github.com/criyle/go-sandbox@v0.10.3/runner/ptrace/filehandler/handle.go (about) 1 package filehandler 2 3 import ( 4 "github.com/criyle/go-sandbox/ptracer" 5 ) 6 7 // Handler defines file access restricted handler to call the ptrace 8 // safe runner 9 type Handler struct { 10 FileSet *FileSets 11 SyscallCounter SyscallCounter 12 } 13 14 // CheckRead checks whether the file have read permission 15 func (h *Handler) CheckRead(fn string) ptracer.TraceAction { 16 if !h.FileSet.IsReadableFile(fn) { 17 return h.onDgsFileDetect(fn) 18 } 19 return ptracer.TraceAllow 20 } 21 22 // CheckWrite checks whether the file have write permission 23 func (h *Handler) CheckWrite(fn string) ptracer.TraceAction { 24 if !h.FileSet.IsWritableFile(fn) { 25 return h.onDgsFileDetect(fn) 26 } 27 return ptracer.TraceAllow 28 } 29 30 // CheckStat checks whether the file have stat permission 31 func (h *Handler) CheckStat(fn string) ptracer.TraceAction { 32 if !h.FileSet.IsStatableFile(fn) { 33 return h.onDgsFileDetect(fn) 34 } 35 return ptracer.TraceAllow 36 } 37 38 // CheckSyscall checks syscalls other than allowed and traced against the 39 // SyscallCounter 40 func (h *Handler) CheckSyscall(syscallName string) ptracer.TraceAction { 41 // if it is traced, then try to count syscall 42 if inside, allow := h.SyscallCounter.Check(syscallName); inside { 43 if allow { 44 return ptracer.TraceAllow 45 } 46 return ptracer.TraceKill 47 } 48 // if it is traced but not counted, it should be soft banned 49 return ptracer.TraceBan 50 } 51 52 // onDgsFileDetect soft ban file if in soft ban set 53 // otherwise stops the trace process 54 func (h *Handler) onDgsFileDetect(name string) ptracer.TraceAction { 55 if h.FileSet.IsSoftBanFile(name) { 56 return ptracer.TraceBan 57 } 58 return ptracer.TraceKill 59 }