From 78873489435f791945e16037622d095896e9e402 Mon Sep 17 00:00:00 2001 From: sectordistrict <157201659+sectordistrict@users.noreply.github.com> Date: Tue, 17 Dec 2024 09:10:48 +0200 Subject: [PATCH] separate categories --- Cargo.lock | 2 +- Cargo.toml | 2 +- src/main.rs | 1 + src/syscall_annotations_map.rs | 462 +++++++----------------------- src/syscall_categories.rs | 177 ++++++++++++ src/syscall_object.rs | 179 ++++++------ src/syscall_object_annotations.rs | 30 +- src/syscall_skeleton_map.rs | 168 ----------- src/types.rs | 3 +- src/utilities.rs | 3 +- 10 files changed, 387 insertions(+), 640 deletions(-) create mode 100644 src/syscall_categories.rs diff --git a/Cargo.lock b/Cargo.lock index 42e6345..e3e744b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -240,7 +240,7 @@ dependencies = [ [[package]] name = "intentrace" -version = "0.4.0" +version = "0.4.1" dependencies = [ "clone3", "colored", diff --git a/Cargo.toml b/Cargo.toml index 6a35a4a..5b0d879 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "intentrace" -version = "0.4.0" +version = "0.4.1" description = "intentrace is strace with intent, it goes all the way for you instead of half the way." edition = "2021" license = "MIT" diff --git a/src/main.rs b/src/main.rs index be43e43..975ee9c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -54,6 +54,7 @@ use utilities::{ mod syscall_object; mod syscall_object_annotations; +mod syscall_categories; mod syscall_annotations_map; mod types; mod syscall_skeleton_map; diff --git a/src/syscall_annotations_map.rs b/src/syscall_annotations_map.rs index 032cb50..2526e2d 100644 --- a/src/syscall_annotations_map.rs +++ b/src/syscall_annotations_map.rs @@ -2,18 +2,15 @@ use std::collections::HashMap; use syscalls::Sysno; use std::mem::MaybeUninit; use crate::types::{SysArg, Category, Flag, SysAnnotations, SysReturn}; - // TODO! differentiate between bitflags (orables) and enums // TODO! add granularity for value-return type of syscall arguments // these are semantics for syscall arguments that get modified after syscall return // see if some arguments are better combined, like the very common buffer and buffer lengths (this makes processing cleaner but might result in complexity in non-conforming cases) // clarify whether a buffer is provided by the user or to be filled by the kernel in the name of the argument (GIVE vs FILL) // switch to MaybeUninit - // TODO! switch to phf later pub fn initialize_syscall_annotations_map() -> HashMap { use SysArg::*; - use Category::*; use Flag::*; use SysReturn::*; let array: Vec<(Sysno, SysAnnotations)> = vec![ @@ -21,7 +18,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::read, ( - DiskIO, "read", &[ ["fd", "file descriptor to be read from"], @@ -35,7 +31,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::write, ( - DiskIO, "write", &[ ["fd", "file descriptor"], @@ -50,17 +45,14 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // Pread() basically works just like read() // but comes with its own offset // and doesnt modify the file pointer. - // If you read() twice, you get different results // If you pread() twice, you get the same result - // the system call was renamed in from pread() to pread64(). The syscall numbers remain the same. // The glibc pread() and pwrite() wrapper functions transparently deal with the change. // parallel read // also: stateless read Sysno::pread64, ( - DiskIO, "parallel read, use your own offset to avoid file pointer data race", &[ ["fd", "file descriptor of the file to be read from"], @@ -79,7 +71,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // also: stateless write Sysno::pwrite64, ( - DiskIO, "parallel write, use your own offset to avoid file pointer data race", &[ ["fd", "file descriptor of the file to be written into"], @@ -100,7 +91,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // to read into non-contiguous memory locations Sysno::readv, ( - DiskIO, "scatter read, read vectored, read from several non contiguous regions", &[ ["fd", "file descriptor of the file to be read from"], @@ -110,12 +100,10 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ["return value", "on success returns number of bytes read, -1 On error and errno is modified"], ) ), - ( // same as readv Sysno::writev, ( - DiskIO, "gather write, write vectored, write from several non contiguous regions", &[ ["fd", "file descriptor of the file to be written into"], @@ -130,7 +118,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // parallel read vectored Sysno::preadv, ( - DiskIO, "scatter read, read vectored, read from several non contiguous regions using your own offset to avoid file pointer data race", &[ ["fd", "file descriptor of the file to be read from"], @@ -145,7 +132,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // parallel write vectored Sysno::pwritev, ( - DiskIO, "gather write, write vectored from several non contiguous regions using your own offset to avoid file pointer data race", &[ ["fd", "file descriptor of the file to be written into"], @@ -156,11 +142,9 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ["return value", "on success returns number of bytes written, -1 On error and errno is modified"], ) ), - ( Sysno::preadv2, ( - DiskIO, "scatter read, read vectored, read from several non contiguous regions using your own offset to avoid file pointer data race in addition to customized flags", &[ ["fd", "file descriptor of the file to be read from"], @@ -172,11 +156,9 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ["return value", "on success returns number of bytes written, -1 On error and errno is modified"], ) ), - ( Sysno::pwritev2, ( - DiskIO, "gather write, write vectored from several non contiguous regions using your own offset to avoid file pointer data race in addition to customized flags", &[ ["fd", "file descriptor of the file to be written into"], @@ -186,13 +168,12 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ["flags", "custom falgs for specific write behaviour"], ], ["return value", "on success returns number of bytes written, -1 On error and errno is modified"], - ) ), ( Sysno::pipe, ( - Process, + "create a unidirectional pipe for process communication", &[ ["pipefd", "pointer to array containing the read and write file descriptors"], @@ -203,7 +184,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::pipe2, ( - Process, + "create a unidirectional pipe for process communication, in additiona to flags for file opening behaviour", &[ ["pipefd", "pointer to array containing the read and write file descriptors"], @@ -218,7 +199,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::dup, ( - FileOp, "duplicate file descriptor", &[ ["oldfd", "file descriptor to be copied"], @@ -232,7 +212,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::dup2, ( - FileOp, "duplicate file descriptor with another file descriptor", &[ ["oldfd", "file descriptor to be copied"], @@ -245,7 +224,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::dup3, ( - FileOp, "duplicate file descriptor with another file descriptor with some useful flags", &[ ["oldfd", "file descriptor to be copied"], @@ -258,7 +236,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::access, ( - FileOp, "check permissions on a file", &[ ["pathname", "path of the file to be checked"], @@ -270,7 +247,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::faccessat, ( - FileOp, "check permissions on a file, with an optional anchor directory, and path resolution flags", &[ ["dirfd", "file descriptor of a path to use as anchor if pathname is relative"], @@ -284,7 +260,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::faccessat2, ( - FileOp, "check permissions on a file, with an optional anchor directory, and path resolution flags", &[ ["dirfd", "file descriptor of a path to use as anchor if pathname is relative"], @@ -295,14 +270,12 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ["numeric return", "0 on success (all permissions were granted), -1 on error (at least one permission was not granted), errno modified"], ) ), - // open and possibly create a file // open handles a relative path by considering it relative to the current process working directory // files must be opened first before being read from or written to ( Sysno::open, ( - FileOp, "open and possibly create a file", &[ ["filename", "path of the file to be opened"], @@ -320,7 +293,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::openat, ( - FileOp, "open and possibly create a file, use dirfd as anchor", &[ ["dirfd", "file descriptor of the anchor directory"], @@ -336,7 +308,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::openat2, ( - FileOp, "open and possibly create a file, use dirfd as anchor, and open_how for further customization", &[ ["dirfd", "file descriptor of the anchor directory"], @@ -351,8 +322,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::creat, ( - FileOp, - "create a file", + "create a file", &[ ["pathname", "path of the file to be opened"], ["mode", "file permission modes (rwx rwx rwx, set-uid, set-guid, sticky bits)"], @@ -363,7 +333,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::getcwd, ( - FileOp, "get current working directory", &[ ["buf", "buffer to fill with the absolute path of the current working directory"], @@ -375,7 +344,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::chdir, ( - FileOp, "change to a new directory using a specific path", &[ ["pathname", "the new path we're switching to"], @@ -386,7 +354,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::fchdir, ( - FileOp, "change to a new directory using a file desciptor", &[ ["fd", "file descriptor of the path we're switching to"], @@ -397,7 +364,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::rename, ( - FileOp, "rename a file and possibly move it", &[ ["oldpath", "old path of the file"], @@ -409,12 +375,10 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::renameat, ( - FileOp, "rename a file and possibly move it, with an optional anchor directory", &[ ["olddirfd", "file descriptor of a path to use as anchor if oldpath is relative"], ["oldpath", "old path of the file"], - ["newdirfd", "file descriptor of a path to use as anchor if newpath is relative"], ["newpath", "new path of the file"], ], @@ -424,12 +388,10 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::renameat2, ( - FileOp, "rename a file and possibly move it, with an optional anchor directory and flags for custom behaviour", &[ ["olddirfd", "file descriptor of a path to use as anchor if oldpath is relative"], ["oldpath", "old path of the file"], - ["newdirfd", "file descriptor of a path to use as anchor if newpath is relative"], ["newpath", "new path of the file"], @@ -441,7 +403,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::mkdir, ( - FileOp, "create a new directory using a path", &[ ["pathname", "path of the new directory to create"], @@ -453,7 +414,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::mkdirat, ( - FileOp, "create a new directory using a path and an optional anchor directory", &[ ["dirfd", "file descriptor of a path to use as anchor if pathname is relative"], @@ -473,7 +433,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // For example, if a malicious user is trying to modify or delete files in a system, // creating/deleting a hard link to the file is one way to do this. // Tracking the link() system call will notify if any files are modified in this way. - FileOp, "create a hard link for a file", &[ ["oldpath", "existing file we will link to"], @@ -486,7 +445,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::linkat, ( - FileOp, "create a hard link for a file, with an optional anchor directory, and path resolution flags", &[ ["olddirfd", "file descriptor of a path to use as anchor if oldpath is relative"], @@ -504,7 +462,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( // Each inode on your FileOp has a reference count - it knows how many places refer to it. A directory entry is a reference. Multiple references to the same inode can exist. unlink removes a reference. When the reference count is zero, then the inode is no longer in use and may be deleted. This is how many things work, such as hard linking and snap shots. // In particular - an open file handle is a reference. So you can open a file, unlink it, and continue to use it - it'll only be actually removed after the file handle is closed (provided the reference count drops to zero, and it's not open/hard linked anywhere else). - FileOp, "either deletes a file or directory, or in the case that other references still exist, simply reduces the reference count of the inode", &[ ["pathname", "path of the file or directory to be removed"], @@ -515,7 +472,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::unlinkat, ( - FileOp, "either deletes a file or directory, or in the case that other references still exist, simply reduces the reference count of the inode, in addtion to an optional anchor directory, and a behaviour customization flag", &[ ["dirfd", "file descriptor of a path to use as anchor if pathname is relative"], @@ -528,7 +484,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::rmdir, ( - FileOp, "delete a specific directory", &[ ["pathname", "path of the directory to remove"], @@ -541,7 +496,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // (point to a nonexistent file); Sysno::symlink, ( - FileOp, "create a symbolic link with the given name linked to the given