signature=("int", ( ("const char *", "pathname"), ("uid_t", "owner"), ("gid_t", "group"), )), format=lambda args: format_change_owner(args[0], args[1], args[2]), ), SyscallFilter( name="fchown", signature=("int", ( ("int", "fd"), ("uid_t", "owner"), ("gid_t", "group"), )), format=lambda args: format_change_owner( get_file_descriptor_path(args[0]), args[1], args[2]), ), SyscallFilter( name="lchown", signature=("int", ( ("const char *", "pathname"), ("uid_t", "owner"), ("gid_t", "group"), )), format=lambda args: format_change_owner(args[0], args[1], args[2]), ), SyscallFilter( name="fchownat", signature=("int", ( ("int", "dirfd"), ("const char *", "pathname"),
from os.path import abspath from maybe import SyscallFilter, SYSCALL_FILTERS, T from maybe.utilities import format_permissions from maybe.filters.create_write_file import get_file_descriptor_path def format_change_permissions(path, permissions): return "%s of %s to %s" % (T.yellow("change permissions"), T.underline(abspath(path)), T.bold(format_permissions(permissions))) SYSCALL_FILTERS["change_permissions"] = [ SyscallFilter( name="chmod", signature=("int", (("const char *", "pathname"), ("mode_t", "mode"),)), format=lambda args: format_change_permissions(args[0], args[1]), ), SyscallFilter( name="fchmod", signature=("int", (("int", "fd"), ("mode_t", "mode"),)), format=lambda args: format_change_permissions(get_file_descriptor_path(args[0]), args[1]), ), SyscallFilter( name="fchmodat", signature=("int", (("int", "dirfd"), ("const char *", "pathname"), ("mode_t", "mode"), ("int", "flags"),)), format=lambda args: format_change_permissions(args[1], args[2]), ), ]
if owner == -1: label = "change group" owner = getgrgid(group)[0] elif group == -1: label = "change owner" owner = getpwuid(owner)[0] else: label = "change owner" owner = getpwuid(owner)[0] + ":" + getgrgid(group)[0] return "%s of %s to %s" % (T.yellow(label), T.underline(path), T.bold(owner)) SYSCALL_FILTERS["change_owner"] = [ SyscallFilter( syscall="chown", format=lambda pid, args: format_change_owner(get_full_path(pid, args[0]), args[1], args[2]), ), SyscallFilter( syscall="fchown", format=lambda pid, args: format_change_owner(get_file_descriptor_path(args[0]), args[1], args[2]), ), SyscallFilter( syscall="lchown", format=lambda pid, args: format_change_owner(get_full_path(pid, args[0]), args[1], args[2]), ), SyscallFilter( syscall="fchownat", format=lambda pid, args: format_change_owner(get_full_path(pid, args[1], args[0]), args[2], args[3]), ), ]