From 9add8b3973c9d647ae08c9c9d296bd24a60fa284 Mon Sep 17 00:00:00 2001 From: yieux Date: Mon, 25 Sep 2023 20:33:50 +0800 Subject: [PATCH 1/2] dos2unix --- kerneldriver/include/secDetector_analyze.h | 36 ++++---- .../include/secDetector_analyze_type.h | 62 ++++++------- .../include/secDetector_collect_type.h | 87 ++++++++++--------- kerneldriver/include/secDetector_hook_type.h | 14 +-- .../include/secDetector_module_type.h | 16 ++-- kerneldriver/include/secDetector_response.h | 4 +- .../include/secDetector_response_type.h | 12 +-- .../include/secDetector_workflow_type.h | 32 +++---- 8 files changed, 132 insertions(+), 131 deletions(-) diff --git a/kerneldriver/include/secDetector_analyze.h b/kerneldriver/include/secDetector_analyze.h index f5dfbe0..dd41d43 100644 --- a/kerneldriver/include/secDetector_analyze.h +++ b/kerneldriver/include/secDetector_analyze.h @@ -1,19 +1,19 @@ -/* - * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. - * secDetector is licensed under Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, - * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, - * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. - * See the Mulan PSL v2 for more details. - * - * Author: yieux - * Create: 2023-09-25 - * Description: secDetector analyze unit header - */ -#ifndef SECDETECTOR_ANALYZE_H -#define SECDETECTOR_ANALYZE_H -#include "secDetector_analyze_type.h" +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * Create: 2023-09-25 + * Description: secDetector analyze unit header + */ +#ifndef SECDETECTOR_ANALYZE_H +#define SECDETECTOR_ANALYZE_H +#include "secDetector_analyze_type.h" #endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_analyze_type.h b/kerneldriver/include/secDetector_analyze_type.h index ef77052..9ae648c 100644 --- a/kerneldriver/include/secDetector_analyze_type.h +++ b/kerneldriver/include/secDetector_analyze_type.h @@ -1,32 +1,32 @@ -/* - * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. - * secDetector is licensed under Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, - * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, - * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. - * See the Mulan PSL v2 for more details. - * - * Author: yieux - * Create: 2023-09-25 - * Description: secDetector analyze unit type header - */ -#ifndef SECDETECTOR_ANALYZE_TYPE_H -#define SECDETECTOR_ANALYZE_TYPE_H - -enum ANALYZE_TYPE{ - ANALYZE_RECORD, - ANALYZE_PRESET_START, - ANALYZE_PRESET_SAVE_CHECK = ANALYZE_PRESET_START, - ANALYZE_PRESET_FREQUENCY_RANGE, - ANALYZE_PRESET_END = ANALYZE_PRESET_FREQUENCY_RANGE, - ANALYZE_CUSTOMIZATION, -}; - -typedef union analyze_func { - void (*func)(void); - void (*analyze_record_func)(void); -}analyze_func_t; +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * Create: 2023-09-25 + * Description: secDetector analyze unit type header + */ +#ifndef SECDETECTOR_ANALYZE_TYPE_H +#define SECDETECTOR_ANALYZE_TYPE_H + +enum ANALYZE_TYPE{ + ANALYZE_RECORD, + ANALYZE_PRESET_START, + ANALYZE_PRESET_SAVE_CHECK = ANALYZE_PRESET_START, + ANALYZE_PRESET_FREQUENCY_RANGE, + ANALYZE_PRESET_END = ANALYZE_PRESET_FREQUENCY_RANGE, + ANALYZE_CUSTOMIZATION, +}; + +typedef union analyze_func { + void (*func)(void); + void (*analyze_record_func)(void); +}analyze_func_t; #endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_collect_type.h b/kerneldriver/include/secDetector_collect_type.h index 1122d15..d2c6b5d 100644 --- a/kerneldriver/include/secDetector_collect_type.h +++ b/kerneldriver/include/secDetector_collect_type.h @@ -1,44 +1,45 @@ -/* - * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. - * secDetector is licensed under Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, - * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, - * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. - * See the Mulan PSL v2 for more details. - * - * Author: yieux - * Create: 2023-09-25 - * Description: secDetector collect unit type header - */ -#ifndef