod event_dipatcher; @@ -63,4 +63,17 @@ impl IntoEvent for JNICall { })) } } +} + +impl IntoEvent for SysSigquitCall { + fn into_event(self) -> Event { + Event { + event_data: Some(EventData::SysSigquit(SysSigquitEvent { + pid: self.pid, + tid: self.tid, + time_stamp: self.time_stamp, + target_pid: self.target_pid, + })) + } + } } \ No newline at end of file diff --git a/rust/backend/daemon/src/collector/supervisor.rs b/rust/backend/daemon/src/collector/supervisor.rs index 6cead8f6..c36ad0e3 100644 --- a/rust/backend/daemon/src/collector/supervisor.rs +++ b/rust/backend/daemon/src/collector/supervisor.rs @@ -21,6 +21,7 @@ enum CollectorT { VfsWrite, SysSendmsg, JniCall, + SysSigquit, } pub struct CollectorSupervisor; @@ -48,7 +49,7 @@ impl CollectorRefs { self.collectors.remove(cell) } async fn start_all(&mut self, registry: &EbpfEventRegistry, event_actor: &ActorRef, supervisor: &ActorCell) -> Result<(), ActorProcessingErr> { - for who in [CollectorT::VfsWrite, CollectorT::SysSendmsg, CollectorT::JniCall] { + for who in [CollectorT::VfsWrite, CollectorT::SysSendmsg, CollectorT::JniCall, CollectorT::SysSigquit] { self.start(who, registry, event_actor, supervisor).await?; } Ok(()) @@ -58,6 +59,7 @@ impl CollectorRefs { CollectorT::VfsWrite => start_collector(registry.vfs_write_events.clone(), event_actor.clone(), supervisor.clone()).await?, CollectorT::SysSendmsg => start_collector(registry.sys_sendmsg_events.clone(), event_actor.clone(), supervisor.clone()).await?, CollectorT::JniCall => start_collector(registry.jni_ref_calls.clone(), event_actor.clone(), supervisor.clone()).await?, + CollectorT::SysSigquit => start_collector(registry.sys_sigquit_events.clone(), event_actor.clone(), supervisor.clone()).await?, }; self.collectors.insert(actor_ref.get_cell(), who); Ok(()) diff --git a/rust/shared/build.rs b/rust/shared/build.rs index 9abf2f7b..b4c85014 100644 --- a/rust/shared/build.rs +++ b/rust/shared/build.rs @@ -22,6 +22,7 @@ static UNIFFI_RECORDS: LazyLock> = LazyLock::new(|| { "VfsWriteEvent", "SysSendmsgEvent", "JniReferencesEvent", + "SysSigquitEvent", "VfsWriteConfig", "SysSendmsgConfig", "JniReferencesConfig", diff --git a/rust/shared/proto/ziofa.proto b/rust/shared/proto/ziofa.proto index b8556b36..9bb0eb57 100644 --- a/rust/shared/proto/ziofa.proto +++ b/rust/shared/proto/ziofa.proto @@ -70,6 +70,7 @@ message Event { VfsWriteEvent vfs_write = 1; SysSendmsgEvent sys_sendmsg = 2; JniReferencesEvent jni_references = 3; + SysSigquitEvent sys_sigquit = 4; } } @@ -103,3 +104,9 @@ message JniReferencesEvent { JniMethodName jni_method_name = 4; } +message SysSigquitEvent { + uint32 pid = 1; + uint32 tid = 2; + uint64 time_stamp = 3; + uint64 target_pid = 4; +} \ No newline at end of file