def handle_write(self, au):
"""syscalls: write, writev"""
ts = get_ts(au)
fd = au.find_field('a0')
subject, pid, _ = get_subject(au)
inode = self.fmap.get_inode(pid, fd)
name = self.fmap.ino2name(inode)
event = Event(ts, subject, self.syscall, self.fmap.get_inode(pid, fd),
name)
self.out_flow.write(event)
def handle_open(self, au):
"""syscalls open"""
ts = get_ts(au)
parsed_log = self.handle_new(au)
if not parsed_log:
return
subject, resource = parsed_log
if not subject:
return None
name = self.fmap.ino2name(resource)
event = Event(ts, subject, self.syscall, resource, name)
#XXX. Are opens necessary to store?
self.in_flow.write(event)
def handle_close(self, au):
"""syscalls open"""
ts = get_ts(au)
fd = au.find_field('a0')
subject, pid, _ = get_subject(au)
#XXX. Delete the fd related to this file.
inode = self.fmap.get_inode(pid, fd)
if not inode:
return
filename = self.fmap.ino2name(inode)
#self.fmap.del_file(pid, fd)
event = Event(ts, subject, self.syscall, inode, filename)
self.out_flow.write(event)