[FIX] [valord] [libvalor]: new logic of handling checksums, so proces…

…ses would not be lost if chekcsum getting fails, indicate that libvalor is debug on valord start
0xf104a · May 5, 2024 · a54b9ab · a54b9ab
1 parent 01a88ab
commit a54b9ab
Show file tree

Hide file tree

Showing 7 changed files with 92 additions and 35 deletions.
diff --git a/libvalor/include/valor/config.h b/libvalor/include/valor/config.h
@@ -2,8 +2,13 @@
 #define VALOR_CONFIG_H
 
 #define HASHTBL_CAPACITY 256 //Default hashtable_t capacity
-#define DEBUG 0
-#define LIBVALOR_VERSION "1.0.1"
-#define MODNAME "valord"
+#define DEBUG 1
+#define LIBVALOR_VERSION "1.0.2"
+
+#if DEBUG
+#define DEBUG_STATUS_STR ", debug"
+#else
+#define DEBUG_STATUS_STR ""
+#endif
 
 #endif
diff --git a/valord/src/log.c b/valord/src/log.c
@@ -12,6 +12,7 @@
 #include <stdio.h>
 #endif
 
+const char* MODNAME = "valord";
 
 void debug(const char *format, ...){
 #if DEBUG

diff --git a/valord/src/process.c b/valord/src/process.c
@@ -8,6 +8,7 @@
 #include <errno.h>
 
 #include <valor/checksum.h>
+#include <valor/config.h>
 
 #include "aassert.h"
 #include "util.h"
@@ -16,14 +17,23 @@
 
 char *make_proc_path(char *dirname) {
     char *path = (char *) malloc((7 + strlen(dirname)) * sizeof(char));
+    cerror("malloc");
     strcpy(path, "/proc/");
     strcat(path, dirname);
     return path;
 }
 
+
+/**
+ * Set checksum for given process_t
+ * @param process pointer to process_t struct
+ * @param chunk_size size of chunk to calculate checksum
+ * @return whether checksum calculation was successful
+ */
 bool set_checksum(process_t *process, uint32_t chunk_size) {
     aassert(process);
     char *exe_path = (char *) malloc((5 + strlen(process->proc_path)) * sizeof(char));
+    cerror("malloc");
     strcpy(exe_path, process->proc_path);
     strcat(exe_path, "/exe");
     FILE *exe = fopen(exe_path, "r");
@@ -44,21 +54,24 @@ char *get_process_comm(const char *proc_path) {
     strcat(filename, "/cmdline");
     FILE *file = fopen(filename, "r");
     if (!file) {
+#if DEBUG
         error("Failed to open file: %s", filename);
+        perror("fopen");
+#endif
         free(filename);
         return NULL;
     }
 
     char *buffer = malloc(256 * sizeof(char));
     if (!buffer) {
-        cerror("Failed to allocate memory");
+        cerror("malloc");
         fclose(file);
         free(filename);
         return NULL;
     }
 
     if (fgets(buffer, 256, file) == NULL) {
-        debug("Failed to read from file: %s(%d: %s)", filename, errno, strerror(errno));
+        error("Failed to read from file: %s(%d: %s)", filename, errno, strerror(errno));
         fclose(file);
         free(buffer);
         free(filename);
@@ -85,23 +98,23 @@ void free_process(process_t *process) {
     }
 }
 
-process_t *get_process(char *dir_name, size_t chunk_size) {
+process_t *get_process(char *dir_name) {
     if (!is_int(dir_name)) {
         return NULL;
     }
     process_t *process = (process_t *) malloc(sizeof(process_t));
     process->proc_path = make_proc_path(dir_name);
     process->comm = get_process_comm(process->proc_path);
     process->pid = atoi(dir_name);
-    if(!set_checksum(process, chunk_size)) {
-        free_process(process);
-        free(process);
-        return NULL;
-    }
     return process;
 }
 
-array_t *get_processes(uint32_t chunk_size) {
+/**
+ * Gets all processes without calculating their checksum
+ * @note Proccess checksums array is NULL
+ * @return array_t of type process_t
+ */
+array_t *get_processes(void) {
     struct dirent *_dirent;
     DIR *dir;
 
@@ -118,7 +131,7 @@ array_t *get_processes(uint32_t chunk_size) {
         if(!_dirent){
             break;
         }
-        process_t *process = get_process(_dirent->d_name, chunk_size);
+        process_t *process = get_process(_dirent->d_name);
 
         if(process != NULL) {
             array_add(processes, process);

diff --git a/valord/src/process.h b/valord/src/process.h
@@ -16,8 +16,9 @@ typedef struct {
 } process_t;
 
 
-array_t *get_processes(uint32_t chunk_size);
+array_t *get_processes(void);
 void free_process_array(array_t* array);
+bool set_checksum(process_t *process, uint32_t chunk_size)
 
 #endif
 
diff --git a/valord/src/util.c b/valord/src/util.c
@@ -1,9 +1,12 @@
 #include "util.h"
 