SECDETECTOR_COLLECT_TYPE_H -#define SECDETECTOR_COLLECT_TYPE_H - -enum COLLECT_TYPE{ - COLLECT_TIME, - COLLECT_CURRENT_START, - COLLECT_CURRENT_PROCESS = COLLECT_CURRENT_START, - COLLECT_CURRENT_FILE, - COLLECT_CURRENT_END = COLLECT_CURRENT_FILE, - COLLECT_GLOBAL_START, - COLLECT_GLOBAL_PROCESS = COLLECT_GLOBAL_START, - COLLECT_GLOBAL_FILE, - COLLECT_GLOBAL_RESOURCE, - COLLECT_GLOBAL_END = COLLECT_GLOBAL_RESOURCE, - COLLECT_CUSTOMIZATION, -}; - -union collect_func { - void (*func)(void); - void (*COLLECT_record_func)(void); -}; - -struct secDetector_collect { - struct list_head list; - struct rcu_head rcu; - unsigned int collect_type; - union collect_func collect_func; -}; +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * Create: 2023-09-25 + * Description: secDetector collect unit type header + */ +#ifndef SECDETECTOR_COLLECT_TYPE_H +#define SECDETECTOR_COLLECT_TYPE_H +#include +enum COLLECT_TYPE{ + COLLECT_TIME, + COLLECT_CURRENT_START, + COLLECT_CURRENT_PROCESS = COLLECT_CURRENT_START, + COLLECT_CURRENT_FILE, + COLLECT_CURRENT_END = COLLECT_CURRENT_FILE, + COLLECT_GLOBAL_START, + COLLECT_GLOBAL_PROCESS = COLLECT_GLOBAL_START, + COLLECT_GLOBAL_FILE, + COLLECT_GLOBAL_RESOURCE, + COLLECT_GLOBAL_END = COLLECT_GLOBAL_RESOURCE, + COLLECT_CUSTOMIZATION, +}; + +union collect_func { + void (*func)(void); + void (*COLLECT_record_func)(void); +}; + +struct secDetector_collect { + struct list_head list; + struct rcu_head rcu; + unsigned int collect_type; + union collect_func collect_func; +}; + #endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_hook_type.h b/kerneldriver/include/secDetector_hook_type.h index 97f5f66..29ac914 100644 --- a/kerneldriver/include/secDetector_hook_type.h +++ b/kerneldriver/include/secDetector_hook_type.h @@ -17,15 +17,15 @@ #define SECDETECTOR_HOOK_TYPE_H enum HOOK_TYPE { - TRACEPOINT_HOOK_START, - TRACEPOINT_CREATE_FILE = TRACEPOINT_HOOK_START, - TRACEPOINT_WRITE_FILE, - TRACEPOINT_CREATE_PROCESS, - TRACEPOINT_HOOK_END = TRACEPOINT_CREATE_PROCESS, + TRACEPOINT_HOOK_START, + TRACEPOINT_CREATE_FILE = TRACEPOINT_HOOK_START, + TRACEPOINT_WRITE_FILE, + TRACEPOINT_CREATE_PROCESS, + TRACEPOINT_HOOK_END = TRACEPOINT_CREATE_PROCESS, - HOOKEND, + HOOKEND, - SECDETECTOR_TIMER, + SECDETECTOR_TIMER, }; #endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_module_type.h b/kerneldriver/include/secDetector_module_type.h index dc9a149..0a89889 100644 --- a/kerneldriver/include/secDetector_module_type.h +++ b/kerneldriver/include/secDetector_module_type.h @@ -22,15 +22,15 @@ typedef struct secDetector_workflow secDetector_workflow_t; struct secDetector_module { - struct list_head list; - struct rcu_head rcu; - unsigned int id; - char *name; - struct module *kmodule; - atomic_t enabled; + struct list_head list; + struct rcu_head rcu; + unsigned int id; + char *name; + struct module *kmodule; + atomic_t enabled; - secDetector_workflow_t *workflow_array; - uint32_t workflow_array_len; + secDetector_workflow_t *workflow_array; + uint32_t workflow_array_len; }; #endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_response.h b/kerneldriver/include/secDetector_response.h index 5231b24..6769394 100644 --- a/kerneldriver/include/secDetector_response.h +++ b/kerneldriver/include/secDetector_response.h @@ -18,8 +18,8 @@ #include "secDetector_response_type.h" struct secdetector_response { - struct list_head list; - struct rcu_head rcu; + struct list_head list; + struct rcu_head rcu; unsigned int response_type; response_func_t response_func; }; diff --git a/kerneldriver/include/secDetector_response_type.h b/kerneldriver/include/secDetector_response_type.h index 6520467..133292d 100644 --- a/kerneldriver/include/secDetector_response_type.h +++ b/kerneldriver/include/secDetector_response_type.h @@ -18,18 +18,18 @@ #include enum { - RESPONSE_REPORT, - RESPONSE_REJECT, - NR_RESPONSE, + RESPONSE_REPORT, + RESPONSE_REJECT, + NR_RESPONSE, }; struct response_report_data { - const char *text; - size_t len; + const char *text; + size_t len; }; typedef union response_data { - struct response_report_data *report_data; + struct response_report_data *report_data; } response_data_t; typedef void (*response_func_t)(response_data_t *data); diff --git a/kerneldriver/include/secDetector_workflow_type.h b/kerneldriver/include/secDetector_workflow_type.h index 146a905..5d41ac6 100644 --- a/kerneldriver/include/secDetector_workflow_type.h +++ b/kerneldriver/include/secDetector_workflow_type.h @@ -22,38 +22,38 @@ #include "secDetector_module_type.h" enum WORKFLOW_TYPE{ - WORKFLOW_CUSTOMIZATION, - WORKFLOW_PRESET, + WORKFLOW_CUSTOMIZATION, + WORKFLOW_PRESET, }; union workflow_func { - void (*func)(void); - void (*create_file)(struct filename *); - void (*write_file)(struct filename *); - void (*create_process)(int); - void (*timer_func)(struct timer_list *); + void (*func)(void); + void (*create_file)(struct filename *); + void (*write_file)(struct filename *); + void (*create_process)(int); + void (*timer_func)(struct timer_list *); }; typedef struct secDetector_module secDetector_module_t; typedef struct secDetector_workflow { - struct list_head list; - struct rcu_head rcu; - unsigned int id; - secDetector_module_t *module; - atomic_t enabled; + struct list_head list; + struct rcu_head rcu; + unsigned int id; + secDetector_module_t *module; + atomic_t enabled; unsigned int workflow_type; - union workflow_func workflow_func; + union workflow_func workflow_func; //hook - unsigned int hook_type; - int interval; + unsigned int hook_type; + int interval; //collect struct secDetector_collect *collect_array; uint32_t collect_array_len; //analyze - unsigned int analyze_type; + unsigned int analyze_type; analyze_func_t analyze_func; //response -- Gitee From ff6d3aa2bbd32992bd8020862c029fea0c548dd9 Mon Sep 17 00:00:00 2001 From: yieux Date: Mon, 25 Sep 2023 20:36:23 +0800 Subject: [PATCH 2/2] dos2unix --- kerneldriver/core/secDetector_workflow.c | 38 ++--- kerneldriver/include/secDetector_collect.h | 36 ++--- kerneldriver/include/secDetector_hook_type.h | 60 ++++---- .../include/secDetector_module_type.h | 70 +++++----- kerneldriver/include/secDetector_workflow.h | 48 +++---- .../include/secDetector_workflow_type.h | 132 +++++++++--------- 6 files changed, 192 insertions(+), 192 deletions(-) diff --git a/kerneldriver/core/secDetector_workflow.c b/kerneldriver/core/secDetector_workflow.c index 2ad97a5..c51c5a6 100644 --- a/kerneldriver/core/secDetector_workflow.c +++ b/kerneldriver/core/secDetector_workflow.c @@ -1,20 +1,20 @@ -/* - * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. - * secDetector is licensed under Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, - * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, - * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. - * See the Mulan PSL v2 for more details. - * - * Author: yieux - * create: 2023-09-25 - * Description: detector workflow manager - */ -#include "secDetector_workflow_type.h" - -void preset_workflow(void) { - +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * create: 2023-09-25 + * Description: detector workflow manager + */ +#include "secDetector_workflow_type.h" + +void preset_workflow(void) { + } \ No newline at end of file diff --git a/kerneldriver/include/secDetector_collect.h b/kerneldriver/include/secDetector_collect.h index df4ac1f..2a032af 100644 --- a/kerneldriver/include/secDetector_collect.h +++ b/kerneldriver/include/secDetector_collect.h @@ -1,19 +1,19 @@ -/* - * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. - * secDetector is licensed under Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, - * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, - * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. - * See the Mulan PSL v2 for more details. - * - * Author: yieux - * Create: 2023-09-25 - * Description: secDetector collect unit header - */ -#ifndef SECDETECTOR_COLLECT_H -#define SECDETECTOR_COLLECT_H -#include "secDetector_collect_type.h" +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * Create: 2023-09-25 + * Description: secDetector collect unit header + */ +#ifndef SECDETECTOR_COLLECT_H +#define SECDETECTOR_COLLECT_H +#include "secDetector_collect_type.h" #endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_hook_type.h b/kerneldriver/include/secDetector_hook_type.h index 29ac914..ae1ce54 100644 --- a/kerneldriver/include/secDetector_hook_type.h +++ b/kerneldriver/include/secDetector_hook_type.h @@ -1,31 +1,31 @@ -/* - * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. - * secDetector is licensed under Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, - * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, - * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. - * See the Mulan PSL v2 for more details. - * - * Author: yieux - * Create: 2023-09-25 - * Description: secDetector hook unit type header - */ -#ifndef SECDETECTOR_HOOK_TYPE_H -#define SECDETECTOR_HOOK_TYPE_H - -enum HOOK_TYPE { - TRACEPOINT_HOOK_START, - TRACEPOINT_CREATE_FILE = TRACEPOINT_HOOK_START, - TRACEPOINT_WRITE_FILE, - TRACEPOINT_CREATE_PROCESS, - TRACEPOINT_HOOK_END = TRACEPOINT_CREATE_PROCESS, - - HOOKEND, - - SECDETECTOR_TIMER, -}; - +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * Create: 2023-09-25 + * Description: secDetector hook unit type header + */ +#ifndef SECDETECTOR_HOOK_TYPE_H +#define SECDETECTOR_HOOK_TYPE_H + +enum HOOK_TYPE { + TRACEPOINT_HOOK_START, + TRACEPOINT_CREATE_FILE = TRACEPOINT_HOOK_START, + TRACEPOINT_WRITE_FILE, + TRACEPOINT_CREATE_PROCESS, + TRACEPOINT_HOOK_END = TRACEPOINT_CREATE_PROCESS, + + HOOKEND, + + SECDETECTOR_TIMER, +}; + #endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_module_type.h b/kerneldriver/include/secDetector_module_type.h index 0a89889..30a13c8 100644 --- a/kerneldriver/include/secDetector_module_type.h +++ b/kerneldriver/include/secDetector_module_type.h @@ -1,36 +1,36 @@ -/* - * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. - * secDetector is licensed under Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, - * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, - * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. - * See the Mulan PSL v2 for more details. - * - * Author: yieux - * Create: 2023-09-25 - * Description: secDetector module type header - */ -#ifndef SECDETECTOR_MODULE_TYPE_H -#define SECDETECTOR_MODULE_TYPE_H -#include -#include -#include -#include "secDetector_workflow_type.h" - -typedef struct secDetector_workflow secDetector_workflow_t; -struct secDetector_module { - struct list_head list; - struct rcu_head rcu; - unsigned int id; - char *name; - struct module *kmodule; - atomic_t enabled; - - secDetector_workflow_t *workflow_array; - uint32_t workflow_array_len; -}; - +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * Create: 2023-09-25 + * Description: secDetector module type header + */ +#ifndef SECDETECTOR_MODULE_TYPE_H +#define SECDETECTOR_MODULE_TYPE_H +#include +#include +#include +#include "secDetector_workflow_type.h" + +typedef struct secDetector_workflow secDetector_workflow_t; +struct secDetector_module { + struct list_head list; + struct rcu_head rcu; + unsigned int id; + char *name; + struct module *kmodule; + atomic_t enabled; + + secDetector_workflow_t *workflow_array; + uint32_t workflow_array_len; +}; + #endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_workflow.h b/kerneldriver/include/secDetector_workflow.h index 37ee812..7512a8c 100644 --- a/kerneldriver/include/secDetector_workflow.h +++ b/kerneldriver/include/secDetector_workflow.h @@ -1,25 +1,25 @@ -/* - * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. - * secDetector is licensed under Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, - * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, - * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. - * See the Mulan PSL v2 for more details. - * - * Author: yieux - * Create: 2023-09-25 - * Description: