osquery-1/osquery/process/posix/process_ops.cpp

/**
 * Copyright (c) 2014-present, The osquery authors
 *
 * This source code is licensed as defined by the LICENSE file found in the
 * root directory of this source tree.
 *
 * SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only)
 */

#include <string>

#include <dlfcn.h>
#include <stdlib.h>

#include <sys/resource.h>
#include <sys/syscall.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/wait.h>

#include <boost/optional.hpp>

#include <osquery/core/flags.h>
#include <osquery/process/process.h>

namespace osquery {

DECLARE_uint64(alarm_timeout);

uint32_t platformGetUid() {
  return ::getuid();
}

bool isLauncherProcessDead(PlatformProcess& launcher) {
  if (!launcher.isValid()) {
    return true;
  }

  return (::getppid() != launcher.nativeHandle());
}

ModuleHandle platformModuleOpen(const std::string& path) {
  return ::dlopen(path.c_str(), RTLD_NOW | RTLD_LOCAL);
}

void* platformModuleGetSymbol(ModuleHandle module, const std::string& symbol) {
  return ::dlsym(module, symbol.c_str());
}

std::string platformModuleGetError() {
  return ::dlerror();
}

bool platformModuleClose(ModuleHandle module) {
  return (::dlclose(module) == 0);
}

void setToBackgroundPriority() {
  setpriority(PRIO_PGRP, 0, 10);
}

// Helper function to determine if thread is running with admin privilege.
bool isUserAdmin() {
  return getuid() == 0;
}

int platformGetPid() {
  return static_cast<int>(getpid());
}

uint64_t platformGetTid() {
  return std::hash<std::thread::id>()(std::this_thread::get_id());
}
}
license: Change license to Apache 2.0 and GPLv2 (#4007) 2017-12-19 00:04:06 +00:00			`/**`
Update copyright notices (#6589) Bulk update copyright notices from Facebook to "The osquery authors" 2020-08-11 20:46:54 +00:00			`* Copyright (c) 2014-present, The osquery authors`
Abstracted platform specific process operations into a common interface. (#2069) Added Windows support for process operations. Added unit tests for process abstraction code for POSIX and Windows. Modified CMake config files to support building the new code and unit tests. 2016-05-11 21:16:32 +00:00			`*`
Update copyright notices (#6589) Bulk update copyright notices from Facebook to "The osquery authors" 2020-08-11 20:46:54 +00:00			`* This source code is licensed as defined by the LICENSE file found in the`
			`* root directory of this source tree.`
			`*`
			`* SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only)`
Abstracted platform specific process operations into a common interface. (#2069) Added Windows support for process operations. Added unit tests for process abstraction code for POSIX and Windows. Modified CMake config files to support building the new code and unit tests. 2016-05-11 21:16:32 +00:00			`*/`

			`#include <string>`

Support for extensions (#2363) 2016-08-31 23:45:06 +00:00			`#include <dlfcn.h>`
Abstracted platform specific process operations into a common interface. (#2069) Added Windows support for process operations. Added unit tests for process abstraction code for POSIX and Windows. Modified CMake config files to support building the new code and unit tests. 2016-05-11 21:16:32 +00:00			`#include <stdlib.h>`

			`#include <sys/resource.h>`
Fix deadlock in RocksDB log callback (#2749) 2016-12-03 07:24:08 +00:00			`#include <sys/syscall.h>`
Abstracted platform specific process operations into a common interface. (#2069) Added Windows support for process operations. Added unit tests for process abstraction code for POSIX and Windows. Modified CMake config files to support building the new code and unit tests. 2016-05-11 21:16:32 +00:00			`#include <sys/time.h>`
			`#include <sys/types.h>`
			`#include <sys/wait.h>`

			`#include <boost/optional.hpp>`

refactor: Move osquery/include files to appropriate places (#6557) 2020-08-11 15:54:54 +00:00			`#include <osquery/core/flags.h>`
Move build system to BUCK fbshipit-source-id: 8ffef5e6a393ac67ce56dcb74845402e43d964a0 2018-09-21 18:54:31 +00:00			`#include <osquery/process/process.h>`
Abstracted platform specific process operations into a common interface. (#2069) Added Windows support for process operations. Added unit tests for process abstraction code for POSIX and Windows. Modified CMake config files to support building the new code and unit tests. 2016-05-11 21:16:32 +00:00
			`namespace osquery {`

Allow watchdog watcher to wait for child exits (#2908) 2017-01-13 02:09:46 +00:00			`DECLARE_uint64(alarm_timeout);`