+#include "log.h"
+
 #include <ctype.h>
 #include <stdbool.h>
 #include <sys/types.h>
 #include <string.h>
+#include <errno.h>
 
 
 /**
@@ -21,3 +24,22 @@ bool is_int(char *str) {
     return true;
 }
 
+
+/**
+ * Prints error to log. Does not exits from program
+ * @param _name name of call where error may occur
+ * @param _file name of file of perror call(passed by macro)
+ * @param _line number of line of perror call(passed by macro)
+ * @return whether there was an error
+ */
+bool perror_internal(const char *_name, const char *_file, int _line) {
+    if (errno) {
+        error("%s: %s(%d)  [%s:%d]", _name, strerror(errno), errno, _file,
+              _line);
+        errno = 0;
+        return true;
+    } else {
+        return false;
+    }
+}
+
diff --git a/valord/src/util.h b/valord/src/util.h
@@ -5,6 +5,15 @@
 
 #define UNUSED(x) (void)x
 
+/**
+ * Prints error to log. Does not exits from program
+ * @param c name of call where error may occur
+ * @note Resets global errno variable to 0
+ * @return whether there was an error
+ */
+#define perror(c) perror_internal(c, __FILE__, __LINE__)
+
 bool is_int(char *str);
+bool perror_internal(const char *_name, const char *_file, int _line);
 
 #endif
diff --git a/valord/src/valor.c b/valord/src/valor.c
@@ -1,6 +1,7 @@
 #include "process.h"
 #include "aassert.h"
 #include "log.h"
+#include "util.h"
 
 #include <valor/db/db.h>
 #include <valor/config.h>
@@ -9,26 +10,26 @@
 #include <stdlib.h>
 
 
-const char* VERSION = "0.1.0";
-const char* DB_FILE = "/system/etc/valor.db";
+const char *VERSION = "0.2.0";
+const char *DB_FILE = "/system/etc/valor.db";
 const uint8_t IDLE_TIME = 3;
 
-float get_matching_k(database_t* db, array_t* chunk_checksums){
+float get_matching_k(database_t *db, array_t *chunk_checksums) {
     size_t i = 0;
     size_t total_matches = 0;
-    for(; i < chunk_checksums->sz; ++i){
-        checksum_t* chksum = (checksum_t*)chunk_checksums->base[i];
-        if(database_check_chunk(db, *chksum)){
+    for (; i < chunk_checksums->sz; ++i) {
+        checksum_t *chksum = (checksum_t *) chunk_checksums->base[i];
+        if (database_check_chunk(db, *chksum)) {
             ++total_matches;
         }
     }
-    return (float)total_matches / (float)chunk_checksums->sz;
+    return (float) total_matches / (float) chunk_checksums->sz;
 }
 
 int main(void) {
-    info("valord(%s, libvalor %s) is starting up...", VERSION, LIBVALOR_VERSION);
-    database_t *db = (database_t*) malloc(sizeof(database_t));
-    FILE *file = fopen(DB_FILE, "r");
+    info("valord(%s, libvalor %s%s) is starting up...", VERSION, LIBVALOR_VERSION, DEBUG_STATUS_STR);
+    database_t *db = (database_t *) malloc(sizeof(database_t));
+    FILE * file = fopen(DB_FILE, "r");
     if (!file) {
         cerror("fopen");
         fatal("Failed to open %s for reading!", DB_FILE);
@@ -41,20 +42,25 @@ int main(void) {
     size_t i;
 
     for (;;) {
-        array_t *processes = get_processes(db->chunk_size);
+        array_t *processes = get_processes();
         for (i = 0; i < processes->sz; ++i) {
-            process_t proc = *(process_t *)processes->base[i];
-            if(database_check_name(db, proc.comm)){
+            process_t proc = *(process_t *) processes->base[i];
+            if (database_check_name(db, proc.comm)) {
                 warn("Detected threat by name %s", proc.comm);
                 kill(proc.pid, 9);
-                info("Sent signal 9 to %d", proc.pid);
-                continue;
-            }
-            float matching_k = get_matching_k(db, proc.checksums);
-            if(matching_k > 0.2f){
-                warn("Threat with PID %d is matching to database checksum on %.2f%%", matching_k * 100.0);
-                kill(proc.pid, 9);
-                info("Sent signal 9 to %d", proc.pid);
+                if (!perror("kill")) {
+                    info("Sent signal 9 to %d", proc.pid);
+                }
+            } else {
+                set_checksum(&proc, db->chunk_size);
+                float matching_k = get_matching_k(db, proc.checksums);
+                if (matching_k > 0.2f) {
+                    warn("Threat with PID %d is matching to database checksum on %.2f%%", matching_k * 100.0);
+                    kill(proc.pid, 9);
+                    if (!perror("kill")) {
+                        info("Sent signal 9 to %d", proc.pid);
+                    }
+                }
             }
         }
         free_process_array(processes);