target", &[ ["target", "path of the target file to be linked"], @@ -554,7 +508,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::symlinkat, ( - FileOp, "create a symbolic link with the given name linked to the given target", &[ ["target", "path of the target file to be linked"], @@ -569,7 +522,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // contents of the symbolic link pathname in the buffer buf, Sysno::readlink, ( - FileOp, "read the contents of a symbolic link (its target path) to a buffer", &[ ["pathname", "path of the symlink to be read"], @@ -582,7 +534,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::readlinkat, ( - FileOp, "read the contents of a symbolic link (its target path) to a buffer", &[ ["dirfd", "file descriptor of a path to use as anchor if pathname is relative"], @@ -596,7 +547,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::chmod, ( - FileOp, "change the mode (rwx rwx rwx, set-uid, set-guid, sticky bits) of the file given through a file path", &[ ["pathname", "path of the file to be altered"], @@ -608,7 +558,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::fchmod, ( - FileOp, "change the mode (rwx rwx rwx, set-uid, set-guid, sticky bits) of the file given through a file descriptor", &[ ["fd", "file descriptor of the file to be altered"], @@ -622,7 +571,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::fchmodat, ( - FileOp, "change the mode (rwx rwx rwx, set-uid, set-guid, sticky bits) of the file given through a file path, in addition to path traversal flags", &[ ["dirfd", "file descriptor of a path to use as anchor if pathname is relative"], @@ -639,7 +587,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::chown, ( - FileOp, "change the owner and group of a given file by its path", &[ ["pathname", "path of the file to be altered"], @@ -652,7 +599,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::fchown, ( - FileOp, "change the owner and group of a given file by its file descriptor", &[ ["fd", "file descriptor of the file to be altered"], @@ -667,7 +613,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::lchown, ( - FileOp, "change the owner and group of a given file by its path without recursing symbolic links", &[ ["pathname", "path of the file to be altered"], @@ -680,7 +625,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::fchownat, ( - FileOp, "change the owner and group of a given file by its path, with an optional anchor directory, in addition to path traversal flags", &[ ["dirfd", "file descriptor of a path to use as anchor if pathname is relative"], @@ -696,7 +640,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // file-system level sync Sysno::sync, ( - DiskIO, "flush all current pending filesystem data and metadata writes", &[], ["does not return anything", "does not return anything"], @@ -706,7 +649,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // file-system level sync Sysno::syncfs, ( - DiskIO, "flush all current pending filesystem data and metadata writes via a file descriptor within that filesystem", &[ ["fd", "file descriptor of a file inside the filesystem to be flushed"], @@ -718,7 +660,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // file level sync Sysno::fsync, ( - DiskIO, "flush all current pending data and metadata writes for a specific file", &[ ["fd", "file descriptor of the file whose pending writes are to be flushed"], @@ -732,7 +673,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // file level sync Sysno::fdatasync, ( - DiskIO, "flush all current pending data writes and ignore non-critical metadata writes for a specific file", &[ ["fd", "file descriptor of the file whose pending writes are to be flushed"], @@ -762,12 +702,10 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // file must be writable. Sysno::truncate, ( - DiskIO, "extend or truncate a file to a precise size", &[ ["path", "path of the file to be truncated or expanded"], ["length", "new length of the file"], - ], ["return value", "0 success. -1 for error and errno modified"], ) @@ -776,7 +714,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // file must be open for writing Sysno::ftruncate, ( - DiskIO, "extend or truncate a file to a precise size", &[ ["fd", "file descriptor of the file to be truncated or expanded"], @@ -795,11 +732,9 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // ), // ( // ), - // closes a file descriptor, so that it no longer refers to any file and may be reused ( Sysno::close, ( - FileOp, "close a file descriptor, will no longer refer to any file", &[ ["fd", "file descriptor of the file to be closed"], @@ -811,7 +746,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::stat, ( - FileOp, "find information about a file using its path", &[ ["pathname", "path of the file, CWD is used as anchor if relative"], @@ -824,7 +758,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::fstat, ( - FileOp, "find information about a file using a file descriptor", &[ ["fd", "file descriptor of the file"], @@ -838,7 +771,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::lstat, ( - FileOp, "find information about a file using a path without recursing symbolic links", &[ ["pathname", "path of the file, CWD is used as anchor if relative"], @@ -850,7 +782,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::newfstatat, ( - FileOp, "find information about a file using its path, while specifying an anchor, and path resolution flags", &[ ["dirfd", "file descriptor used either as anchor for pathname, or as a target file"], @@ -864,7 +795,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::statx, ( - FileOp, "find information about a file using its path, while specifying an anchor, path resolution flags, and specific fields to retrieve", &[ ["dirfd", "file descriptor of a path to use as anchor if pathname is relative"], @@ -879,7 +809,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::statfs, ( - FileOp, "get information about a specific filesystem using a path", &[ ["path", "path of the mounted file system"], @@ -891,7 +820,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::fstatfs, ( - FileOp, "get information about a specific filesystem using a file descriptor", &[ ["fd", "file descriptor of the mounted file system"], @@ -904,7 +832,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // deprecated syscall Sysno::ustat, ( - Device, + "", &[ ["dev", "number of the device where a filesystem is mounted"], @@ -916,7 +844,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::cachestat, ( - Memory, "get information about the page cache of a file", &[ ["fd", "file descriptor of the target file"], @@ -930,16 +857,13 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ["return value", "some error semantics"], ) ), - // ( // Sysno::statmount, // ), - // reposition read/write file offset ( Sysno::lseek, ( - DiskIO, "reposition read/write file offset", &[ ["fd", "file descriptor"], @@ -952,7 +876,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::mmap, ( - Memory, "create a memory mapping potentially backed by a file", &[ // Nullable @@ -971,7 +894,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::mprotect, ( - Memory, "set protection on a region of memory", &[ ["start", "starting address of the range to be protected"], @@ -985,7 +907,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::munmap, ( - Memory, "unmap previously mmapped region of memory", &[ ["addr", "address where memory unmapping will begin"], @@ -997,7 +918,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::brk, ( - Memory, "change the location of the program break", &[ ["address", "new program break address"], @@ -1011,7 +931,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::mlock, ( - Memory, "lock a range of memory in RAM, to prevent swapping", &[ ["addr", "starting address of the memory to be locked"], @@ -1025,7 +944,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::mlock2, ( - Memory, "lock a range of memory in RAM to prevent swapping, in addition to a flag that specifies how to handle non-resident pages", &[ ["addr", "starting address of the memory to be locked"], @@ -1042,12 +960,10 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ["return value", "0 success. -1 for error and errno modified and no changes made"], ) ), - ( // Memory locking and unlocking are performed in units of whole pages. Sysno::munlock, ( - Memory, "unlock a memory range and allow it to be swappable", &[ ["addr", "starting address of the memory to be unlocked"], @@ -1062,7 +978,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // this is equivalent to MAP_POPULATE (unless the flag is specified for custom behaviour for non-resident and future pages) Sysno::mlockall, ( - Memory, "lock the entire memory of a process to prevent swapping, in addition to flags for handling non-resident and future pages", &[ ["flags", "flags that addresses handling non-resident and future pages"], @@ -1074,8 +989,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // Memory locking and unlocking are performed in units of whole pages. Sysno::munlockall, ( - Memory, - "unlock the entire memory of a process, allowing it to be swappable", + "unlock the entire memory of a allowing it to be swappable", &[], ["return value", "0 success. -1 for error and errno modified and no changes made"], ) @@ -1084,7 +998,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::mremap, ( - Memory, "shrink or expand or move memory region", &[ // must be page aligned @@ -1100,7 +1013,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // flushes changes made to the file copy mapped in memory back to the filesystem. (Sysno::msync, ( - Memory, "flush changes made in an mmapped memory range back to the filesystem", &[ ["address", "address in the file mapping where flushing starts"], @@ -1116,7 +1028,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // memory in core Sysno::mincore, ( - Memory, "indicate in a vector which parts of a memory range are resident and which will cause a page fault if accessed", &[ ["addr", "address in the file mapping where calculation starts"], @@ -1130,7 +1041,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::madvise, ( - Memory, "give advice about use of memory in a specific range", &[ // only operates on whole pages @@ -1142,11 +1052,10 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ["numeric return", "0 on success, -1 on error, errno modified"], ) ), - ( Sysno::select, ( - AsyncIO, + "block while watching file descriptor sets for readiness to read, write, in addition to exceptional conditions", &[ ["nfds", "the number of the highest file descriptor in the three sets + 1, used by the kernel to loop each set"], @@ -1167,7 +1076,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::pselect6, ( - AsyncIO, + "block while watching file descriptor sets for readiness to read, write, in addition to exceptional conditions, and watch for new signals", &[ ["nfds", "the number of the highest file descriptor in the three sets + 1, used by the kernel to loop each set"], @@ -1194,7 +1103,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::poll, ( - AsyncIO, + "block until specific events occur on the provided file descriptors", &[ ["fds", "array of file descriptor-event pairs for poll to monitor"], @@ -1208,7 +1117,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::ppoll, ( - AsyncIO, + "block until specific events occur on the provided file descriptors or until some signals are caught", &[ ["fds", "array of file descriptor-event pairs for poll to monitor"], @@ -1228,7 +1137,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // the file descriptor returned by epoll_create() should be closed by using close(2) Sysno::epoll_create, ( - AsyncIO, + "creates a new epoll instance and return a file descriptor for it", &[ // in the past this size parameter told the kernel how many fds the caller expects to add @@ -1246,7 +1155,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // epoll_create but with a bahviour customizing flag Sysno::epoll_create1, ( - AsyncIO, + "creates a new epoll instance and return a file descriptor for it, in addition to customizing behaviour with a flag", &[ // if this argument is zero, this syscall is identical to epoll_create @@ -1262,7 +1171,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // • the timeout expires. Sysno::epoll_wait, ( - AsyncIO, + "block and wait for events on an epoll instance, equivalent to fetching from the ready list", &[ ["epfd", "file descriptor of the epoll instance to be waited on"], @@ -1281,7 +1190,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // similar to epoll_wait but in addition to waiting on specific signals Sysno::epoll_pwait, ( - AsyncIO, + "block and wait until either an event on the epoll instance or a signal, equivalent to fetching from the ready list or waiting for a signal", &[ ["epfd", "file descriptor of the epoll instance to be waited on"], @@ -1303,7 +1212,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // similar to epoll_pwait but has nanosend resolution Sysno::epoll_pwait2, ( - AsyncIO, + "block and wait until either an event on the epoll instance or a signal, equivalent to fetching from the ready list or waiting for a signal", &[ ["epfd", "file descriptor of the epoll instance to be waited on"], @@ -1324,7 +1233,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::epoll_ctl, ( - AsyncIO, + "add, modify, or remove entries in the interest list of the epoll instance", &[ ["epfd", "file descriptor of the epoll instance"], @@ -1338,7 +1247,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::socket, ( - Network, + "create a socket file descriptor", &[ ["family", "communication domain (Internet/IPV4, IPV6, Bluetooth, Amateur radio, XDP ..etc)"], @@ -1351,7 +1260,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::bind, ( - Network, + "assign an address to a socket file descriptor", &[ ["sockfd", "file descriptor of the socket to be assigned"], @@ -1364,7 +1273,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::getsockname, ( - Network, + "get the address a specific socket is bound to", &[ ["sockfd", "file descriptor of the socket we're getting the address of"], @@ -1382,7 +1291,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::getpeername, ( - Network, + "get the address of the peer connected to a specific socket", &[ ["sockfd", "file descriptor of the socket we're getting peer information of"], @@ -1401,7 +1310,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::socketpair, ( - Network, + "create a pair of connected sockets", &[ ["family", "communication domain (Internet/IPV4, IPV6, Bluetooth, Amateur radio, XDP ..etc)"], @@ -1417,18 +1326,16 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::setsockopt, ( - Network, + "set the options of a socket descriptor", &[ ["sockfd", "socket descriptor whose options will be manipulated"], ["level", "the protocol level in which the option resides"], ["optname", "name of the option"], - // the argument should be // nonzero to enable a boolean option, // or zero if the option is to be disabled. ["optval", "buffer containing the new option value to be set"], - ["optlen", "pointer to integer specifying the size in bytes of the option value buffer"], ], ["return value", "0 success. -1 for error and errno modified"], @@ -1437,13 +1344,12 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::getsockopt, ( - Network, + "retrieve the options of a socket descriptor", &[ ["sockfd", "socket descriptor whose options will be manipulated"], ["level", "the protocol level in which the option resides"], ["optname", "name of the option"], - ["optval", "buffer in which the retrieved option value will be stored"], // optlen is a value-result argument // initially containing the size of optval buffer @@ -1454,11 +1360,10 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ["return value", "0 success. -1 for error and errno modified"], ) ), - ( Sysno::listen, ( - Network, + "create a backlog queue, and mark the socket descriptor as passive (ready to accept connections)", &[ ["sockfd", "file descriptor of the socket to mark"], @@ -1470,7 +1375,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::accept, ( - Network, + "extract the first connection from the backlog queue", &[ ["sockfd", "file descriptor of the socket listening for connections"], @@ -1492,7 +1397,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // the flags are to: 1- set socket as non-blocking, 2- set socket as close-on-exec Sysno::accept4, ( - Network, + "extract the first connection from the connection queue in addition to specifying behaviour flag such as non-block and close-on-exec", &[ ["sockfd", "file descriptor of the socket listening for connections"], @@ -1513,7 +1418,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::connect, ( - Network, + "connect a socket file descriptor to an address", &[ ["sockfd", "file descriptor of the socket to be connected"], @@ -1526,7 +1431,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::sendto, ( - Network, + "send a message to another socket", &[ ["sockfd", "file descriptor of the sending socket"], @@ -1545,7 +1450,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::sendmsg, ( - Network, + "send a message to another socket", &[ ["sockfd", "file descriptor of the sending socket"], @@ -1558,7 +1463,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::recvfrom, ( - Network, + "receive a message from a socket", &[ ["sockfd", "file descriptor of the socket to receive data from"], @@ -1581,7 +1486,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::recvmsg, ( - Network, + "receive a message from a socket", &[ ["sockfd", "file descriptor of the socket to receive data from"], @@ -1597,7 +1502,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::shutdown, ( - Process, + "shut down a socket connection full or partially", &[ ["sockfd", "file descriptor of the affected socket"], @@ -1612,7 +1517,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::fcntl, ( - FileOp, + "perform a file operation on a file", &[ ["fd", "the file descriptor to be operated on"], @@ -1625,19 +1530,18 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::ioctl, ( - Device, + "carry out a specific operation/request on a device", &[ ["fd", "file descriptor of the device"], ["request", "code of the specific request to be carried out"], // The arg parameter to the ioctl is opaque at the generic vfs level (an opaque data type is a data type whose concrete data structure is not defined in an interface) // How to interpret it is up to the driver or filesystem that actually handles it - // So it may be a pointer to userspace memory, or it could be an index, a flag, whatever + // So it may be a pointer to userspace or it could be an index, a flag, whatever // It might even be unused and conventionally passed in a 0 ["argp", "typeless extra argument, the driver defineds it, and can vary based on what the driver wants"], ], ["return value", "0 on success (sometimes this is a output value), -1 on error, errno modified"], - ) ), // ( @@ -1646,7 +1550,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::arch_prctl, ( - Process, + "set architecture-specific process/thread state", &[ ["op", "specific operation to perform"], @@ -1662,7 +1566,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::sched_yield, ( - Process, + "relinquish the CPU, and move to the end of the queue", &[], ["numeric return", "0 on success, -1 on error, errno modified"], @@ -1671,7 +1575,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::rt_sigaction, ( - Signals, + "change action for a specific signal", &[ // can be any valid signal except SIGKILL and SIGSTOP. @@ -1687,7 +1591,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::rt_sigprocmask, ( - Signals, + "modify or get the signal mask (signals blocked from delivery) of the calling thread", &[ ["how", "specific signal for which the action should be changed"], @@ -1707,8 +1611,8 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // (its like what ptrace TRACE_ME does) Sysno::rt_sigsuspend, ( - Signals, - "temporarily alter the signal mask of the process, and suspend execution until the delivery of a signal that has a handler or one that terminates the thread", + + "temporarily alter the signal mask of the and suspend execution until the delivery of a signal that has a handler or one that terminates the thread", &[ // SIGKILL or SIGSTOP can not be blocked ["mask", "new temporary mask to be set"], @@ -1725,7 +1629,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // It should be fairly large, to avoid any danger that it will overflow Sysno::sigaltstack, ( - Signals, + "define an alternative signal stack or retrieve the state of the current one", &[ // can be null if dont want this part of the operation @@ -1740,7 +1644,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // created to immediately run after signal handlers, to clean up and correct stack pointer/program counter Sysno::rt_sigreturn, ( - Signals, + "return from signal handler and cleanup stack frame", &[], ["", ""], @@ -1749,7 +1653,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::rt_sigpending, ( - Signals, + "return the set of signals pending for delivery for the calling thread", &[ ["set", "pointer to struct set where the signals will be stored"], @@ -1761,7 +1665,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::rt_sigtimedwait, ( - Signals, + "suspends execution of the process until one of the signals provided is pending, or a given timeout is exceeded", &[ ["set", "pointer to struct containing the set of signals to check for"], @@ -1778,7 +1682,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // sends the data to an arbitrary thread with the thread group Sysno::rt_sigqueueinfo, ( - Signals, + "send a signal plus data to a process/thread group", &[ ["tgid", "id of the thread group where the signal will be sent"], @@ -1793,7 +1697,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // sends the data to a specific thread withing the thread group Sysno::rt_tgsigqueueinfo, ( - Signals, + "send a signal plus data to a specific thread within a process/thread group", &[ ["tgid", "id of the thread group where the signal will be sent"], @@ -1807,7 +1711,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::signalfd, ( - Signals, + "create a new file for accepting signals", &[ // fd of a file, or -1, let the kernel create a new file descriptor @@ -1822,8 +1726,8 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::signalfd4, ( - Signals, - "create a file descriptor for accepting signals, in addition to file customization flags", + + "create a file descriptor for accepting in addition to file customization flags", &[ // fd of a file, or -1, let the kernel create a new file descriptor ["fd", "file descriptor of the file to be used to receive signals"], @@ -1836,13 +1740,13 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ) ), // The pidfd_open syscall allows users to obtain a file descriptor referring to the PID of the specified process. - // This syscall is useful in situations where one process needs access to the PID of another process in order to send signals, - // retrieve information about the process, or similar operations. - // It can also be used to monitor the lifetime of the process, since the file descriptor is closed when the process terminates. + // This syscall is useful in situations where one process needs access to the PID of another process in order to send + // retrieve information about the or similar operations. + // It can also be used to monitor the lifetime of the since the file descriptor is closed when the process terminates. ( Sysno::pidfd_send_signal, ( - Signals, + "send a signal to a process specified by a file descriptor", &[ ["pidfd", "file descriptor of the process of where the siganl is to be sent"], @@ -1860,7 +1764,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // always successful Sysno::gettid, ( - Thread, + "get the thread id of the calling thread", &[], ["return value", "thread id of the calling thread"], @@ -1871,7 +1775,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // always successful Sysno::getpid, ( - Thread, + "get the process id of the calling process", &[], ["return value", "process id of the calling process"], @@ -1881,7 +1785,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // always successful Sysno::getppid, ( - Thread, + "get the process id of the parent process", &[], ["return value", "process id of the parent of the calling process"], @@ -1891,7 +1795,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::getrandom, ( - Device, + "fill a specified buffer with random bytes", &[ ["buf", "pointer to a buffer where the random bytes will be stored"], @@ -1904,7 +1808,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::setrlimit, ( - Process, + "set the soft and hard resource limits of a process", &[ ["resource", "specific resource type to limit"], @@ -1916,7 +1820,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::getrlimit, ( - Process, + "get the soft and hard resource limits of a process", &[ ["resource", "specific resource type to retrieve"], @@ -1930,7 +1834,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // NULL when you dont want either Sysno::prlimit64, ( - Process, + "get or set the soft and hard limits of a specific resource for a process", &[ // if zero then operate on the calling process @@ -1963,7 +1867,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { /* involuntary context switches */ Sysno::getrusage, ( - Process, + "get resource usage metrics for a specific process domain", &[ ["who", "which domain of the process to measure"], @@ -1975,7 +1879,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::sysinfo, ( - Process, + "get memory and swap usage metrics", &[ ["info", "pointer to a struct where the the system info will get stored"], @@ -1986,7 +1890,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::times, ( - Process, + "get time metrics for the calling process and its children", &[ ["buf", "pointer to a struct where various timing metrics for the process will get stored"], @@ -1997,7 +1901,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::sched_setaffinity, ( - CPU, + "set specific CPUs for this thread to run on", &[ // if zero then the calling thread is the thread referred to @@ -2011,7 +1915,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::sched_getaffinity, ( - CPU, + "find which CPUs this thread is allowed to run on", &[ // if zero then the calling thread is the thread referred to @@ -2029,7 +1933,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // The process's parent is sent a SIGCHLD signal. Sysno::exit, ( - Process, + "exit the calling process", &[ ["status", "status of the process on exit"], @@ -2040,7 +1944,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::exit_group, ( - Process, + "exit all threads in this process's