def _network_audit_events(ctx, event, size):
logger.audit('action=%s access=NET_%s family=%s exe=%s' % (
BPFBOX_ACTION(event.action),
NET_ACCESS(event.access),
NET_FAMILY(event.family),
self._format_exe(event.profile_key, event.pid, event.uid),
))
def _ipc_audit_events(ctx, event, size):
logger.audit('action=%s access=IPC_%s exe=%s target=%s' % (
BPFBOX_ACTION(event.action),
IPC_ACCESS(event.access),
self._format_exe(event.profile_key, event.pid, event.uid),
self._format_exe(event.object_profile_key, event.object_pid,
event.object_uid),
))
def _fs_audit_events(ctx, event, size):
logger.audit(
'action=%s access=FS_%s exe=%s st_ino=%d st_dev=%s' % (
BPFBOX_ACTION(event.action),
FS_ACCESS(event.access),
self._format_exe(event.profile_key, event.pid, event.uid),
event.st_ino,
self._format_dev(event.s_id.decode('utf-8'), event.st_dev),
))
def load(self, policy: Policy):
super().load(policy)
state = self.calculate_state_number(policy)
for target in self.target:
Commands.add_ipc_rule(
policy.profile,
target,
IPC_ACCESS.from_list(self.signal),
BPFBOX_ACTION.from_list(self.action),
state,
)
def load(self, policy: Policy):
super().load(policy)
state = self.calculate_state_number(policy)
for family in self.family:
Commands.add_net_rule(
policy.profile,
NET_ACCESS.from_list(self.operation),
NET_FAMILY.from_string(family),
BPFBOX_ACTION.from_list(self.action),
state,
)
def load(self, policy: Policy):
super().load(policy)
state = self.calculate_state_number(policy)
for _file in self.file:
Commands.add_fs_rule(
policy.profile,
_file,
FS_ACCESS.from_list(self.access),
BPFBOX_ACTION.from_list(self.action),
state=state,
)
def append_action(rule):
rule.action |= BPFBOX_ACTION.from_string(toks[0])