def need_bookmark(self, event, before=False, after=False):
if before:
syscall = syscalls.event_to_syscall(event)
path = syscalls.get_resource_path(syscall)
if path is not None:
event.path = path
return True
return False
def after_replay(self, graph, event):
if event.is_a(scribe.EventSyscallExtra):
if hasattr(event, 'cwd'):
event.proc.cwd = event.cwd
else:
event.cwd = event.proc.cwd
if hasattr(event, 'root'):
event.proc.root = event.root
else:
event.root = event.proc.root
syscall = syscalls.event_to_syscall(event)
path = syscalls.get_resource_path(syscall)
if path is not None:
event.path = os.path.join(event.cwd, path)
def link_attack_generator(s1, s2):
if (s2.is_a(SYS_open) and fcntl.has_W(s2.flag)) or s2.is_a(SYS_truncate):
key = 'mtime'
elif (s2.is_a(SYS_open) and fcntl.has_R(s2.flag)) or s2.is_a(SYS_execve):
key = 'atime'
elif s2.is_a(SYS_chmod):
key = 'mode'
elif s2.is_a(SYS_chown):
key = 'owner'
elif s2.is_a(SYS_link):
key = 'ino'
else:
assert False, 'The system call is not handled'
return '%s %s' % (syscalls.get_resource_path(s2), key)
def skip_parent_dir_race(resource, node1, node2):
if resource.type not in [scribe.SCRIBE_RES_TYPE_INODE,
scribe.SCRIBE_RES_TYPE_FILES_STRUCT]:
return False
for node in [node1, node2]:
if not node:
return False
if not hasattr(node, 'path'):
syscall = syscalls.event_to_syscall(node)
node.path = syscalls.get_resource_path(syscall)
if not node.path or not os.path.isabs(node.path):
return False
if node1 and node2 and \
os.path.commonprefix([node1.path, node2.path]) not in \
[node1.path, node2.path]:
return True