From 8e1bf6b26a81dd6f80c7b7ba67b0f73cb61e38df Mon Sep 17 00:00:00 2001 From: yieux Date: Mon, 25 Sep 2023 14:51:59 +0800 Subject: [PATCH 1/4] =?UTF-8?q?=E6=94=AF=E6=8C=81=E5=8F=AF=E6=8B=86?= =?UTF-8?q?=E5=88=86unit=E7=9A=84workflow=E5=9F=BA=E7=A1=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../core/hook_unit/secDetector_hook.c | 1 + .../core/hook_unit/secDetector_hook.h | 2 +- kerneldriver/core/secDetector_manager.c | 13 ++-- kerneldriver/core/secDetector_workflow.c | 20 ++++++ kerneldriver/include/secDetector_analyze.h | 19 ++++++ .../include/secDetector_analyze_type.h | 32 +++++++++ kerneldriver/include/secDetector_collect.h | 19 ++++++ .../include/secDetector_collect_type.h | 44 ++++++++++++ kerneldriver/include/secDetector_hook_type.h | 31 +++++++++ kerneldriver/include/secDetector_manager.h | 55 +++++++-------- .../include/secDetector_module_type.h | 35 ++++++++++ kerneldriver/include/secDetector_response.h | 7 +- kerneldriver/include/secDetector_workflow.h | 25 +++++++ .../include/secDetector_workflow_type.h | 67 +++++++++++++++++++ 14 files changed, 337 insertions(+), 33 deletions(-) create mode 100644 kerneldriver/core/secDetector_workflow.c create mode 100644 kerneldriver/include/secDetector_analyze.h create mode 100644 kerneldriver/include/secDetector_analyze_type.h create mode 100644 kerneldriver/include/secDetector_collect.h create mode 100644 kerneldriver/include/secDetector_collect_type.h create mode 100644 kerneldriver/include/secDetector_hook_type.h create mode 100644 kerneldriver/include/secDetector_module_type.h create mode 100644 kerneldriver/include/secDetector_workflow.h create mode 100644 kerneldriver/include/secDetector_workflow_type.h diff --git a/kerneldriver/core/hook_unit/secDetector_hook.c b/kerneldriver/core/hook_unit/secDetector_hook.c index d3ae696..f4ac8df 100644 --- a/kerneldriver/core/hook_unit/secDetector_hook.c +++ b/kerneldriver/core/hook_unit/secDetector_hook.c @@ -18,6 +18,7 @@ #include #include #include "secDetector_hook.h" +#include "secDetector_hook_type.h" struct hook_list_func { int type_min; diff --git a/kerneldriver/core/hook_unit/secDetector_hook.h b/kerneldriver/core/hook_unit/secDetector_hook.h index 0ecd315..392e302 100644 --- a/kerneldriver/core/hook_unit/secDetector_hook.h +++ b/kerneldriver/core/hook_unit/secDetector_hook.h @@ -19,7 +19,7 @@ #include #include -#include +#include "secDetector_workflow_type.h" extern struct list_head secDetector_hook_array[HOOKEND]; extern struct mutex g_hook_list_array_mutex; diff --git a/kerneldriver/core/secDetector_manager.c b/kerneldriver/core/secDetector_manager.c index 89ed1d8..d79f0d9 100644 --- a/kerneldriver/core/secDetector_manager.c +++ b/kerneldriver/core/secDetector_manager.c @@ -19,6 +19,7 @@ #include #include "hook_unit/secDetector_hook.h" #include "secDetector_manager.h" +#include "secDetector_workflow.h" static DEFINE_IDR(g_module_idr); static LIST_HEAD(secDetector_module_list); @@ -83,11 +84,15 @@ int secDetector_module_register(struct secDetector_module *module) mutex_lock(&g_hook_list_array_mutex); for (i = 0, wf = module->workflow_array; i < module->workflow_array_len; i++, wf++) { - if (wf == NULL) { - ret = -EINVAL; - goto error; - } + if (wf == NULL) { + ret = -EINVAL; + goto error; + } wf->module = module; + if (wf->workflow_type == WORKFLOW_PRESET) { + wf->workflow_func.func = preset_workflow; + } + ret = insert_callback(wf); if (ret < 0) { pr_err("[secDetector] insert callback failed\n"); diff --git a/kerneldriver/core/secDetector_workflow.c b/kerneldriver/core/secDetector_workflow.c new file mode 100644 index 0000000..2ad97a5 --- /dev/null +++ b/kerneldriver/core/secDetector_workflow.c @@ -0,0 +1,20 @@ +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * create: 2023-09-25 + * Description: detector workflow manager + */ +#include "secDetector_workflow_type.h" + +void preset_workflow(void) { + +} \ No newline at end of file diff --git a/kerneldriver/include/secDetector_analyze.h b/kerneldriver/include/secDetector_analyze.h new file mode 100644 index 0000000..f5dfbe0 --- /dev/null +++ b/kerneldriver/include/secDetector_analyze.h @@ -0,0 +1,19 @@ +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * Create: 2023-09-25 + * Description: secDetector analyze unit header + */ +#ifndef SECDETECTOR_ANALYZE_H +#define SECDETECTOR_ANALYZE_H +#include "secDetector_analyze_type.h" +#endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_analyze_type.h b/kerneldriver/include/secDetector_analyze_type.h new file mode 100644 index 0000000..ef77052 --- /dev/null +++ b/kerneldriver/include/secDetector_analyze_type.h @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * Create: 2023-09-25 + * Description: secDetector analyze unit type header + */ +#ifndef SECDETECTOR_ANALYZE_TYPE_H +#define SECDETECTOR_ANALYZE_TYPE_H + +enum ANALYZE_TYPE{ + ANALYZE_RECORD, + ANALYZE_PRESET_START, + ANALYZE_PRESET_SAVE_CHECK = ANALYZE_PRESET_START, + ANALYZE_PRESET_FREQUENCY_RANGE, + ANALYZE_PRESET_END = ANALYZE_PRESET_FREQUENCY_RANGE, + ANALYZE_CUSTOMIZATION, +}; + +typedef union analyze_func { + void (*func)(void); + void (*analyze_record_func)(void); +}analyze_func_t; +#endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_collect.h b/kerneldriver/include/secDetector_collect.h new file mode 100644 index 0000000..df4ac1f --- /dev/null +++ b/kerneldriver/include/secDetector_collect.h @@ -0,0 +1,19 @@ +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * Create: 2023-09-25 + * Description: secDetector collect unit header + */ +#ifndef SECDETECTOR_COLLECT_H +#define SECDETECTOR_COLLECT_H +#include "secDetector_collect_type.h" +#endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_collect_type.h b/kerneldriver/include/secDetector_collect_type.h new file mode 100644 index 0000000..1122d15 --- /dev/null +++ b/kerneldriver/include/secDetector_collect_type.h @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * Create: 2023-09-25 + * Description: secDetector collect unit type header + */ +#ifndef SECDETECTOR_COLLECT_TYPE_H +#define SECDETECTOR_COLLECT_TYPE_H + +enum COLLECT_TYPE{ + COLLECT_TIME, + COLLECT_CURRENT_START, + COLLECT_CURRENT_PROCESS = COLLECT_CURRENT_START, + COLLECT_CURRENT_FILE, + COLLECT_CURRENT_END = COLLECT_CURRENT_FILE, + COLLECT_GLOBAL_START, + COLLECT_GLOBAL_PROCESS = COLLECT_GLOBAL_START, + COLLECT_GLOBAL_FILE, + COLLECT_GLOBAL_RESOURCE, + COLLECT_GLOBAL_END = COLLECT_GLOBAL_RESOURCE, + COLLECT_CUSTOMIZATION, +}; + +union collect_func { + void (*func)(void); + void (*COLLECT_record_func)(void); +}; + +struct secDetector_collect { + struct list_head list; + struct rcu_head rcu; + unsigned int collect_type; + union collect_func collect_func; +}; +#endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_hook_type.h b/kerneldriver/include/secDetector_hook_type.h new file mode 100644 index 0000000..97f5f66 --- /dev/null +++ b/kerneldriver/include/secDetector_hook_type.h @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * Create: 2023-09-25 + * Description: secDetector hook unit type header + */ +#ifndef SECDETECTOR_HOOK_TYPE_H +#define SECDETECTOR_HOOK_TYPE_H + +enum HOOK_TYPE { + TRACEPOINT_HOOK_START, + TRACEPOINT_CREATE_FILE = TRACEPOINT_HOOK_START, + TRACEPOINT_WRITE_FILE, + TRACEPOINT_CREATE_PROCESS, + TRACEPOINT_HOOK_END = TRACEPOINT_CREATE_PROCESS, + + HOOKEND, + + SECDETECTOR_TIMER, +}; + +#endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_manager.h