Skip to content

Commit bbabdca

Browse files
ovalentiovalenti
committed
Implement userland
missing user/group mapping to string representation
1 parent a7d0dba commit bbabdca

2 files changed

Lines changed: 68 additions & 1 deletion

File tree

fact/src/bpf/mod.rs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -155,7 +155,8 @@ impl Bpf {
155155
fn load_progs(&mut self, btf: &Btf) -> anyhow::Result<()> {
156156
self.load_lsm_prog("trace_file_open", "file_open", btf)?;
157157
self.load_lsm_prog("trace_path_unlink", "path_unlink", btf)?;
158-
self.load_lsm_prog("trace_path_chmod", "path_chmod", btf)
158+
self.load_lsm_prog("trace_path_chmod", "path_chmod", btf)?;
159+
self.load_lsm_prog("trace_path_chown", "path_chown", btf)
159160
}
160161

161162
fn attach_progs(&mut self) -> anyhow::Result<()> {

fact/src/event/mod.rs

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,7 @@ impl Event {
6868
FileData::Creation(data) => &data.inode,
6969
FileData::Unlink(data) => &data.inode,
7070
FileData::Chmod(data) => &data.file.inode,
71+
FileData::Chown(data) => &data.file.inode,
7172
}
7273
}
7374

@@ -77,6 +78,7 @@ impl Event {
7778
FileData::Creation(data) => data.host_file = host_path,
7879
FileData::Unlink(data) => data.host_file = host_path,
7980
FileData::Chmod(data) => data.file.host_file = host_path,
81+
FileData::Chown(data) => data.file.host_file = host_path,
8082
}
8183
}
8284
}
@@ -131,6 +133,7 @@ pub enum FileData {
131133
Creation(BaseFileData),
132134
Unlink(BaseFileData),
133135
Chmod(ChmodFileData),
136+
Chown(ChownFileData),
134137
}
135138

136139
impl FileData {
@@ -153,6 +156,16 @@ impl FileData {
153156
};
154157
FileData::Chmod(data)
155158
}
159+
file_activity_type_t::FILE_ACTIVITY_CHOWN => {
160+
let data = ChownFileData {
161+
file: inner,
162+
new_uid: unsafe { extra_data.chown.new.uid },
163+
new_gid: unsafe { extra_data.chown.new.gid },
164+
old_uid: unsafe { extra_data.chown.old.uid },
165+
old_gid: unsafe { extra_data.chown.old.gid },
166+
};
167+
FileData::Chown(data)
168+
}
156169
invalid => unreachable!("Invalid event type: {invalid:?}"),
157170
};
158171

@@ -182,6 +195,10 @@ impl From<FileData> for fact_api::file_activity::File {
182195
let f_act = fact_api::FilePermissionChange::from(event);
183196
fact_api::file_activity::File::Permission(f_act)
184197
}
198+
FileData::Chown(event) => {
199+
let f_act = fact_api::FileOwnershipChange::from(event);
200+
fact_api::file_activity::File::Ownership(f_act)
201+
}
185202
}
186203
}
187204
}
@@ -271,3 +288,52 @@ impl From<ChmodFileData> for fact_api::FilePermissionChange {
271288
}
272289
}
273290
}
291+
292+
#[derive(Debug, Clone, Serialize)]
293+
pub struct ChownFileData {
294+
file: BaseFileData,
295+
new_uid: u32,
296+
new_gid: u32,
297+
old_uid: u32,
298+
old_gid: u32,
299+
}
300+
301+
impl ChownFileData {
302+
pub fn new(
303+
filename: [c_char; PATH_MAX as usize],
304+
inode: inode_key_t,
305+
new_uid: u32,
306+
new_gid: u32,
307+
old_uid: u32,
308+
old_gid: u32,
309+
) -> anyhow::Result<Self> {
310+
let file = BaseFileData::new(filename, inode)?;
311+
312+
Ok(ChownFileData {
313+
file,
314+
new_uid,
315+
new_gid,
316+
old_uid,
317+
old_gid,
318+
})
319+
}
320+
}
321+
impl From<ChownFileData> for fact_api::FileOwnershipChange {
322+
fn from(value: ChownFileData) -> Self {
323+
let ChownFileData {
324+
file,
325+
new_uid,
326+
new_gid,
327+
old_uid: _,
328+
old_gid: _,
329+
} = value;
330+
let activity = fact_api::FileActivityBase::from(file);
331+
fact_api::FileOwnershipChange {
332+
activity: Some(activity),
333+
uid: new_uid,
334+
gid: new_gid,
335+
username: "".to_string(),
336+
group: "".to_string(),
337+
}
338+
}
339+
}

0 commit comments

Comments
 (0)