blob: 26f627d1cbb898f5c5fd3d626989340c903d0140 [file] [log] [blame]
// Copyright 2021 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "secanomalyd/processes.h"
#include <base/files/file_util.h>
#include <base/files/scoped_file.h>
#include <base/logging.h>
#include <base/strings/string_number_conversions.h>
#include <base/strings/string_split.h>
#include <base/strings/string_util.h>
#include <brillo/process/process.h>
namespace secanomalyd {
namespace {
constexpr char kPsPath[] = "/bin/ps";
ProcEntry::ProcEntry(base::StringPiece proc_str) {
// These entries are of the form:
// 3295 4026531836 ps ps ax -o pid,pidns,comm,args
std::vector<base::StringPiece> fields =
base::SplitStringPiece(proc_str, base::kWhitespaceASCII,
if (fields.size() < 4) {
pid_ = -1;
pidns_ = 0;
// PIDs are signed.
if (!base::StringToInt(fields[0], &pid_)) {
pid_ = -1;
// Namespace ids are inode numbers, inode numbers are unsigned.
if (!base::StringToUint64(fields[1], &pidns_)) {
pidns_ = 0;
comm_ = std::string(fields[2]);
args_ =
base::JoinString(base::make_span(fields.begin() + 3, fields.end()), " ");
MaybeProcEntries ReadProcesses() {
std::unique_ptr<brillo::Process> reader(new brillo::ProcessImpl());
return ReadProcesses(reader.get());
MaybeProcEntries ReadProcesses(brillo::Process* reader) {
// Collect processes.
// Call |ps| with a user defined format listing pid namespaces.
// List all processes.
// List pid, pid namespace, executable name, and full command line.
reader->AddStringOption("-o", "pid,pidns,comm,args");
if (!reader->Start()) {
PLOG(ERROR) << "Failed to execute 'ps'";
return base::nullopt;
std::string processes = reader->GetOutputString(STDOUT_FILENO);
if (processes.empty()) {
LOG(ERROR) << "Failed to read 'ps' output";
return base::nullopt;
return ReadProcessesFromString(processes);
MaybeProcEntries ReadProcessesFromString(const std::string& processes) {
std::vector<base::StringPiece> pieces = base::SplitStringPiece(
processes, "\n", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
if (pieces.empty()) {
return base::nullopt;
ProcEntries res;
for (const auto& piece : pieces) {
ProcEntry entry(piece);
// Only add the process to the list if it managed to parse a PID and a
// pidns.
if ( > 0 && entry.pidns() > 0) {
// If we failed to parse any valid processes, return nullopt.
return res.size() > 0 ? MaybeProcEntries(res) : base::nullopt;
} // namespace secanomalyd