b/kerneldriver/include/secDetector_manager.h index f64b5f6..18a89f3 100644 --- a/kerneldriver/include/secDetector_manager.h +++ b/kerneldriver/include/secDetector_manager.h @@ -17,6 +17,7 @@ #include #include #include +#include "secDetector_module_type.h" enum CALLBACKTYPE { TRACEPOINT_HOOK_START, @@ -30,37 +31,37 @@ enum CALLBACKTYPE { SECDETECTOR_TIMER, }; -union callback_func { - void (*func)(void); - void (*create_file)(struct filename *); - void (*write_file)(struct filename *); - void (*create_process)(int); - void (*timer_func)(struct timer_list *); -}; +// union callback_func { +// void (*func)(void); +// void (*create_file)(struct filename *); +// void (*write_file)(struct filename *); +// void (*create_process)(int); +// void (*timer_func)(struct timer_list *); +// }; -struct secDetector_workflow { - struct list_head list; - struct rcu_head rcu; - unsigned int id; - struct secDetector_module *module; - atomic_t enabled; +// struct secDetector_workflow { +// struct list_head list; +// struct rcu_head rcu; +// unsigned int id; +// struct secDetector_module *module; +// atomic_t enabled; - unsigned int hook_type; - int interval; - union callback_func callback_func; -}; +// unsigned int hook_type; +// int interval; +// union callback_func callback_func; +// }; -struct secDetector_module { - struct list_head list; - struct rcu_head rcu; - unsigned int id; - char *name; - struct module *kmodule; - atomic_t enabled; +// struct secDetector_module { +// struct list_head list; +// struct rcu_head rcu; +// unsigned int id; +// char *name; +// struct module *kmodule; +// atomic_t enabled; - struct secDetector_workflow *workflow_array; - uint32_t workflow_array_len; -}; +// struct secDetector_workflow *workflow_array; +// uint32_t workflow_array_len; +// }; extern void secDetector_init_manager(void); extern int secDetector_module_register(struct secDetector_module *module); diff --git a/kerneldriver/include/secDetector_module_type.h b/kerneldriver/include/secDetector_module_type.h new file mode 100644 index 0000000..a6fe2dd --- /dev/null +++ b/kerneldriver/include/secDetector_module_type.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * Create: 2023-09-25 + * Description: secDetector module type header + */ +#ifndef SECDETECTOR_MODULE_TYPE_H +#define SECDETECTOR_MODULE_TYPE_H +#include +#include +#include +#include "secDetector_workflow_type.h" + +struct secDetector_module { + struct list_head list; + struct rcu_head rcu; + unsigned int id; + char *name; + struct module *kmodule; + atomic_t enabled; + + secDetector_workflow_t *workflow_array; + uint32_t workflow_array_len; +}; + +#endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_response.h b/kerneldriver/include/secDetector_response.h index e91d4db..c9b8bb2 100644 --- a/kerneldriver/include/secDetector_response.h +++ b/kerneldriver/include/secDetector_response.h @@ -16,7 +16,12 @@ #ifndef SECDETECTOR_RESPONSE_H #define SECDETECTOR_RESPONSE_H #include "secDetector_response_type.h" - +struct secdetector_response { + struct list_head list; + struct rcu_head rcu; + unsigned int response_type; + response_func_t response_func; +} extern void notrace secdetector_respond(unsigned int response_type, response_data_t *data); extern void notrace secdetector_report(response_data_t *data); diff --git a/kerneldriver/include/secDetector_workflow.h b/kerneldriver/include/secDetector_workflow.h new file mode 100644 index 0000000..37ee812 --- /dev/null +++ b/kerneldriver/include/secDetector_workflow.h @@ -0,0 +1,25 @@ +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * Create: 2023-09-25 + * Description: secDetector workflow header + */ +#ifndef SECDETECTOR_WORKFLOW_H +#define SECDETECTOR_WORKFLOW_H +#include "secDetector_collect.h" +#include "secDetector_analyze.h" +#include "secDetector_response.h" +#include "secDetector_workflow_type.h" + + +void preset_workflow(void); +#endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_workflow_type.h b/kerneldriver/include/secDetector_workflow_type.h new file mode 100644 index 0000000..146a905 --- /dev/null +++ b/kerneldriver/include/secDetector_workflow_type.h @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * Create: 2023-09-25 + * Description: secDetector workflow type header + */ +#ifndef SECDETECTOR_WORKFLOW_TYPE_H +#define SECDETECTOR_WORKFLOW_TYPE_H +#include "secDetector_hook_type.h" +#include "secDetector_collect_type.h" +#include "secDetector_analyze_type.h" +#include "secDetector_response_type.h" +#include "secDetector_module_type.h" + +enum WORKFLOW_TYPE{ + WORKFLOW_CUSTOMIZATION, + WORKFLOW_PRESET, +}; + +union workflow_func { + void (*func)(void); + void (*create_file)(struct filename *); + void (*write_file)(struct filename *); + void (*create_process)(int); + void (*timer_func)(struct timer_list *); +}; + +typedef struct secDetector_module secDetector_module_t; +typedef struct secDetector_workflow { + struct list_head list; + struct rcu_head rcu; + unsigned int id; + secDetector_module_t *module; + atomic_t enabled; + unsigned int workflow_type; + union workflow_func workflow_func; + + //hook + unsigned int hook_type; + int interval; + + //collect + struct secDetector_collect *collect_array; + uint32_t collect_array_len; + + //analyze + unsigned int analyze_type; + analyze_func_t analyze_func; + + //response + struct secdetector_response *response_array; + uint32_t response_array_len; + +} secDetector_workflow_t; + + + +#endif \ No newline at end of file -- Gitee From 977d857889b815394dbbbf7ecca2a5c55dd63124 Mon Sep 17 00:00:00 2001 From: yieux Date: Mon, 25 Sep 2023 15:00:31 +0800 Subject: [PATCH 2/4] =?UTF-8?q?=E5=88=A0=E9=99=A4manager=E4=B8=AD=E7=9A=84?= =?UTF-8?q?=E6=89=8E=E5=A0=86=E5=AE=9A=E4=B9=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kerneldriver/include/secDetector_manager.h | 44 ---------------------- 1 file changed, 44 deletions(-) diff --git a/kerneldriver/include/secDetector_manager.h b/kerneldriver/include/secDetector_manager.h index 18a89f3..70dedd3 100644 --- a/kerneldriver/include/secDetector_manager.h +++ b/kerneldriver/include/secDetector_manager.h @@ -19,50 +19,6 @@ #include #include "secDetector_module_type.h" -enum CALLBACKTYPE { - TRACEPOINT_HOOK_START, - TRACEPOINT_CREATE_FILE = TRACEPOINT_HOOK_START, - TRACEPOINT_WRITE_FILE, - TRACEPOINT_CREATE_PROCESS, - TRACEPOINT_HOOK_END = TRACEPOINT_CREATE_PROCESS, - - HOOKEND, - - SECDETECTOR_TIMER, -}; - -// union callback_func { -// void (*func)(void); -// void (*create_file)(struct filename *); -// void (*write_file)(struct filename *); -// void (*create_process)(int); -// void (*timer_func)(struct timer_list *); -// }; - -// struct secDetector_workflow { -// struct list_head list; -// struct rcu_head rcu; -// unsigned int id; -// struct secDetector_module *module; -// atomic_t enabled; - -// unsigned int hook_type; -// int interval; -// union callback_func callback_func; -// }; - -// struct secDetector_module { -// struct list_head list; -// struct rcu_head rcu; -// unsigned int id; -// char *name; -// struct module *kmodule; -// atomic_t enabled; - -// struct secDetector_workflow *workflow_array; -// uint32_t workflow_array_len; -// }; - extern void secDetector_init_manager(void); extern int secDetector_module_register(struct secDetector_module *module); extern void secDetector_module_unregister(struct secDetector_module *module); -- Gitee From bca1851c4ddc20d5269e1e0a4995bff21f2ec1c5 Mon Sep 17 00:00:00 