Skip to content

Commit

Permalink
Remove unused signature helper
Browse files Browse the repository at this point in the history
  • Loading branch information
oshaked1 committed May 12, 2024
1 parent fb42192 commit 3a29a8c
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 26 deletions.
15 changes: 7 additions & 8 deletions pkg/ebpf/c/tracee.bpf.c
Original file line number Diff line number Diff line change
Expand Up @@ -5126,11 +5126,9 @@ statfunc enum vma_type get_vma_type(struct vm_area_struct *vma)
SEC("raw_tracepoint/check_syscall_source")
int check_syscall_source(struct bpf_raw_tracepoint_args *ctx)
{
program_data_t p = {};
if (!init_program_data(&p, ctx))
return 0;

// Get syscall ID
// Get syscall ID.
// NOTE: this must happen first before any logic that may fail,
// because we must know the syscall ID for the tail call we preceded.
struct task_struct *task = (struct task_struct *) bpf_get_current_task();
u32 id = ctx->args[1];
if (is_compat(task)) {
Expand All @@ -5141,10 +5139,11 @@ int check_syscall_source(struct bpf_raw_tracepoint_args *ctx)
id = *id_64;
}

if (!should_trace(&p))
program_data_t p = {};
if (!init_program_data(&p, ctx, CHECK_SYSCALL_SOURCE))
goto out;

if (!should_submit(CHECK_SYSCALL_SOURCE, p.event))
if (!evaluate_scope_filters(&p))
goto out;

// Get instruction pointer
Expand Down Expand Up @@ -5188,7 +5187,7 @@ int check_syscall_source(struct bpf_raw_tracepoint_args *ctx)
save_to_submit_buf(&p.event->args_buf, &is_heap, sizeof(is_heap), 3);
save_to_submit_buf(&p.event->args_buf, &is_anon, sizeof(is_anon), 4);

events_perf_submit(&p, CHECK_SYSCALL_SOURCE, 0);
events_perf_submit(&p, 0);

out:
// Call sys_enter_init_tail which we preceded
Expand Down
9 changes: 5 additions & 4 deletions pkg/ebpf/event_filters.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import (
"github.com/aquasecurity/tracee/pkg/logger"
)

type eventFilterHandler func(eventFilters map[string]filters.Filter, bpfModule *bpf.Module) error
type eventFilterHandler func(eventFilters map[string]filters.Filter[*filters.StringFilter], bpfModule *bpf.Module) error

var eventFilterHandlers = map[events.ID]eventFilterHandler{
events.CheckSyscallSource: populateMapsCheckSyscallSource,
Expand All @@ -24,8 +24,9 @@ func (t *Tracee) populateEventFilterMaps() error {
// Iterate through registerd event filter handlers
for eventID, handler := range eventFilterHandlers {
// Construct filters for this event
eventFilters := map[string]filters.Filter{}
for _, p := range t.config.Policies.Map() {
eventFilters := map[string]filters.Filter[*filters.StringFilter]{}
for it := t.config.Policies.CreateAllIterator(); it.HasNext(); {
p := it.Next()
f := p.ArgFilter.GetEventFilters(eventID)
if len(f) == 0 {
continue
Expand All @@ -46,7 +47,7 @@ func (t *Tracee) populateEventFilterMaps() error {
return nil
}

func populateMapsCheckSyscallSource(eventFilters map[string]filters.Filter, bpfModule *bpf.Module) error {
func populateMapsCheckSyscallSource(eventFilters map[string]filters.Filter[*filters.StringFilter], bpfModule *bpf.Module) error {
// Get syscalls to trace
syscallsFilter, ok := eventFilters["syscall"].(*filters.StringFilter)
if !ok {
Expand Down
2 changes: 2 additions & 0 deletions pkg/ebpf/tracee.go
Original file line number Diff line number Diff line change
Expand Up @@ -1518,6 +1518,7 @@ func (t *Tracee) invokeInitEvents(out chan *trace.Event) {
systemInfoEvent := events.InitNamespacesEvent()
setMatchedPolicies(&systemInfoEvent, matchedPolicies, t.config.Policies)
out <- &systemInfoEvent
_ = t.stats.EventCount.Increment()
}

// Initial existing containers events (1 event per container)
Expand All @@ -1529,6 +1530,7 @@ func (t *Tracee) invokeInitEvents(out chan *trace.Event) {
event := &(existingContainerEvents[i])
setMatchedPolicies(event, matchedPolicies, t.config.Policies)
out <- event
_ = t.stats.EventCount.Increment()
}
}

Expand Down
14 changes: 0 additions & 14 deletions signatures/helpers/arguments_helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -72,20 +72,6 @@ func GetTraceeIntArgumentByName(event trace.Event, argName string) (int, error)
return 0, fmt.Errorf("can't convert argument %v to int", argName)
}

// GetTraceeBoolArgumentByName gets the argument from `event` matching the `argName`, casted as bool.
func GetTraceeBoolArgumentByName(event trace.Event, argName string) (bool, error) {
arg, err := GetTraceeArgumentByName(event, argName, GetArgOps{DefaultArgs: false})
if err != nil {
return false, err
}
argBool, ok := arg.Value.(bool)
if ok {
return argBool, nil
}

return false, fmt.Errorf("can't convert argument %v to bool", argName)
}

// GetTraceeSliceStringArgumentByName gets the argument matching the "argName" given from the event "argv" field, casted as []string.
func GetTraceeSliceStringArgumentByName(event trace.Event, argName string) ([]string, error) {
arg, err := GetTraceeArgumentByName(event, argName, GetArgOps{DefaultArgs: false})
Expand Down

0 comments on commit 3a29a8c

Please sign in to comment.