Fix several integer conversions in process_ops Fix UsersTest.test_sanity on Windows. uid and gid were returned as int (while they normally are unsigned int) and converted to signed integers in the table row. This is wrong because beyond uid and gid not being ints, they are taken from the RID part of the SID which in some cases, like for a Service SID, it can have a value higher than then maximum value of an int, so in the end the number shown in table is negative. Now they are returned as uint32_t and converted as BIGINTs for the table that uses them. Fix other functions return values and conversions depending on the meaning of the value. On Windows stick to its specific types where possible. Convert CRLF to LF on some of the files modified. 2019-07-01 15:19:57 +00:00			`uint32_t platformGetUid() {`
Extending chrome browser extension table to Windows (#2619) 2016-10-14 17:23:37 +00:00			`return ::getuid();`
Core and Additional Tests (#2441) 2016-09-12 16:46:52 +00:00			`}`

Abstracted platform specific process operations into a common interface. (#2069) Added Windows support for process operations. Added unit tests for process abstraction code for POSIX and Windows. Modified CMake config files to support building the new code and unit tests. 2016-05-11 21:16:32 +00:00			`bool isLauncherProcessDead(PlatformProcess& launcher) {`
			`if (!launcher.isValid()) {`
Introduce scheduler reload feature (#2917) 2017-01-26 01:48:33 +00:00			`return true;`
Abstracted platform specific process operations into a common interface. (#2069) Added Windows support for process operations. Added unit tests for process abstraction code for POSIX and Windows. Modified CMake config files to support building the new code and unit tests. 2016-05-11 21:16:32 +00:00			`}`

			`return (::getppid() != launcher.nativeHandle());`
			`}`

Support for extensions (#2363) 2016-08-31 23:45:06 +00:00			`ModuleHandle platformModuleOpen(const std::string& path) {`
			`return ::dlopen(path.c_str(), RTLD_NOW \| RTLD_LOCAL);`
			`}`

			`void* platformModuleGetSymbol(ModuleHandle module, const std::string& symbol) {`
			`return ::dlsym(module, symbol.c_str());`
			`}`

			`std::string platformModuleGetError() {`
			`return ::dlerror();`
			`}`
Abstracted platform specific process operations into a common interface. (#2069) Added Windows support for process operations. Added unit tests for process abstraction code for POSIX and Windows. Modified CMake config files to support building the new code and unit tests. 2016-05-11 21:16:32 +00:00
Support for extensions (#2363) 2016-08-31 23:45:06 +00:00			`bool platformModuleClose(ModuleHandle module) {`
			`return (::dlclose(module) == 0);`
			`}`

			`void setToBackgroundPriority() {`
			`setpriority(PRIO_PGRP, 0, 10);`
			`}`
Upgrade LLVM to 3.8.1 on Linux (#2436) (#2435) 2016-09-02 21:53:04 +00:00
			`// Helper function to determine if thread is running with admin privilege.`
			`bool isUserAdmin() {`
			`return getuid() == 0;`
			`}`
Extending chrome browser extension table to Windows (#2619) 2016-10-14 17:23:37 +00:00
			`int platformGetPid() {`
process: Aesthetic changes to process and process_ops (#3678) 2017-09-10 17:58:38 +00:00			`return static_cast<int>(getpid());`
Extending chrome browser extension table to Windows (#2619) 2016-10-14 17:23:37 +00:00			`}`
Fix deadlock in RocksDB log callback (#2749) 2016-12-03 07:24:08 +00:00
Fix several integer conversions in process_ops Fix UsersTest.test_sanity on Windows. uid and gid were returned as int (while they normally are unsigned int) and converted to signed integers in the table row. This is wrong because beyond uid and gid not being ints, they are taken from the RID part of the SID which in some cases, like for a Service SID, it can have a value higher than then maximum value of an int, so in the end the number shown in table is negative. Now they are returned as uint32_t and converted as BIGINTs for the table that uses them. Fix other functions return values and conversions depending on the meaning of the value. On Windows stick to its specific types where possible. Convert CRLF to LF on some of the files modified. 2019-07-01 15:19:57 +00:00			`uint64_t platformGetTid() {`
[Tidy] Fix syscall deprecation on macOS (#3354) 2017-05-31 00:08:20 +00:00			`return std::hash<std::thread::id>()(std::this_thread::get_id());`
Fix deadlock in RocksDB log callback (#2749) 2016-12-03 07:24:08 +00:00			`}`
Abstracted platform specific process operations into a common interface. (#2069) Added Windows support for process operations. Added unit tests for process abstraction code for POSIX and Windows. Modified CMake config files to support building the new code and unit tests. 2016-05-11 21:16:32 +00:00			`}`