// Receives new process notifications and check if they're on our // deny list, if so, kill. RPRIVATE RVOID denyNewProcesses ( rpcm_tag notifType, rSequence event ) { RPU8 atomId = NULL; RU32 pid = 0; UNREFERENCED_PARAMETER( notifType ); // We use the lastActivity check here as a cheap way of seeing if there is // anything at all in the denied tree. if( 0 != g_lastDenyActivity && HbsGetParentAtom( event, &atomId ) && isAtomDenied( atomId ) ) { // This atom is part of a tree that needs to be denied, so we do two things: // 1- Add its atom to the list of denied atoms. if( HbsGetThisAtom( event, &atomId ) ) { addAtomToDeny( atomId ); } // 2- As this is a process, we deny by killing it. if( rSequence_getRU32( event, RP_TAGS_PROCESS_ID, &pid ) ) { if( processLib_killProcess( pid ) ) { rpal_debug_info( "denied process id " RF_U32, pid ); } else { rpal_debug_warning( "failed to deny process id " RF_U32, pid ); } } } else if( 0 != g_lastDenyActivity && g_lastDenyActivity + DENY_TREE_CLEANUP_TIMEOUT < rpal_time_getGlobal() ) { // There has not been any positive activity on any denied trees, for the sake // of performance we'll reset the denied trees. if( rMutex_lock( g_deniedMutex ) ) { g_lastDenyActivity = 0; rpal_blob_free( g_denied ); g_denied = rpal_blob_create( 0, HBS_ATOM_ID_SIZE * 10 ); rMutex_unlock( g_deniedMutex ); } } }
static RVOID processNewProcesses ( rpcm_tag notifType, rSequence event ) { ProcExtInfo* ctx = NULL; RPNCHAR path = NULL; RPU8 atomId = NULL; UNREFERENCED_PARAMETER( notifType ); if( rSequence_getSTRINGN( event, RP_TAGS_FILE_PATH, &path ) && HbsGetThisAtom( event, &atomId ) ) { path = rpal_string_strdup( path ); if( NULL != path && rMutex_lock( g_mutex ) ) { if( NULL != ctx || NULL != ( ctx = getProcContext( atomId ) ) ) { rpal_memory_free( ctx->processPath ); ctx->processPath = path; path = NULL; } else { rpal_debug_error( "error getting process context" ); } rMutex_unlock( g_mutex ); } rpal_memory_free( path ); } }