int RUNNING = 1; /* flag for main loop */
int main(void) { char buffer[10]; int dev_major; int dazuko_device; struct access_t acc; struct option_t opt;
/* make sure we are root */ if (getuid() != 0)//必须是root用来才能运行,防止普通权限的人通过此功能干扰其他人的文件操作
{ printf("only root can run this program\n"); return -1; }
/* open dazuko device */ dazuko_device = open("/dev/dazuko", 0);//打开dazuko字符设备
if (dazuko_device < 0) { printf("error: failed to open dazuko device\n"); return -1; }
printf("/dev/dazuko opened successfully\n");
/* read major device number */ if (read(dazuko_device, buffer, sizeof(buffer)) < 1)//从该设备中读取到设备编号。。
{ printf("error: failed to read from /dev/dazuko\n"); close(dazuko_device); return -1; }
dev_major = atoi(buffer);
printf("major device number read successfully : %d\n", dev_major);
/* detect TERM signals */ signal(15, sigterm);
/* set access mask */ bzero(&opt, sizeof(struct option_t)); opt.command = SET_ACCESS_MASK; opt.buffer[0] = ON_OPEN | ON_CLOSE | ON_EXEC;//查毒软件所关心的事件,如文件打开、文件执行
opt.buffer_length = 1; if (ioctl(dazuko_device, _IOW(dev_major, IOCTL_SET_OPTION, void *), &opt) != 0)//通过ioctl告知内核中dazuko驱动
{ printf("error: failed to set option\n"); close(dazuko_device); return -1; }
printf("set access mask successfully\n");
/* set scan path */ bzero(&opt, sizeof(struct option_t)); opt.command = ADD_INCLUDE_PATH;//设置想监听哪个文件夹下文件的操作
strcpy(opt.buffer, "/home/"); opt.buffer_length = strlen(opt.buffer) + 1; if (ioctl(dazuko_device, _IOW(dev_major, IOCTL_SET_OPTION, void *), &opt) != 0) { printf("error: failed to set option\n"); close(dazuko_device); return -1; }
printf("set scan path successfully\n");
while (RUNNING) { if (ioctl(dazuko_device, _IOR(dev_major, IOCTL_GET_AN_ACCESS, struct access_t *), &acc) == 0) {//监听特定事件的发生,直到一个特定的事件发生才返回。并在acc中保存了文件的信息,如用户想要打开的文件名。
/* always allow access */ /* 这里是查毒软件的主要部分,要对这个文件进行分析,是否被感染。 最后在acc中设置标记位,告知设备驱动是否允许用户的打开或者执行文件操作 */ acc.deny = 0;//这里默认忽略了上述部分,直接标记允许。
/* return access (IMPORTANT, the kernel is waiting for us!) */ if (ioctl(dazuko_device, _IOW(dev_major, IOCTL_RETURN_ACCESS, struct access_t *), &acc) != 0) {//告知设备驱动查毒软件的分析结果。
printf("error: failed to return access\n"); RUNNING = 0; } } else { printf("warning: failed to get an access\n"); } }
/* close dazuko device */ close(dazuko_device);
return 0; }
|