2001 From: yieux Date: Mon, 25 Sep 2023 20:11:13 +0800 Subject: [PATCH 3/4] fix bug --- kerneldriver/core/hook_unit/secDetector_hook.h | 4 ++-- kerneldriver/include/secDetector_module_type.h | 1 + kerneldriver/include/secDetector_response.h | 4 +++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/kerneldriver/core/hook_unit/secDetector_hook.h b/kerneldriver/core/hook_unit/secDetector_hook.h index 392e302..381f9ee 100644 --- a/kerneldriver/core/hook_unit/secDetector_hook.h +++ b/kerneldriver/core/hook_unit/secDetector_hook.h @@ -49,7 +49,7 @@ extern void init_secDetector_hook(void); return; \ list_for_each_entry_rcu(workflow, &(callback_list), list) { \ if (atomic_read(&workflow->enabled) && atomic_read(&workflow->module->enabled)) \ - workflow->callback_func.func(PARAMS(args)); \ + workflow->workflow_func.func(PARAMS(args)); \ } \ mutex_unlock(&g_hook_list_array_mutex); \ } while(0) @@ -61,7 +61,7 @@ extern void init_secDetector_hook(void); rcu_read_lock(); \ list_for_each_entry_rcu(workflow, &(callback_list), list) { \ if (atomic_read(&workflow->enabled) && atomic_read(&workflow->module->enabled)) \ - workflow->callback_func.func(PARAMS(args)); \ + workflow->workflow_func.func(PARAMS(args)); \ } \ rcu_read_unlock(); \ } while(0) diff --git a/kerneldriver/include/secDetector_module_type.h b/kerneldriver/include/secDetector_module_type.h index a6fe2dd..dc9a149 100644 --- a/kerneldriver/include/secDetector_module_type.h +++ b/kerneldriver/include/secDetector_module_type.h @@ -20,6 +20,7 @@ #include #include "secDetector_workflow_type.h" +typedef struct secDetector_workflow secDetector_workflow_t; struct secDetector_module { struct list_head list; struct rcu_head rcu; diff --git a/kerneldriver/include/secDetector_response.h b/kerneldriver/include/secDetector_response.h index c9b8bb2..5231b24 100644 --- a/kerneldriver/include/secDetector_response.h +++ b/kerneldriver/include/secDetector_response.h @@ -16,12 +16,14 @@ #ifndef SECDETECTOR_RESPONSE_H #define SECDETECTOR_RESPONSE_H #include "secDetector_response_type.h" + struct secdetector_response { struct list_head list; struct rcu_head rcu; unsigned int response_type; response_func_t response_func; -} +}; + extern void notrace secdetector_respond(unsigned int response_type, response_data_t *data); extern void notrace secdetector_report(response_data_t *data); -- Gitee From fd13f028334fb2d8921720f90de4e656280a0ce4 Mon Sep 17 00:00:00 2001 From: yieux Date: Mon, 25 Sep 2023 20:23:18 +0800 Subject: [PATCH 4/4] fix bug --- kerneldriver/core/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kerneldriver/core/Makefile b/kerneldriver/core/Makefile index cadf86b..bf7b71a 100644 --- a/kerneldriver/core/Makefile +++ b/kerneldriver/core/Makefile @@ -6,6 +6,7 @@ secDetector_core-objs += hook_unit/secDetector_hook_tracepoint.o secDetector_core-objs += hook_unit/secDetector_hook.o secDetector_core-objs += response_unit/secDetector_proc.o secDetector_core-objs += response_unit/secDetector_response.o +secDetector_core-objs += secDetector_workflow.o secDetector_core-objs += secDetector_manager.o secDetector_core-objs += secDetector_main.o @@ -21,7 +22,7 @@ endif export KBUILD_EXTRA_SYMBOLS all: - $(MAKE) -C $(KERNEL_SRC) M=$(PWD) modules KCPPFLAGS="${cflags-y}" + $(MAKE) -C $(KERNEL_SRC) M=$(PWD) modules KCPPFLAGS="${cflags-y}" clean: - rm -rf *.ko *.o .*.o.d .*.ko.cmd *.mod.c *.mod .*.cmd Modules.* *.symvers *.order .tmp* *.markers */*.ko */*.o */.*.o.d */.*.ko.cmd */*.mod.c */*.mod */.*.cmd */Modules.* */*.symvers + rm -rf *.ko *.o .*.o.d .*.ko.cmd *.mod.c *.mod .*.cmd Modules.* *.symvers *.order .tmp* *.markers */*.ko */*.o */.*.o.d */.*.ko.cmd */*.mod.c */*.mod */.*.cmd */Modules.* */*.symvers -- Gitee