thread group", &[ ["status", "status of the process on exit"], @@ -2054,7 +1958,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // similar to rt_tgsigqueueinfo Sysno::tgkill, ( - Thread, + "send a signal to a specific thread in a specific thread", &[ // If tgid is specified as -1, tgkill() is equivalent to tkill(). @@ -2069,7 +1973,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // similar to rt_sigqueueinfo Sysno::tkill, ( - Thread, + "send a signal to a specific thread in a specific thread", &[ ["tid", "id of the specific thread to which the signal will be sent"], @@ -2081,7 +1985,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::rseq, ( - Thread, + "register a per-thread data structure shared between kernel and user-space", &[ // Only one rseq can be registered per thread, @@ -2102,7 +2006,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::uname, ( - System, + "get system information", &[ ["mask", "pointer to struct where the system information will be stored"], @@ -2114,7 +2018,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // always successful Sysno::getuid, ( - Process, + "get the real user ID of the calling process", &[], ["return value", "the real user ID of the calling process"], @@ -2124,7 +2028,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // always successful Sysno::geteuid, ( - Process, + "get the effective user ID of the calling process", &[], ["return value", "the effective user ID of the calling process"], @@ -2134,7 +2038,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // always successful Sysno::getgid, ( - Process, + "get the real group ID of the calling process", &[], ["return value", "the real group ID of the calling process"], @@ -2144,7 +2048,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // always successful Sysno::getegid, ( - Process, + "get the effective group ID of the calling process", &[], ["return value", "the effective group ID of the calling process"], @@ -2155,7 +2059,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // then the real UID and saved set-user-ID are also set. Sysno::setuid, ( - Process, + "set the effective user ID of the calling process", &[ ["uid", "id of the thread group where the signal will be sent"], @@ -2169,7 +2073,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::setgid, ( - Process, + "set the effective user ID of the calling process", &[ ["gid", "id of the thread group where the signal will be sent"], @@ -2184,7 +2088,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // (for example semop). Sysno::futex, ( - AsyncIO, + "set the effective user ID of the calling process", &[ ["uaddr", "pointer to the futex-word"], @@ -2200,7 +2104,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( // always successful // When set_child_tid is set, the very first thing the new thread does is to write its thread ID at this address. - // When a thread whose clear_child_tid is not NULL terminates, then, // if the thread is sharing memory with other threads, then 0 is written at the address specified in // clear_child_tid and the kernel performs the following operation: @@ -2209,7 +2112,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // Errors from the futex wake operation are ignored. Sysno::set_tid_address, ( - Thread, + "set the `clear_child_tid` value for the calling thread to the id provided", &[ ["tidptr", "pointer to the thread id to use for `clear_child_tid`"], @@ -2220,7 +2123,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::eventfd, ( - FileOp, "create a file to use for event notifications/waiting", &[ ["initval", "value specific to each operation"], @@ -2231,7 +2133,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::eventfd2, ( - FileOp, "create a file to use for event notifications/waiting with custom file behaviour", &[ ["initval", "value specific to each operation"], @@ -2243,7 +2144,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::wait4, ( - Process, + "wait for a process to change state", &[ // < -1 wait for any child process whose process group ID is equal to the absolute value of pid. @@ -2266,10 +2167,9 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::waitid, ( - Process, + "wait until a specific event occurs for a specific child process", &[ - ["idtype", "categoty of process identifier to use for specifying the process"], ["id", "the specific id in the category defined by idtype"], ["infop", "pointer to a struct that will store the information about the child"], @@ -2298,7 +2198,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // and for every futex it cleans up and wakes any other waiter Sysno::set_robust_list, ( - Process, + "modify the robust futexes list of the calling thread", &[ ["head_ptr", "location of the head of the robust futex list"], @@ -2317,7 +2217,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // and for every futex it cleans up and wakes any other waiter Sysno::get_robust_list, ( - Process, + "retrieve the list of robust futexes for a specific thread", &[ ["pid", "id of the process to be modified"], @@ -2330,7 +2230,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::setpgid, ( - Process, + "set the process group ID of a specific process", &[ ["pid", "id of the process to be modified"], @@ -2342,7 +2242,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::getpgid, ( - Process, + "get the process group ID of a specific process", &[ ["pid", "id of the process to operate on"], @@ -2353,7 +2253,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::getpgrp, ( - Process, + "get the process group ID of the calling process", &[], ["return value", "process group id on success, -1 on error, errno modified"], @@ -2363,9 +2263,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // run in separate memory spaces. // At the time of fork() both memory spaces have the same content. // Memory writes, file mappings, unmappings, performed by one of the processes do not affect the other. - // The child process is an exact duplicate of the parent process except for the following points: - // • The child has its own unique process ID, // • The child's and parent have the same parent process ID @@ -2391,11 +2289,8 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // • The child does not inherit directory change notifications (dnotify) from its parent // • The prctl(2) PR_SET_PDEATHSIG setting is reset so that the child does not receive a signal when its parent terminates. - // • The default timer slack value is set to the parent's current timer slack value. - // • madvise(2) MADV_DONTFORK marked Memory mappings flag are not inherited - // • madvise(2) MADV_WIPEONFORK marked Memory mappings are wiped // • The termination signal of the child is always SIGCHLD (see clone(2)). @@ -2421,35 +2316,34 @@ pub fn initialize_syscall_annotations_map() -> HashMap { Sysno::fork, ( - Process, + "creates a new child process by duplicating the calling process", &[], - ["return value", "0 returned to the child process, and the new process id of the child returned to the calling process, -1 on error, errno modified"], + ["return value", "0 returned to the child and the new process id of the child returned to the calling -1 on error, errno modified"], ) ), ( // 1- simpler version of the fork() system call. // This is because executing the fork() system call, // (before the copy-on-write mechanism was created) - // involved copying everything from the parent process, including address space, + // involved copying everything from the parent including address space, // which was very inefficient. // // 2- the calling thread is suspended until the child terminates or makes a call to execve // This is because both processes use the same address space, // which contains the stack, stack pointer, and instruction pointer. - Sysno::vfork, ( - Process, - "creates a new child process, and suspend the calling process until child termination", + + "creates a new child and suspend the calling process until child termination", &[], - ["return value", "0 returned to the child process, and the new process id of the child returned to the calling process, -1 on error, errno modified"], + ["return value", "0 returned to the child and the new process id of the child returned to the calling -1 on error, errno modified"], ) ), ( Sysno::clone3, ( - Process, + "Create a new child thread", &[ ["cl_args", "pointer to a struct containing the parameters for the new thread"], @@ -2461,7 +2355,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::clone, ( - Process, + "Create a new child thread", &[ ["flags", "cloning customization flags"], @@ -2473,7 +2367,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ["return value", "thread id of the new child thread"], ) ), - // ( // Sysno::setsid, // ), @@ -2516,7 +2409,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::execve, ( - Process, + "execute a program using a pathname and replace the current program", &[ ["pathname", "path of the file of the program to be executed"], @@ -2533,7 +2426,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::nanosleep, ( - Process, + "suspend execution of the calling thread until the specified timeout, or ocurrence of siganl handling", &[ // The value of the nanoseconds field must be in the range [0, 999999999]. @@ -2595,59 +2488,45 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // ( // Sysno::iopl, // ) - // ( // Sysno::seccomp, // ) - // ( // Sysno::bpf, // ) - // ( // Sysno::semget, // ) - // ( // Sysno::semop, // ) - // ( // Sysno::semctl, // ) - // ( // Sysno::shmdt, // ) - // ( // Sysno::msgget, // ) - // ( // Sysno::msgsnd, // ) - // ( // Sysno::msgrcv, // ) - // ( // Sysno::msgctl, // ) - // ( // Sysno::flock, // ) - // ( // Sysno::gettimeofday, // ) - // ( // Sysno::ptrace, // ) - // ( // Sysno::syslog, // ) @@ -2666,7 +2545,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // they are resources "virtualization" tools Sysno::landlock_create_ruleset, ( - Security, "create a file descriptor for a landlock ruleset", &[ // these actions will by default be forbidden if no future rules explicitly allows them @@ -2684,7 +2562,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::landlock_add_rule, ( - Security, "add a new Landlock rule to an existing landlock ruleset", &[ ["ruleset_fd", "file descriptor of the landlock ruleset where the rule will be added"], @@ -2700,7 +2577,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::landlock_restrict_self, ( - Security, "enforce the ruleset in the provided file descriptor on the calling thread", &[ ["ruleset_fd", "file descriptor of the landlock ruleset"], @@ -2722,7 +2598,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // offset and len must be a multiple of the filesystem logical block size, Sysno::fallocate, ( - DiskIO, "modify the allocated disk space for a specific file", &[ ["fd", "file descriptor of the file to be modified"], @@ -2737,7 +2612,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // this is what runs behind the nice command Sysno::getpriority, ( - Process, + "get a processes' or user's scheduling priority", &[ ["which", "type of the target (process/process group/user)"], @@ -2750,7 +2625,7 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // this is what runs behind the nice command Sysno::setpriority, ( - Process, + "increase or decrease processes' or user's scheduling priority", &[ ["which", "type of the target (process/process group/user)"], @@ -2763,7 +2638,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { ( Sysno::getdents, ( - DiskIO, "get the directory entries for a specific directory", &[ ["fd", "file descriptor of the directory"], @@ -2778,7 +2652,6 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // handle large filesystems and large file offsets. Sysno::getdents64, ( - DiskIO, "get the directory entries for a specific directory", &[ ["fd", "file descriptor of the directory"], @@ -2792,563 +2665,424 @@ pub fn initialize_syscall_annotations_map() -> HashMap { // ( // Sysno::umask, // ) - // ( // Sysno::mknod, // ) - // ( // Sysno::mknodat, // ) - // ( // Sysno::getdents, // ) - // ( // Sysno::getdents64, // ) - // ( // Sysno::capget, // ) - // ( // Sysno::capset, // ) - // ( // Sysno::utime, // ) - // ( // Sysno::personality, // ) - // ( // Sysno::sysfs, // ) - // ( // Sysno::sched_setparam, // ) - // ( // Sysno::sched_getparam, // ) - // ( // Sysno::sched_setscheduler, // ) - // ( // Sysno::sched_get_priority_max, // ) - // ( // Sysno::sched_get_priority_min, // ) - // ( // Sysno::sched_rr_get_interval, // ) - // ( // Sysno::modify_ldt, // ) - // ( // Sysno::adjtimex, // ) - // ( // Sysno::settimeofday, // ) - // ( // Sysno::ioperm, // ) - // ( // Sysno::init_module, // ) - // ( // Sysno::delete_module, // ) - // ( // Sysno::quotactl, // ) - // ( // Sysno::readahead, // ) - // ( // Sysno::setxattr, // ) - // ( // Sysno::lsetxattr, // ) - // ( // Sysno::fsetxattr, // ) - // ( // Sysno::getxattr, // ) - // ( // Sysno::lgetxattr, // ) - // ( // Sysno::fgetxattr, // ) - // ( // Sysno::listxattr, // ) - // ( // Sysno::llistxattr, // ) - // ( // Sysno::flistxattr, // ) - // ( // Sysno::removexattr, // ) - // ( // Sysno::lremovexattr, // ) - // ( // Sysno::fremovexattr, // ) - // ( // Sysno::time, // ) - // ( // Sysno::sched_setaffinity, // ) - // ( // Sysno::sched_getaffinity, // ) - // ( // Sysno::io_setup, // ) - // ( // Sysno::io_getevents, // ) - // ( // Sysno::io_submit, // ) - // ( // Sysno::copy_file_range, // ) - // ( // Sysno::io_cancel, // ) - // ( // Sysno::splice, // ) - // ( // Sysno::vmsplice, // ) - // ( // Sysno::semtimedop, // ) - // ( // Sysno::fadvise64, // ) - // ( // Sysno::timer_create, // ) - // ( // Sysno::timer_settime, // ) - // ( // Sysno::timer_gettime, // ) - // ( // Sysno::timer_getoverrun, // ) - // ( // Sysno::timer_delete, // ) - // ( // Sysno::clock_settime, // ) - // ( // Sysno::clock_gettime, // ) - // ( // Sysno::clock_getres, // ) - // ( // Sysno::clock_nanosleep, // ) - // ( // Sysno::utimes, // ) - // ( // Sysno::mbind, // ) - // ( // Sysno::set_mempolicy, // ) - // ( // Sysno::get_mempolicy, // ) - // ( // Sysno::mq_open, // ) - // ( // Sysno::mq_timedreceive, // ) - // ( // Sysno::mq_notify, // ) - // ( // Sysno::mq_getsetattr, // ) - // ( // Sysno::kexec_load, // ) - // ( // Sysno::add_key, // ) - // ( // Sysno::request_key, // ) - // ( // Sysno::keyctl, // ) - // ( // Sysno::ioprio_set, // ) - // ( // Sysno::ioprio_get, // ) - // ( // Sysno::inotify_add_watch, // ) - // ( // Sysno::inotify_rm_watch, // ) - // ( // Sysno::migrate_pages, // ) - // ( // Sysno::futimesat, // ) - // ( // Sysno::tee, // ) - // ( // Sysno::sync_file_range, // ) - // ( // Sysno::move_pages, // ) - // ( // Sysno::utimensat, // ) - // ( // Sysno::timerfd_create, // ) - // ( // Sysno::timerfd_settime, // ) - // ( // Sysno::timerfd_gettime, // ) - // ( // Sysno::perf_event_open, // ) - // ( // Sysno::fanotify_init, // ) - // ( // Sysno::fanotify_mark, // ) - // ( // Sysno::name_to_handle_at, // ) - // ( // Sysno::open_by_handle_at, // ) - // ( // Sysno::clock_adjtime, // ) - // ( // Sysno::getcpu, // ) - // ( // Sysno::process_vm_readv, // ) - // ( // Sysno::process_vm_writev, // ) - // ( // Sysno::kcmp, // ) - // ( // Sysno::finit_module, // ) - // ( // Sysno::sched_setattr, // ) - // ( // Sysno::sched_getattr, // ) - // ( // Sysno::memfd_create, // ) - // ( // Sysno::kexec_file_load, // ) - // ( // Sysno::membarrier, // ) - // ( // Sysno::pkey_mprotect, // ) - // ( // Sysno::faccessat2, // ) - // ( // Sysno::pkey_alloc, // ) - // ( // Sysno::io_pgetevents, // ) - // ( // Sysno::io_uring_setup, // ) - // ( // Sysno::io_uring_enter, // ) - // ( // Sysno::io_uring_register, // ) - // ( // Sysno::open_tree, // ) - // ( // Sysno::move_mount, // ) - // ( // Sysno::fsopen, // ) - // ( // Sysno::fsconfig, // ) - // ( // Sysno::fsmount, // ) - // ( // Sysno::fspick, // ) - // ( // Sysno::pidfd_open, // ) - // ( // Sysno::close_range, // ) - // ( // Sysno::pidfd_getfd, // ) - // ( // Sysno::process_madvise, // ) - // ( // Sysno::mount_setattr, // ) - // ( // Sysno::quotactl_fd, // ) - // ( // Sysno::memfd_secret, // ) - // ( // Sysno::process_mrelease, // ) - // ( // Sysno::futex_waitv, // ) - // ( // Sysno::set_mempolicy_home_node, // ) - // ( // Sysno::map_shadow_stack, // ) - // ( // Sysno::futex_wake, // ) - // ( // Sysno::futex_wait, // ) - // ( // Sysno::futex_requeue, // ) - // ( // Sysno::listmount, // ) - // ( // Sysno::lsm_get_self_attr, // ) - // ( // Sysno::lsm_set_self_attr, // ) - // ( // Sysno::lsm_list_modules, // ) // ( // Sysno::sched_getscheduler // ) - // ( // Sysno::vhangup // ) - // ( // Sysno::acct // ) - // ( // Sysno::io_destroy // ) - // ( // Sysno::restart_syscall // ) - // ( // Sysno::mq_unlink // ) - // ( // Sysno::inotify_init // ) - // ( // Sysno::inotify_init1 // ) - // ( // Sysno::setns // ) - // ( // Sysno::userfaultfd // ) - // ( // Sysno::pkey_free // ) ]; - array.into_iter().collect() } diff --git a/src/syscall_categories.rs b/src/syscall_categories.rs new file mode 100644 index 0000000..5e54efe --- /dev/null +++ b/src/syscall_categories.rs @@ -0,0 +1,177 @@ +use crate::types::Category; +use std::collections::HashMap; +use syscalls::Sysno; + +pub fn initialize_syscall_category_map() -> HashMap { + use Category::*; + let array: Vec<(Sysno, Category)> = vec![ + (Sysno::read, DiskIO), + (Sysno::write, DiskIO), + (Sysno::pread64, DiskIO), + (Sysno::pwrite64, DiskIO), + (Sysno::readv, DiskIO), + (Sysno::writev, DiskIO), + (Sysno::preadv, DiskIO), + (Sysno::pwritev, DiskIO), + (Sysno::preadv2, DiskIO), + (Sysno::pwritev2, DiskIO), + (Sysno::pipe, Process), + (Sysno::pipe2, Process), + (Sysno::dup, FileOp), + (Sysno::dup2, FileOp), + (Sysno::dup3, FileOp), + (Sysno::access, FileOp), + (Sysno::faccessat, FileOp), + (Sysno::faccessat2, FileOp), + (Sysno::open, FileOp), + (Sysno::openat, FileOp), + (Sysno::openat2, FileOp), + (Sysno::creat, FileOp), + (Sysno::getcwd, FileOp), + (Sysno::chdir, FileOp), + (Sysno::fchdir, FileOp), + (Sysno::rename, FileOp), + (Sysno::renameat, FileOp), + (Sysno::renameat2, FileOp), + (Sysno::mkdir, FileOp), + (Sysno::mkdirat, FileOp), + (Sysno::link, FileOp), + (Sysno::linkat, FileOp), + (Sysno::unlink, FileOp), + (Sysno::unlinkat, FileOp), + (Sysno::rmdir, FileOp), + (Sysno::symlink, FileOp), + (Sysno::symlinkat, FileOp), + (Sysno::readlink, FileOp), + (Sysno::readlinkat, FileOp), + (Sysno::chmod, FileOp), + (Sysno::fchmod, FileOp), + (Sysno::fchmodat, FileOp), + (Sysno::chown, FileOp), + (Sysno::fchown, FileOp), + (Sysno::lchown, FileOp), + (Sysno::fchownat, FileOp), + (Sysno::sync, DiskIO), + (Sysno::syncfs, DiskIO), + (Sysno::fsync, DiskIO), + (Sysno::fdatasync, DiskIO), + (Sysno::truncate, DiskIO), + (Sysno::ftruncate, DiskIO), + (Sysno::close, FileOp), + (Sysno::stat, FileOp), + (Sysno::fstat, FileOp), + (Sysno::lstat, FileOp), + (Sysno::newfstatat, FileOp), + (Sysno::statx, FileOp), + (Sysno::statfs, FileOp), + (Sysno::fstatfs, FileOp), + (Sysno::ustat, Device), + (Sysno::cachestat, Memory), + (Sysno::lseek, DiskIO), + (Sysno::mmap, Memory), + (Sysno::mprotect, Memory), + (Sysno::munmap, Memory), + (Sysno::brk, Memory), + (Sysno::mlock, Memory), + (Sysno::mlock2, Memory), + (Sysno::munlock, Memory), + (Sysno::mlockall, Memory), + (Sysno::munlockall, Memory), + (Sysno::mremap, Memory), + (Sysno::msync, Memory), + (Sysno::mincore, Memory), + (Sysno::madvise, Memory), + (Sysno::select, AsyncIO), + (Sysno::pselect6, AsyncIO), + (Sysno::poll, AsyncIO), + (Sysno::ppoll, AsyncIO), + (Sysno::epoll_create, AsyncIO), + (Sysno::epoll_create1, AsyncIO), + (Sysno::epoll_wait, AsyncIO), + (Sysno::epoll_pwait, AsyncIO), + (Sysno::epoll_pwait2, AsyncIO), + (Sysno::epoll_ctl, AsyncIO), + (Sysno::socket, Network), + (Sysno::bind, Network), + (Sysno::getsockname, Network), + (Sysno::getpeername, Network), + (Sysno::socketpair, Network), + (Sysno::setsockopt, Network), + (Sysno::getsockopt, Network), + (Sysno::listen, Network), + (Sysno::accept, Network), + (Sysno::accept4, Network), + (Sysno::connect, Network), + (Sysno::sendto, Network), + (Sysno::sendmsg, Network), + (Sysno::recvfrom, Network), + (Sysno::recvmsg, Network), + (Sysno::shutdown, Process), + (Sysno::fcntl, FileOp), + (Sysno::ioctl, Device), + (Sysno::arch_prctl, Process), + (Sysno::sched_yield, Process), + (Sysno::rt_sigaction, Signals), + (Sysno::rt_sigprocmask, Signals), + (Sysno::rt_sigsuspend, Signals), + (Sysno::sigaltstack, Signals), + (Sysno::rt_sigreturn, Signals), + (Sysno::rt_sigpending, Signals), + (Sysno::rt_sigtimedwait, Signals), + (Sysno::rt_sigqueueinfo, Signals), + (Sysno::rt_tgsigqueueinfo, Signals), + (Sysno::signalfd, Signals), + (Sysno::signalfd4, Signals), + (Sysno::pidfd_send_signal, Signals), + (Sysno::gettid, Thread), + (Sysno::getpid, Thread), + (Sysno::getppid, Thread), + (Sysno::getrandom, Device), + (Sysno::setrlimit, Process), + (Sysno::getrlimit, Process), + (Sysno::prlimit64, Process), + (Sysno::getrusage, Process), + (Sysno::sysinfo, Process), + (Sysno::times, Process), + (Sysno::sched_setaffinity, CPU), + (Sysno::sched_getaffinity, CPU), + (Sysno::exit, Process), + (Sysno::exit_group, Process), + (Sysno::tgkill, Thread), + (Sysno::tkill, Thread), + (Sysno::rseq, Thread), + (Sysno::uname, System), + (Sysno::getuid, Process), + (Sysno::geteuid, Process), + (Sysno::getgid, Process), + (Sysno::getegid, Process), + (Sysno::setuid, Process), + (Sysno::setgid, Process), + (Sysno::futex, AsyncIO), + (Sysno::set_tid_address, Thread), + (Sysno::eventfd, FileOp), + (Sysno::eventfd2, FileOp), + (Sysno::wait4, Process), + (Sysno::waitid, Process), + (Sysno::set_robust_list, Process), + (Sysno::get_robust_list, Process), + (Sysno::setpgid, Process), + (Sysno::getpgid, Process), + (Sysno::getpgrp, Process), + (Sysno::fork, Process), + (Sysno::vfork, Process), + (Sysno::clone3, Process), + (Sysno::clone, Process), + (Sysno::nanosleep, Process), + (Sysno::execve, Process), + (Sysno::landlock_create_ruleset, Security), + (Sysno::landlock_add_rule, Security), + (Sysno::landlock_restrict_self, Security), + (Sysno::fallocate, DiskIO), + (Sysno::getpriority, Process), + (Sysno::setpriority, Process), + (Sysno::getdents, DiskIO), + (Sysno::getdents64, DiskIO), + ]; + array.into_iter().collect() +} diff --git a/src/syscall_object.rs b/src/syscall_object.rs index df3233c..367f710 100644 --- a/src/syscall_object.rs +++ b/src/syscall_object.rs @@ -6,7 +6,10 @@ use crate::{ mlock2, Annotation, Bytes, BytesPagesRelevant, Category, Flag, LandlockCreateFlags, LandlockRuleTypeFlags, SysArg, SysReturn, Syscall_Shape, }, - utilities::{lose_relativity_on_path, FOLLOW_FORKS, SYSANNOT_MAP, SYSKELETON_MAP, UNSUPPORTED}, + utilities::{ + lose_relativity_on_path, FOLLOW_FORKS, SYSANNOT_MAP, SYSCALL_CATEGORIES, SYSKELETON_MAP, + UNSUPPORTED, + }, }; use colored::{ColoredString, Colorize}; @@ -116,94 +119,96 @@ impl SyscallObject { let sysno = Sysno::from(registers.orig_rax as i32); let syscall = match SYSKELETON_MAP.get(&sysno) { Some(&Syscall_Shape { - category, types, syscall_return, - }) => match types.len() { - 0 => SyscallObject { - sysno, - category: category, - args: vec![], - skeleton: types.into_iter().cloned().collect(), - result: (None, syscall_return), - process_pid: child, - errno: None, - ..Default::default() - }, - 1 => SyscallObject { - sysno, - category: category, - args: vec![registers.rdi], - skeleton: types.into_iter().cloned().collect(), - result: (None, syscall_return), - process_pid: child, - errno: None, - ..Default::default() - }, - 2 => SyscallObject { - sysno, - category: category, - args: vec![registers.rdi, registers.rsi], - skeleton: types.into_iter().cloned().collect(), - result: (None, syscall_return), - process_pid: child, - errno: None, - ..Default::default() - }, - 3 => SyscallObject { - sysno, - category: category, - args: vec![registers.rdi, registers.rsi, registers.rdx], - skeleton: types.into_iter().cloned().collect(), - result: (None, syscall_return), - process_pid: child, - errno: None, - ..Default::default() - }, - 4 => SyscallObject { - sysno, - category: category, - args: vec![registers.rdi, registers.rsi, registers.rdx, registers.r10], - skeleton: types.into_iter().cloned().collect(), - result: (None, syscall_return), - process_pid: child, - errno: None, - ..Default::default() - }, - 5 => SyscallObject { - sysno, - category: category, - args: vec![ - registers.rdi, - registers.rsi, - registers.rdx, - registers.r10, - registers.r8, - ], - skeleton: types.into_iter().cloned().collect(), - result: (None, syscall_return), - process_pid: child, - errno: None, - ..Default::default() - }, - _ => SyscallObject { - sysno, - category: category, - args: vec![ - registers.rdi, - registers.rsi, - registers.rdx, - registers.r10, - registers.r8, - registers.r9, - ], - skeleton: types.into_iter().cloned().collect(), - result: (None, syscall_return), - process_pid: child, - errno: None, - ..Default::default() - }, - }, + }) => { + let category = *SYSCALL_CATEGORIES.get(&sysno).unwrap(); + return match types.len() { + 0 => SyscallObject { + sysno, + category: category, + args: vec![], + skeleton: types.into_iter().cloned().collect(), + result: (None, syscall_return), + process_pid: child, + errno: None, + ..Default::default() + }, + 1 => SyscallObject { + sysno, + category: category, + args: vec![registers.rdi], + skeleton: types.into_iter().cloned().collect(), + result: (None, syscall_return), + process_pid: child, + errno: None, + ..Default::default() + }, + 2 => SyscallObject { + sysno, + category: category, + args: vec![registers.rdi, registers.rsi], + skeleton: types.into_iter().cloned().collect(), + result: (None, syscall_return), + process_pid: child, + errno: None, + ..Default::default() + }, + 3 => SyscallObject { + sysno, + category: category, + args: vec![registers.rdi, registers.rsi, registers.rdx], + skeleton: types.into_iter().cloned().collect(), + result: (None, syscall_return), + process_pid: child, + errno: None, + ..Default::default() + }, + 4 => SyscallObject { + sysno, + category: category, + args: vec![registers.rdi, registers.rsi, registers.rdx, registers.r10], + skeleton: types.into_iter().cloned().collect(), + result: (None, syscall_return), + process_pid: child, + errno: None, + ..Default::default() + }, + 5 => SyscallObject { + sysno, + category: category, + args: vec![ + registers.rdi, + registers.rsi, + registers.rdx, + registers.r10, + registers.r8, + ], + skeleton: types.into_iter().cloned().collect(), + result: (None, syscall_return), + process_pid: child, + errno: None, + ..Default::default() + }, + _ => SyscallObject { + sysno, + category: category, + args: vec![ + registers.rdi, + registers.rsi, + registers.rdx, + registers.r10, + registers.r8, + registers.r9, + ], + skeleton: types.into_iter().cloned().collect(), + result: (None, syscall_return), + process_pid: child, + errno: None, + ..Default::default() + }, + }; + } None => { // unsafe { // if !UNSUPPORTED.contains(&sysno.name()) { diff --git a/src/syscall_object_annotations.rs b/src/syscall_object_annotations.rs index 45bc91b..8ba7e90 100644 --- a/src/syscall_object_annotations.rs +++ b/src/syscall_object_annotations.rs @@ -6,7 +6,9 @@ use crate::{ mlock2, Annotation, Bytes, BytesPagesRelevant, Category, Flag, LandlockCreateFlags, LandlockRuleTypeFlags, SysArg, SysReturn, Syscall_Shape, }, - utilities::{lose_relativity_on_path, FOLLOW_FORKS, SYSANNOT_MAP, SYSKELETON_MAP}, + utilities::{ + lose_relativity_on_path, FOLLOW_FORKS, SYSANNOT_MAP, SYSCALL_CATEGORIES, SYSKELETON_MAP, + }, }; use colored::{ColoredString, Colorize}; @@ -98,9 +100,10 @@ impl From<&mut SyscallObject> for SyscallObject_Annotations { one_line, }: &mut SyscallObject, ) -> Self { - if let Some(&(category, description, annotations_arg_containers, return_annotation)) = + if let Some(&(description, annotations_arg_containers, return_annotation)) = SYSANNOT_MAP.get(&sysno) { + let category = *SYSCALL_CATEGORIES.get(&sysno).unwrap(); SyscallObject_Annotations { sysno: *sysno, description, @@ -216,22 +219,17 @@ impl SyscallObject_Annotations { pub(crate) fn build_annotations(registers: &user_regs_struct, child: Pid) -> Self { let sysno = Sysno::from(registers.orig_rax as i32); match SYSANNOT_MAP.get(&sysno) { - Some(( - category, - syscall_description, - annotations_arg_containers, - return_annotation, - )) => { + Some((syscall_description, annotations_arg_containers, return_annotation)) => { let Syscall_Shape { - category, types, syscall_return, } = SYSKELETON_MAP.get(&sysno).unwrap(); + let category = *SYSCALL_CATEGORIES.get(&sysno).unwrap(); match annotations_arg_containers.len() { 0 => SyscallObject_Annotations { sysno, description: syscall_description, - category: *category, + category: category, rich_args: vec![], result: (None, *return_annotation, *syscall_return), process_pid: child, @@ -241,7 +239,7 @@ impl SyscallObject_Annotations { 1 => SyscallObject_Annotations { sysno, description: syscall_description, - category: *category, + category: category, rich_args: vec![annotations_arg_containers[0]], result: (None, *return_annotation, *syscall_return), process_pid: child, @@ -251,7 +249,7 @@ impl SyscallObject_Annotations { 2 => SyscallObject_Annotations { sysno, description: syscall_description, - category: *category, + category: category, rich_args: vec![ annotations_arg_containers[0], annotations_arg_containers[1], @@ -264,7 +262,7 @@ impl SyscallObject_Annotations { 3 => SyscallObject_Annotations { sysno, description: syscall_description, - category: *category, + category: category, rich_args: vec![ annotations_arg_containers[0], annotations_arg_containers[1], @@ -278,7 +276,7 @@ impl SyscallObject_Annotations { 4 => SyscallObject_Annotations { sysno, description: syscall_description, - category: *category, + category: category, rich_args: vec![ annotations_arg_containers[0], annotations_arg_containers[1], @@ -293,7 +291,7 @@ impl SyscallObject_Annotations { 5 => SyscallObject_Annotations { sysno, description: syscall_description, - category: *category, + category: category, rich_args: vec![ annotations_arg_containers[0], annotations_arg_containers[1], @@ -309,7 +307,7 @@ impl SyscallObject_Annotations { _ => SyscallObject_Annotations { sysno, description: syscall_description, - category: *category, + category: category, rich_args: vec![ annotations_arg_containers[0], annotations_arg_containers[1], diff --git a/src/syscall_skeleton_map.rs b/src/syscall_skeleton_map.rs index e521c23..4bd1fd0 100644 --- a/src/syscall_skeleton_map.rs +++ b/src/syscall_skeleton_map.rs @@ -13,7 +13,6 @@ use syscalls::Sysno; // TODO! switch to phf later pub fn initialize_syscall_skeleton_map() -> HashMap { - use Category::*; use Flag::*; use SysArg::*; use SysReturn::*; @@ -22,7 +21,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::read, Syscall_Shape { - category: DiskIO, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -35,7 +33,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::write, Syscall_Shape { - category: DiskIO, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -59,7 +56,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // also: stateless read Sysno::pread64, Syscall_Shape { - category: DiskIO, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -77,7 +73,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // also: stateless write Sysno::pwrite64, Syscall_Shape { - category: DiskIO, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -97,7 +92,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // to read into non-contiguous memory locations Sysno::readv, Syscall_Shape { - category: DiskIO, types: &[File_Descriptor(""), Array_Of_Struct, Unsigned_Numeric], syscall_return: Length_Of_Bytes_Specific_Or_Errno, }, @@ -106,7 +100,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // same as readv Sysno::writev, Syscall_Shape { - category: DiskIO, types: &[ File_Descriptor(""), Array_Of_Struct, @@ -120,7 +113,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // parallel read vectored Sysno::preadv, Syscall_Shape { - category: DiskIO, types: &[ File_Descriptor(""), Array_Of_Struct, @@ -134,7 +126,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // parallel write vectored Sysno::pwritev, Syscall_Shape { - category: DiskIO, types: &[ File_Descriptor(""), Array_Of_Struct, @@ -147,7 +138,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::preadv2, Syscall_Shape { - category: DiskIO, types: &[ File_Descriptor(""), Array_Of_Struct, @@ -161,7 +151,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::pwritev2, Syscall_Shape { - category: DiskIO, types: &[ File_Descriptor(""), Array_Of_Struct, @@ -175,7 +164,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::pipe, Syscall_Shape { - category: Process, types: &[Pointer_To_File_Descriptor_Array(["", ""])], syscall_return: Numeric_Or_Errno, }, @@ -183,7 +171,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::pipe2, Syscall_Shape { - category: Process, types: &[ Pointer_To_File_Descriptor_Array(["", ""]), General_Flag(Open), @@ -196,7 +183,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::dup, Syscall_Shape { - category: FileOp, types: &[File_Descriptor("")], syscall_return: File_Descriptor_Or_Errno(""), }, @@ -207,7 +193,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::dup2, Syscall_Shape { - category: FileOp, types: &[File_Descriptor(""), File_Descriptor("")], syscall_return: File_Descriptor_Or_Errno(""), }, @@ -216,7 +201,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::dup3, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor(""), File_Descriptor(""), @@ -228,7 +212,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::access, Syscall_Shape { - category: FileOp, types: &[Pointer_To_Text(""), General_Flag(Access)], syscall_return: Numeric_Or_Errno, }, @@ -236,7 +219,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::faccessat, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -249,7 +231,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::faccessat2, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -265,7 +246,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::open, Syscall_Shape { - category: FileOp, types: &[ Pointer_To_Text(""), // flags: one of the following modes: O_RDONLY, O_WRONLY, or O_RDWR. @@ -282,7 +262,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::openat, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor_openat(""), Pointer_To_Text(""), @@ -297,7 +276,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::openat2, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -311,7 +289,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::creat, Syscall_Shape { - category: FileOp, types: &[Pointer_To_Text(""), General_Flag(FileMode)], syscall_return: File_Descriptor_Or_Errno(""), }, @@ -319,7 +296,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::getcwd, Syscall_Shape { - category: FileOp, types: &[Pointer_To_Text(""), Length_Of_Bytes_Specific], syscall_return: Address_Or_Errno_getcwd(""), }, @@ -327,7 +303,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::chdir, Syscall_Shape { - category: FileOp, types: &[Pointer_To_Text("")], syscall_return: Numeric_Or_Errno, }, @@ -335,7 +310,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::fchdir, Syscall_Shape { - category: FileOp, types: &[File_Descriptor("")], syscall_return: Numeric_Or_Errno, }, @@ -343,7 +317,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::rename, Syscall_Shape { - category: FileOp, types: &[Pointer_To_Text(""), Pointer_To_Text("")], syscall_return: Numeric_Or_Errno, }, @@ -351,7 +324,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::renameat, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -364,7 +336,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::renameat2, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -378,7 +349,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::mkdir, Syscall_Shape { - category: FileOp, types: &[Pointer_To_Text(""), General_Flag(FileMode)], syscall_return: Numeric_Or_Errno, }, @@ -386,7 +356,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::mkdirat, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -399,7 +368,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { Sysno::link, Syscall_Shape { // after hard linking it is impossible to tell which file was the original - category: FileOp, // because they both point to the same inode now // // The link() system call can be used to detect and trace malicious or suspicious file modification. @@ -417,7 +385,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::linkat, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -433,7 +400,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { Sysno::unlink, Syscall_Shape { // Each inode on your FileOp has a reference count - it knows how many places refer to it. A directory entry is a reference. Multiple references to the same inode can exist. unlink removes a reference. When the reference count is zero, then the inode is no longer in use and may be deleted. This is how many things work, such as hard linking and snap shots. - category: FileOp, // In particular - an open file handle is a reference. So you can open a file, unlink it, and continue to use it - it'll only be actually removed after the file handle is closed (provided the reference count drops to zero, and it's not open/hard linked anywhere else). types: &[Pointer_To_Text("")], syscall_return: Numeric_Or_Errno, @@ -442,7 +408,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::unlinkat, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -454,7 +419,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::rmdir, Syscall_Shape { - category: FileOp, types: &[Pointer_To_Text("")], syscall_return: Numeric_Or_Errno, }, @@ -464,7 +428,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // (point to a nonexistent file); Sysno::symlink, Syscall_Shape { - category: FileOp, types: &[ Pointer_To_Text(""), // If linkpath exists, it will not be overwritten. @@ -476,7 +439,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::symlinkat, Syscall_Shape { - category: FileOp, types: &[ Pointer_To_Text(""), File_Descriptor(""), @@ -490,7 +452,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // contents of the symbolic link pathname in the buffer buf, Sysno::readlink, Syscall_Shape { - category: FileOp, types: &[ Pointer_To_Text(""), Pointer_To_Text(""), @@ -502,7 +463,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::readlinkat, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -515,7 +475,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::chmod, Syscall_Shape { - category: FileOp, types: &[Pointer_To_Text(""), General_Flag(FileMode)], syscall_return: Numeric_Or_Errno, }, @@ -523,7 +482,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::fchmod, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor(""), // the RWX combination variants are infact a combination of the 3 R W X flags @@ -536,7 +494,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::fchmodat, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -552,7 +509,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::chown, Syscall_Shape { - category: FileOp, types: &[Pointer_To_Text(""), Unsigned_Numeric, Unsigned_Numeric], syscall_return: Numeric_Or_Errno, }, @@ -560,7 +516,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::fchown, Syscall_Shape { - category: FileOp, types: &[File_Descriptor(""), Unsigned_Numeric, Unsigned_Numeric], syscall_return: Numeric_Or_Errno, }, @@ -570,7 +525,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::lchown, Syscall_Shape { - category: FileOp, types: &[Pointer_To_Text(""), Unsigned_Numeric, Unsigned_Numeric], syscall_return: Numeric_Or_Errno, }, @@ -578,7 +532,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::fchownat, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -593,7 +546,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // file-system level sync Sysno::sync, Syscall_Shape { - category: DiskIO, types: &[], syscall_return: Does_Not_Return_Anything, }, @@ -602,7 +554,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // file-system level sync Sysno::syncfs, Syscall_Shape { - category: DiskIO, types: &[File_Descriptor("")], syscall_return: Numeric_Or_Errno, }, @@ -611,7 +562,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // file level sync Sysno::fsync, Syscall_Shape { - category: DiskIO, types: &[File_Descriptor("")], syscall_return: Numeric_Or_Errno, }, @@ -622,7 +572,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // file level sync Sysno::fdatasync, Syscall_Shape { - category: DiskIO, types: &[File_Descriptor("")], syscall_return: Numeric_Or_Errno, }, @@ -649,7 +598,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // file must be writable. Sysno::truncate, Syscall_Shape { - category: DiskIO, types: &[Pointer_To_Text(""), Length_Of_Bytes_Specific], syscall_return: Numeric_Or_Errno, }, @@ -658,7 +606,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // file must be open for writing Sysno::ftruncate, Syscall_Shape { - category: DiskIO, types: &[File_Descriptor(""), Length_Of_Bytes_Specific], syscall_return: Numeric_Or_Errno, }, @@ -678,7 +625,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::close, Syscall_Shape { - category: FileOp, types: &[File_Descriptor("")], syscall_return: Numeric_Or_Errno, }, @@ -687,7 +633,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::stat, Syscall_Shape { - category: FileOp, types: &[Pointer_To_Text(""), Pointer_To_Struct], syscall_return: Numeric_Or_Errno, }, @@ -696,7 +641,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::fstat, Syscall_Shape { - category: FileOp, types: &[File_Descriptor(""), Pointer_To_Struct], syscall_return: Numeric_Or_Errno, }, @@ -706,7 +650,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::lstat, Syscall_Shape { - category: FileOp, types: &[Pointer_To_Text(""), Pointer_To_Struct], syscall_return: Numeric_Or_Errno, }, @@ -714,7 +657,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::newfstatat, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -727,7 +669,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::statx, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -741,7 +682,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::statfs, Syscall_Shape { - category: FileOp, types: &[Pointer_To_Text(""), Pointer_To_Struct], syscall_return: Numeric_Or_Errno, }, @@ -749,7 +689,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::fstatfs, Syscall_Shape { - category: FileOp, types: &[File_Descriptor(""), Pointer_To_Struct], syscall_return: Numeric_Or_Errno, }, @@ -758,7 +697,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // deprecated syscall Sysno::ustat, Syscall_Shape { - category: Device, types: &[Unsigned_Numeric, Pointer_To_Struct], syscall_return: Numeric_Or_Errno, }, @@ -766,7 +704,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::cachestat, Syscall_Shape { - category: Memory, types: &[ File_Descriptor(""), // pages ceil @@ -787,7 +724,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::lseek, Syscall_Shape { - category: DiskIO, types: &[ File_Descriptor(""), Length_Of_Bytes_Specific, @@ -799,7 +735,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::mmap, Syscall_Shape { - category: Memory, types: &[ // Nullable Address, @@ -817,7 +752,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::mprotect, Syscall_Shape { - category: Memory, types: &[ Address, Length_Of_Bytes_Page_Aligned_Ceil, @@ -830,7 +764,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::munmap, Syscall_Shape { - category: Memory, types: &[Address, Length_Of_Bytes_Page_Aligned_Ceil], syscall_return: Numeric_Or_Errno, }, @@ -838,7 +771,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::brk, Syscall_Shape { - category: Memory, types: &[Address], // However, the actual Linux system call returns the new program break on success. syscall_return: Address_Or_Errno(""), @@ -848,7 +780,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::mlock, Syscall_Shape { - category: Memory, types: &[ Address, // Pages Ceil @@ -861,7 +792,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::mlock2, Syscall_Shape { - category: Memory, types: &[ Address, // Pages Ceil @@ -881,7 +811,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // Memory locking and unlocking are performed in units of whole pages. Sysno::munlock, Syscall_Shape { - category: Memory, types: &[ Address, // Pages Ceil @@ -895,7 +824,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // this is equivalent to MAP_POPULATE (unless the flag is specified for custom behaviour for non-resident and future pages) Sysno::mlockall, Syscall_Shape { - category: Memory, types: &[General_Flag(MLockAll)], syscall_return: Numeric_Or_Errno, }, @@ -904,7 +832,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // Memory locking and unlocking are performed in units of whole pages. Sysno::munlockall, Syscall_Shape { - category: Memory, types: &[], syscall_return: Numeric_Or_Errno, }, @@ -913,7 +840,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::mremap, Syscall_Shape { - category: Memory, types: &[ // must be page aligned Address, @@ -929,7 +855,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::msync, Syscall_Shape { - category: Memory, types: &[ Address, Length_Of_Bytes_Page_Aligned_Ceil, @@ -944,7 +869,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // memory in core Sysno::mincore, Syscall_Shape { - category: Memory, types: &[Address, Length_Of_Bytes_Page_Aligned_Ceil, Byte_Stream], syscall_return: Numeric_Or_Errno, }, @@ -953,7 +877,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::madvise, Syscall_Shape { - category: Memory, types: &[ // only operates on whole pages // so must be page aligned @@ -967,7 +890,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::select, Syscall_Shape { - category: AsyncIO, types: &[ Numeric, // you can set any of these sets to NULL if you don’t care about waiting for it @@ -987,7 +909,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::pselect6, Syscall_Shape { - category: AsyncIO, types: &[ Numeric, // you can set any of these sets to NULL if you don’t care about waiting for it @@ -1013,7 +934,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::poll, Syscall_Shape { - category: AsyncIO, types: &[Array_Of_Struct, Unsigned_Numeric, Numeric], // It doesn’t tell you which elements (you still have to scan for that), it only tell you how many, syscall_return: Numeric_Or_Errno, @@ -1022,7 +942,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::ppoll, Syscall_Shape { - category: AsyncIO, types: &[ Array_Of_Struct, Unsigned_Numeric, @@ -1040,7 +959,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // the file descriptor returned by epoll_create() should be closed by using close(2) Sysno::epoll_create, Syscall_Shape { - category: AsyncIO, types: &[ // in the past this size parameter told the kernel how many fds the caller expects to add // the kerenl now however does not need that information and instead dynamically allocates space @@ -1057,7 +975,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // epoll_create but with a bahviour customizing flag Sysno::epoll_create1, Syscall_Shape { - category: AsyncIO, types: &[ // if this argument is zero, this syscall is identical to epoll_create General_Flag(EPollCreate1Flags), @@ -1072,7 +989,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // • the timeout expires. Sysno::epoll_wait, Syscall_Shape { - category: AsyncIO, types: &[ File_Descriptor(""), Pointer_To_Struct, @@ -1090,7 +1006,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // similar to epoll_wait but in addition to waiting on specific signals Sysno::epoll_pwait, Syscall_Shape { - category: AsyncIO, types: &[ File_Descriptor(""), Pointer_To_Struct, @@ -1111,7 +1026,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // similar to epoll_pwait but has nanosend resolution Sysno::epoll_pwait2, Syscall_Shape { - category: AsyncIO, types: &[ File_Descriptor(""), Pointer_To_Struct, @@ -1131,7 +1045,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::epoll_ctl, Syscall_Shape { - category: AsyncIO, types: &[ File_Descriptor(""), General_Flag(EPollCTLOperationFlags), @@ -1144,7 +1057,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::socket, Syscall_Shape { - category: Network, types: &[ General_Flag(SocketFamily), General_Flag(SocketType), @@ -1156,7 +1068,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::bind, Syscall_Shape { - category: Network, types: &[ File_Descriptor(""), Pointer_To_Struct, @@ -1168,7 +1079,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::getsockname, Syscall_Shape { - category: Network, types: &[ File_Descriptor(""), // The returned information is truncated if the buffer provided is too small (addrlen small) @@ -1185,7 +1095,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::getpeername, Syscall_Shape { - category: Network, types: &[ File_Descriptor(""), // The returned information is truncated @@ -1203,7 +1112,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::socketpair, Syscall_Shape { - category: Network, types: &[ General_Flag(SocketFamily), General_Flag(SocketType), @@ -1218,7 +1126,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::setsockopt, Syscall_Shape { - category: Network, types: &[ File_Descriptor(""), General_Flag(SocketLevel), @@ -1235,7 +1142,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::getsockopt, Syscall_Shape { - category: Network, types: &[ File_Descriptor(""), General_Flag(SocketLevel), @@ -1253,7 +1159,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::listen, Syscall_Shape { - category: Network, types: &[File_Descriptor(""), Numeric], syscall_return: Numeric_Or_Errno, }, @@ -1261,7 +1166,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::accept, Syscall_Shape { - category: Network, types: &[ File_Descriptor(""), // nullable, and when nullable it is not filled @@ -1282,7 +1186,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // the flags are to: 1- set socket as non-blocking, 2- set socket as close-on-exec Sysno::accept4, Syscall_Shape { - category: Network, types: &[ File_Descriptor(""), // nullable, and when nullable it is not filled @@ -1302,7 +1205,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::connect, Syscall_Shape { - category: Network, types: &[ File_Descriptor(""), Pointer_To_Struct, @@ -1314,7 +1216,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::sendto, Syscall_Shape { - category: Network, types: &[ File_Descriptor(""), Pointer_To_Text(""), @@ -1332,7 +1233,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::sendmsg, Syscall_Shape { - category: Network, types: &[ File_Descriptor(""), Pointer_To_Struct, @@ -1344,7 +1244,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::recvfrom, Syscall_Shape { - category: Network, types: &[ File_Descriptor(""), // If a message is too long to fit in the supplied buffer, @@ -1366,7 +1265,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::recvmsg, Syscall_Shape { - category: Network, types: &[ File_Descriptor(""), // If a message is too long to fit in the supplied buffer, @@ -1381,7 +1279,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::shutdown, Syscall_Shape { - category: Process, types: &[File_Descriptor(""), General_Flag(SocketShutdownFlag)], syscall_return: Numeric_Or_Errno, }, @@ -1392,7 +1289,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::fcntl, Syscall_Shape { - category: FileOp, types: &[ File_Descriptor(""), General_Flag(FcntlFlags), @@ -1404,7 +1300,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::ioctl, Syscall_Shape { - category: Device, types: &[ File_Descriptor(""), Unsigned_Numeric, @@ -1423,7 +1318,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::arch_prctl, Syscall_Shape { - category: Process, types: &[ General_Flag(ArchPrctlFlags), // TODO! this argument is a number for set operations and a pointer to a number for get operations @@ -1438,7 +1332,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::sched_yield, Syscall_Shape { - category: Process, types: &[], syscall_return: Numeric_Or_Errno, }, @@ -1446,7 +1339,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::rt_sigaction, Syscall_Shape { - category: Signals, types: &[ // can be any valid signal except SIGKILL and SIGSTOP. General_Flag(Signal), @@ -1461,7 +1353,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::rt_sigprocmask, Syscall_Shape { - category: Signals, types: &[ General_Flag(SignalHow), // If NULL, then the signal mask is unchanged. @@ -1480,7 +1371,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // (its like what ptrace TRACE_ME does) Sysno::rt_sigsuspend, Syscall_Shape { - category: Signals, types: &[ // SIGKILL or SIGSTOP can not be blocked Pointer_To_Struct, @@ -1497,7 +1387,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // It should be fairly large, to avoid any danger that it will overflow Sysno::sigaltstack, Syscall_Shape { - category: Signals, types: &[ // can be null if dont want this part of the operation Pointer_To_Struct, @@ -1511,7 +1400,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // created to immediately run after signal handlers, to clean up and correct stack pointer/program counter Sysno::rt_sigreturn, Syscall_Shape { - category: Signals, types: &[], syscall_return: Never_Returns, }, @@ -1519,7 +1407,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::rt_sigpending, Syscall_Shape { - category: Signals, types: &[Pointer_To_Struct, Length_Of_Bytes_Specific], syscall_return: Numeric_Or_Errno, }, @@ -1527,7 +1414,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::rt_sigtimedwait, Syscall_Shape { - category: Signals, types: &[ Pointer_To_Struct, // NULLABLE @@ -1543,7 +1429,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // sends the data to an arbitrary thread with the thread group Sysno::rt_sigqueueinfo, Syscall_Shape { - category: Signals, types: &[PID, General_Flag(Signal), Pointer_To_Struct], syscall_return: Numeric_Or_Errno, }, @@ -1553,7 +1438,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // sends the data to a specific thread withing the thread group Sysno::rt_tgsigqueueinfo, Syscall_Shape { - category: Signals, types: &[PID, PID, General_Flag(Signal), Pointer_To_Struct], syscall_return: Numeric_Or_Errno, }, @@ -1561,7 +1445,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::signalfd, Syscall_Shape { - category: Signals, types: &[ // fd of a file, or -1, let the kernel create a new file descriptor File_Descriptor(""), @@ -1575,7 +1458,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::signalfd4, Syscall_Shape { - category: Signals, types: &[ // fd of a file, or -1, let the kernel create a new file descriptor File_Descriptor(""), @@ -1594,7 +1476,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::pidfd_send_signal, Syscall_Shape { - category: Signals, types: &[ File_Descriptor(""), General_Flag(Signal), @@ -1611,7 +1492,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // always successful Sysno::gettid, Syscall_Shape { - category: Thread, types: &[], syscall_return: Always_Successful_Numeric, }, @@ -1621,7 +1501,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // always successful Sysno::getpid, Syscall_Shape { - category: Thread, types: &[], syscall_return: Always_Successful_Numeric, }, @@ -1630,7 +1509,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // always successful Sysno::getppid, Syscall_Shape { - category: Thread, types: &[], syscall_return: Always_Successful_Numeric, }, @@ -1639,7 +1517,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::getrandom, Syscall_Shape { - category: Device, types: &[ Pointer_To_Struct, Length_Of_Bytes_Specific, @@ -1651,7 +1528,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::setrlimit, Syscall_Shape { - category: Process, types: &[General_Flag(ResourceFlags), Pointer_To_Struct], syscall_return: Numeric_Or_Errno, }, @@ -1659,7 +1535,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::getrlimit, Syscall_Shape { - category: Process, types: &[General_Flag(ResourceFlags), Pointer_To_Struct], syscall_return: Numeric_Or_Errno, }, @@ -1669,7 +1544,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // NULL when you dont want either Sysno::prlimit64, Syscall_Shape { - category: Process, types: &[ // if zero then operate on the calling process PID, @@ -1701,7 +1575,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { /* involuntary context switches */ Sysno::getrusage, Syscall_Shape { - category: Process, types: &[General_Flag(RusageWhoFlags), Pointer_To_Struct], syscall_return: Numeric_Or_Errno, }, @@ -1709,7 +1582,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::sysinfo, Syscall_Shape { - category: Process, types: &[Pointer_To_Struct], syscall_return: Numeric_Or_Errno, }, @@ -1717,7 +1589,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::times, Syscall_Shape { - category: Process, types: &[Pointer_To_Struct], syscall_return: Numeric_Or_Errno, }, @@ -1725,7 +1596,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::sched_setaffinity, Syscall_Shape { - category: CPU, types: &[ // if zero then the calling thread is the thread referred to PID, @@ -1738,7 +1608,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::sched_getaffinity, Syscall_Shape { - category: CPU, types: &[ // if zero then the calling thread is the thread referred to PID, @@ -1755,7 +1624,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // The process's parent is sent a SIGCHLD signal. Sysno::exit, Syscall_Shape { - category: Process, types: &[Numeric], syscall_return: Never_Returns, }, @@ -1763,7 +1631,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::exit_group, Syscall_Shape { - category: Process, types: &[Numeric], syscall_return: Never_Returns, }, @@ -1774,7 +1641,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // similar to rt_tgsigqueueinfo Sysno::tgkill, Syscall_Shape { - category: Thread, types: &[ // If tgid is specified as -1, tgkill() is equivalent to tkill(). PID, @@ -1788,7 +1654,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // similar to rt_sigqueueinfo Sysno::tkill, Syscall_Shape { - category: Thread, types: &[PID, General_Flag(Signal)], syscall_return: Numeric_Or_Errno, }, @@ -1796,7 +1661,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::rseq, Syscall_Shape { - category: Thread, types: &[ // Only one rseq can be registered per thread, Pointer_To_Struct, @@ -1816,7 +1680,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::uname, Syscall_Shape { - category: System, types: &[Pointer_To_Struct], syscall_return: Numeric_Or_Errno, }, @@ -1825,7 +1688,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // always successful Sysno::getuid, Syscall_Shape { - category: Process, types: &[], syscall_return: Always_Successful_User_Group, }, @@ -1834,7 +1696,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // always successful Sysno::geteuid, Syscall_Shape { - category: Process, types: &[], syscall_return: Always_Successful_User_Group, }, @@ -1843,7 +1704,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // always successful Sysno::getgid, Syscall_Shape { - category: Process, types: &[], syscall_return: Always_Successful_User_Group, }, @@ -1852,7 +1712,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // always successful Sysno::getegid, Syscall_Shape { - category: Process, types: &[], syscall_return: Always_Successful_User_Group, }, @@ -1862,7 +1721,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // then the real UID and saved set-user-ID are also set. Sysno::setuid, Syscall_Shape { - category: Process, types: &[User_Group], // The user ID specified in uid is not valid in this user namespace. syscall_return: Numeric_Or_Errno, @@ -1872,7 +1730,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::setgid, Syscall_Shape { - category: Process, types: &[User_Group], // The calling process is not privileged (does not have the CAP_SETGID), syscall_return: Numeric_Or_Errno, @@ -1883,7 +1740,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // (for example semop). Sysno::futex, Syscall_Shape { - category: AsyncIO, types: &[ Pointer_To_Unsigned_Numeric, General_Flag(FutexOpFlags), @@ -1907,7 +1763,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // Errors from the futex wake operation are ignored. Sysno::set_tid_address, Syscall_Shape { - category: Thread, types: &[Pointer_To_Numeric(None)], syscall_return: Numeric_Or_Errno, }, @@ -1915,7 +1770,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::eventfd, Syscall_Shape { - category: FileOp, types: &[Unsigned_Numeric], syscall_return: File_Descriptor_Or_Errno(""), }, @@ -1923,7 +1777,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::eventfd2, Syscall_Shape { - category: FileOp, types: &[Unsigned_Numeric, General_Flag(EventfdFlag)], syscall_return: File_Descriptor_Or_Errno(""), }, @@ -1931,7 +1784,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::wait4, Syscall_Shape { - category: Process, types: &[ // < -1 wait for any child process whose process group ID is equal to the absolute value of pid. // -1 wait for any child process. @@ -1953,7 +1805,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::waitid, Syscall_Shape { - category: Process, types: &[ General_Flag(WaitIdTypeFlags), User_Group, @@ -1983,7 +1834,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // and for every futex it cleans up and wakes any other waiter Sysno::set_robust_list, Syscall_Shape { - category: Process, types: &[Address, Numeric], syscall_return: Numeric_Or_Errno, }, @@ -1998,7 +1848,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // and for every futex it cleans up and wakes any other waiter Sysno::get_robust_list, Syscall_Shape { - category: Process, types: &[User_Group, Address, Pointer_To_Numeric(None)], syscall_return: Numeric_Or_Errno, }, @@ -2006,7 +1855,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::setpgid, Syscall_Shape { - category: Process, types: &[User_Group, User_Group], syscall_return: Numeric_Or_Errno, }, @@ -2014,7 +1862,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::getpgid, Syscall_Shape { - category: Process, types: &[User_Group], syscall_return: Numeric_Or_Errno, }, @@ -2022,7 +1869,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::getpgrp, Syscall_Shape { - category: Process, types: &[], syscall_return: Numeric_Or_Errno, }, @@ -2088,7 +1934,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // may share the directory stream positioning; on Linux/glibc they do not. Sysno::fork, Syscall_Shape { - category: Process, types: &[], syscall_return: Numeric_Or_Errno, }, @@ -2105,7 +1950,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // which contains the stack, stack pointer, and instruction pointer. Sysno::vfork, Syscall_Shape { - category: Process, types: &[], syscall_return: Numeric_Or_Errno, }, @@ -2113,7 +1957,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::clone3, Syscall_Shape { - category: Process, types: &[Pointer_To_Struct, Unsigned_Numeric], syscall_return: Numeric_Or_Errno, }, @@ -2121,7 +1964,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::clone, Syscall_Shape { - category: Process, types: &[ General_Flag(CloneFlags), Address, @@ -2174,7 +2016,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::nanosleep, Syscall_Shape { - category: Process, types: &[ // The value of the nanoseconds field must be in the range [0, 999999999]. Pointer_To_Struct, @@ -2187,7 +2028,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::execve, Syscall_Shape { - category: Process, types: &[ Pointer_To_Text(""), // the first of these strings should be the filename of the file being executed @@ -2323,7 +2163,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // they are resources "virtualization" tools Sysno::landlock_create_ruleset, Syscall_Shape { - category: Security, types: &[ // these actions will by default be forbidden if no future rules explicitly allows them // Nullable @@ -2340,7 +2179,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::landlock_add_rule, Syscall_Shape { - category: Security, types: &[ File_Descriptor(""), // currently only LANDLOCK_RULE_PATH_BENEATH : bla is file hierarchy. @@ -2355,7 +2193,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::landlock_restrict_self, Syscall_Shape { - category: Security, types: &[ File_Descriptor(""), // must be 0 @@ -2376,7 +2213,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // offset and len must be a multiple of the filesystem logical block size, Sysno::fallocate, Syscall_Shape { - category: DiskIO, types: &[ File_Descriptor(""), General_Flag(FallocFlags), @@ -2390,7 +2226,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // this is what runs behind the nice command Sysno::getpriority, Syscall_Shape { - category: Process, types: &[General_Flag(PriorityWhich), Numeric], syscall_return: Priority_Or_Errno(MaybeUninit::::zeroed()), }, @@ -2399,7 +2234,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // this is what runs behind the nice command Sysno::setpriority, Syscall_Shape { - category: Process, types: &[General_Flag(PriorityWhich), Numeric, Unsigned_Numeric], syscall_return: Numeric_Or_Errno, }, @@ -2407,7 +2241,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { ( Sysno::getdents, Syscall_Shape { - category: DiskIO, types: &[File_Descriptor(""), Pointer_To_Struct, Unsigned_Numeric], // On end of directory, 0 is returned. syscall_return: Length_Of_Bytes_Specific_Or_Errno, @@ -2417,7 +2250,6 @@ pub fn initialize_syscall_skeleton_map() -> HashMap { // handle large filesystems and large file offsets. Sysno::getdents64, Syscall_Shape { - category: DiskIO, types: &[File_Descriptor(""), Pointer_To_Struct, Unsigned_Numeric], // On end of directory, 0 is returned. syscall_return: Length_Of_Bytes_Specific_Or_Errno, diff --git a/src/types.rs b/src/types.rs index e2f7c41..5ed47b9 100644 --- a/src/types.rs +++ b/src/types.rs @@ -4,11 +4,10 @@ use std::{convert::Infallible, fmt::Display, marker::PhantomData, mem::MaybeUnin pub type Annotation = [&'static str; 2]; -pub type SysAnnotations = (Category, &'static str, &'static [Annotation], Annotation); +pub type SysAnnotations = (&'static str, &'static [Annotation], Annotation); #[derive(Clone)] pub struct Syscall_Shape { - pub category: Category, pub types: &'static [SysArg], pub syscall_return: SysReturn, } diff --git a/src/utilities.rs b/src/utilities.rs index dc08d50..b417df3 100644 --- a/src/utilities.rs +++ b/src/utilities.rs @@ -1,4 +1,4 @@ -use crate::{syscall_annotations_map::initialize_syscall_annotations_map, syscall_skeleton_map::initialize_syscall_skeleton_map, types::{SysAnnotations, Syscall_Shape}}; +use crate::{syscall_annotations_map::initialize_syscall_annotations_map, syscall_categories::initialize_syscall_category_map, syscall_skeleton_map::initialize_syscall_skeleton_map, types::{Category, SysAnnotations, Syscall_Shape}}; use lazy_static::lazy_static; use nix::{errno::Errno, libc::__errno_location, unistd::Pid}; use procfs::process::{MMapPath, MemoryMap}; @@ -28,6 +28,7 @@ lazy_static! { pub static ref OUTPUT_FOLLOW_FORKS: Mutex> = Mutex::new(HashMap::new()); pub static ref SYSANNOT_MAP: HashMap = initialize_syscall_annotations_map(); pub static ref SYSKELETON_MAP: HashMap = initialize_syscall_skeleton_map(); + pub static ref SYSCALL_CATEGORIES: HashMap = initialize_syscall_category_map(); pub static ref PAGE_SIZE: usize = page_size::get(); }