From 25f0ab3313c356fcfb9e4282eda3b2aa2278956d Mon Sep 17 00:00:00 2001
From: Nayana Bidari <nybidari@google.com>
Date: Fri, 14 May 2021 16:10:02 -0700
Subject: Add new metric for suspicious operations.

The new metric contains fields and will replace the below existing metric:
- opened_write_execute_file

PiperOrigin-RevId: 373884604
---
 pkg/sentry/fs/gofer/BUILD   | 1 +
 pkg/sentry/fs/gofer/file.go | 2 ++
 2 files changed, 3 insertions(+)

(limited to 'pkg/sentry/fs/gofer')

diff --git a/pkg/sentry/fs/gofer/BUILD b/pkg/sentry/fs/gofer/BUILD
index c4a069832..94cb05246 100644
--- a/pkg/sentry/fs/gofer/BUILD
+++ b/pkg/sentry/fs/gofer/BUILD
@@ -29,6 +29,7 @@ go_library(
         "//pkg/fd",
         "//pkg/hostarch",
         "//pkg/log",
+        "//pkg/metric",
         "//pkg/p9",
         "//pkg/refs",
         "//pkg/safemem",
diff --git a/pkg/sentry/fs/gofer/file.go b/pkg/sentry/fs/gofer/file.go
index 8f5a87120..bcdb2dda2 100644
--- a/pkg/sentry/fs/gofer/file.go
+++ b/pkg/sentry/fs/gofer/file.go
@@ -21,6 +21,7 @@ import (
 	"golang.org/x/sys/unix"
 	"gvisor.dev/gvisor/pkg/context"
 	"gvisor.dev/gvisor/pkg/log"
+	"gvisor.dev/gvisor/pkg/metric"
 	"gvisor.dev/gvisor/pkg/p9"
 	"gvisor.dev/gvisor/pkg/sentry/device"
 	"gvisor.dev/gvisor/pkg/sentry/fs"
@@ -92,6 +93,7 @@ func NewFile(ctx context.Context, dirent *fs.Dirent, name string, flags fs.FileF
 	if flags.Write {
 		if err := dirent.Inode.CheckPermission(ctx, fs.PermMask{Execute: true}); err == nil {
 			fsmetric.GoferOpensWX.Increment()
+			metric.SuspiciousOperationsMetric.Increment("opened_write_execute_file")
 			log.Warningf("Opened a writable executable: %q", name)
 		}
 	}
-- 
cgit v1.2.3