From 7e56cb92e04a6bf6a094ca83435a22510a45103c Mon Sep 17 00:00:00 2001
From: Kyujin Cho <kyujin.cho@lablup.com>
Date: Mon, 6 Nov 2023 16:48:01 +0900
Subject: [PATCH] track pid status

---
 src/arch/aarch64.rs |  6 ++++++
 src/arch/x86_64.rs  |  6 ++++++
 src/interface.rs    |  2 ++
 src/jail.rs         | 24 +++++++++++++++++++++++-
 4 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/src/arch/aarch64.rs b/src/arch/aarch64.rs
index 9e4335a..788e328 100644
--- a/src/arch/aarch64.rs
+++ b/src/arch/aarch64.rs
@@ -27,6 +27,12 @@ macro_rules! syscall_arg3 {
     };
 }
 
+macro_rules! syscall_arg4 {
+    ($x:expr) => {
+        $x.regs[3]
+    };
+}
+
 macro_rules! syscall_ret {
     ($x:expr) => {
         $x.regs[0]
diff --git a/src/arch/x86_64.rs b/src/arch/x86_64.rs
index 220bb39..2627b11 100644
--- a/src/arch/x86_64.rs
+++ b/src/arch/x86_64.rs
@@ -27,6 +27,12 @@ macro_rules! syscall_arg3 {
     };
 }
 
+macro_rules! syscall_arg4 {
+    ($x:expr) => {
+        $x.rcx
+    };
+}
+
 macro_rules! syscall_ret {
     ($x:expr) => {
         $x.rax
diff --git a/src/interface.rs b/src/interface.rs
index 7eef06d..b7cd86f 100644
--- a/src/interface.rs
+++ b/src/interface.rs
@@ -40,6 +40,8 @@ pub trait PluginInterface: Any + Send + Sync {
     /// - 0: hook executed without error
     /// - <0: Errno
     fn post_execution_hook(&self, name: &str, pid: Pid, regs: &user_regs_struct) -> i32;
+    fn process_did_create(&mut self, pid: Pid);
+    fn process_did_terminate(&mut self, pid: Pid);
 }
 
 #[derive(PartialEq, Hash, Clone, Debug)]
diff --git a/src/jail.rs b/src/jail.rs
index d9f3c9e..659a8b2 100644
--- a/src/jail.rs
+++ b/src/jail.rs
@@ -264,7 +264,8 @@ impl Jail {
             | PtraceOptions::PTRACE_O_EXITKILL
             | PtraceOptions::PTRACE_O_TRACECLONE
             | PtraceOptions::PTRACE_O_TRACEFORK
-            | PtraceOptions::PTRACE_O_TRACEVFORK;
+            | PtraceOptions::PTRACE_O_TRACEVFORK
+            | PtraceOptions::PTRACE_O_TRACEEXEC;
 
         // Trace child with ptrace(PTRACE_SEIZE)
         match ptrace::seize(child, ptrace_options) {
@@ -320,6 +321,9 @@ impl Jail {
                                 debug!("EXIT (pid {:?}) status {:?}", pid, code);
                                 match result.status.pid() {
                                     Some(p) => {
+                                        for (_, plugin) in (&mut self.plugins).into_iter() {
+                                            plugin.process_did_terminate(p);
+                                        }
                                         if p == child {
                                             debug!("Our very child has exited. Done.");
                                             if self.cli.watch {
@@ -519,6 +523,19 @@ impl Jail {
                                 );
                                 extra_info = path.display().to_string();
                             }
+                            "openat" => {
+                                let path_str = panic_if_err!(utils::read_string(
+                                    target,
+                                    syscall_arg2!(regs) as usize
+                                ));
+                                let path = panic_if_err!(utils::get_abs_path_as(&path_str, target));
+                                allow = self.policy_inst.check_path_op(
+                                    &path.display().to_string(),
+                                    PathOps::OpOpen,
+                                    syscall_arg4!(regs) as i32,
+                                );
+                                extra_info = path.display().to_string();
+                            }
                             "access" => {
                                 let path_str = panic_if_err!(utils::read_string(
                                     target,
@@ -640,6 +657,11 @@ impl Jail {
                             }
                         }
                     }
+                    ptrace::Event::PTRACE_EVENT_EXEC => {
+                        for (_, plugin) in (&mut self.plugins).into_iter() {
+                            plugin.process_did_create(target);
+                        }
+                    }
                     ptrace::Event::PTRACE_EVENT_CLONE
                     | ptrace::Event::PTRACE_EVENT_FORK
                     | ptrace::Event::PTRACE_EVENT_VFORK => {