secDetector workflow header - */ -#ifndef SECDETECTOR_WORKFLOW_H -#define SECDETECTOR_WORKFLOW_H -#include "secDetector_collect.h" -#include "secDetector_analyze.h" -#include "secDetector_response.h" -#include "secDetector_workflow_type.h" - - -void preset_workflow(void); +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * Create: 2023-09-25 + * Description: secDetector workflow header + */ +#ifndef SECDETECTOR_WORKFLOW_H +#define SECDETECTOR_WORKFLOW_H +#include "secDetector_collect.h" +#include "secDetector_analyze.h" +#include "secDetector_response.h" +#include "secDetector_workflow_type.h" + + +void preset_workflow(void); #endif \ No newline at end of file diff --git a/kerneldriver/include/secDetector_workflow_type.h b/kerneldriver/include/secDetector_workflow_type.h index 5d41ac6..da16c34 100644 --- a/kerneldriver/include/secDetector_workflow_type.h +++ b/kerneldriver/include/secDetector_workflow_type.h @@ -1,67 +1,67 @@ -/* - * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. - * secDetector is licensed under Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, - * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, - * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. - * See the Mulan PSL v2 for more details. - * - * Author: yieux - * Create: 2023-09-25 - * Description: secDetector workflow type header - */ -#ifndef SECDETECTOR_WORKFLOW_TYPE_H -#define SECDETECTOR_WORKFLOW_TYPE_H -#include "secDetector_hook_type.h" -#include "secDetector_collect_type.h" -#include "secDetector_analyze_type.h" -#include "secDetector_response_type.h" -#include "secDetector_module_type.h" - -enum WORKFLOW_TYPE{ - WORKFLOW_CUSTOMIZATION, - WORKFLOW_PRESET, -}; - -union workflow_func { - void (*func)(void); - void (*create_file)(struct filename *); - void (*write_file)(struct filename *); - void (*create_process)(int); - void (*timer_func)(struct timer_list *); -}; - -typedef struct secDetector_module secDetector_module_t; -typedef struct secDetector_workflow { - struct list_head list; - struct rcu_head rcu; - unsigned int id; - secDetector_module_t *module; - atomic_t enabled; - unsigned int workflow_type; - union workflow_func workflow_func; - - //hook - unsigned int hook_type; - int interval; - - //collect - struct secDetector_collect *collect_array; - uint32_t collect_array_len; - - //analyze - unsigned int analyze_type; - analyze_func_t analyze_func; - - //response - struct secdetector_response *response_array; - uint32_t response_array_len; - -} secDetector_workflow_t; - - - +/* + * Copyright (c) 2023 Huawei Technologies Co., Ltd. All rights reserved. + * secDetector is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + * + * Author: yieux + * Create: 2023-09-25 + * Description: secDetector workflow type header + */ +#ifndef SECDETECTOR_WORKFLOW_TYPE_H +#define SECDETECTOR_WORKFLOW_TYPE_H +#include "secDetector_hook_type.h" +#include "secDetector_collect_type.h" +#include "secDetector_analyze_type.h" +#include "secDetector_response_type.h" +#include "secDetector_module_type.h" + +enum WORKFLOW_TYPE{ + WORKFLOW_CUSTOMIZATION, + WORKFLOW_PRESET, +}; + +union workflow_func { + void (*func)(void); + void (*create_file)(struct filename *); + void (*write_file)(struct filename *); + void (*create_process)(int); + void (*timer_func)(struct timer_list *); +}; + +typedef struct secDetector_module secDetector_module_t; +typedef struct secDetector_workflow { + struct list_head list; + struct rcu_head rcu; + unsigned int id; + secDetector_module_t *module; + atomic_t enabled; + unsigned int workflow_type; + union workflow_func workflow_func; + + //hook + unsigned int hook_type; + int interval; + + //collect + struct secDetector_collect *collect_array; + uint32_t collect_array_len; + + //analyze + unsigned int analyze_type; + analyze_func_t analyze_func; + + //response + struct secdetector_response *response_array; + uint32_t response_array_len; + +} secDetector_workflow_t; + + + #endif \ No newline at end of file -- Gitee