-
Notifications
You must be signed in to change notification settings - Fork 1.2k
/
report.go
65 lines (52 loc) · 1.77 KB
/
report.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.
// Package kfilters holds kfilters related files
package kfilters
import (
"math"
"github.com/DataDog/datadog-agent/pkg/security/probe/config"
"github.com/DataDog/datadog-agent/pkg/security/secl/compiler/eval"
"github.com/DataDog/datadog-agent/pkg/security/secl/rules"
)
// PolicyReport describes the result of the kernel policy and the approvers for an event type
type PolicyReport struct {
Mode PolicyMode
Flags PolicyFlag
Approvers rules.Approvers
}
// ApplyRuleSetReport describes the event types and their associated policy policies
type ApplyRuleSetReport struct {
Policies map[string]*PolicyReport
}
// NewApplyRuleSetReport returns filtering policy applied per event type
func NewApplyRuleSetReport(config *config.Config, rs *rules.RuleSet) (*ApplyRuleSetReport, error) {
policies := make(map[eval.EventType]*PolicyReport)
approvers, err := rs.GetApprovers(GetCapababilities())
if err != nil {
return nil, err
}
for _, eventType := range rs.GetEventTypes() {
report := &PolicyReport{Mode: PolicyModeDeny, Flags: math.MaxUint8}
policies[eventType] = report
if !config.EnableKernelFilters {
report.Mode = PolicyModeNoFilter
continue
}
if !config.EnableApprovers {
report.Mode = PolicyModeAccept
continue
}
if _, exists := allCapabilities[eventType]; !exists {
report.Mode = PolicyModeAccept
continue
}
if values, exists := approvers[eventType]; exists {
report.Approvers = values
} else {
report.Mode = PolicyModeAccept
}
}
return &ApplyRuleSetReport{Policies: policies}, nil
}