From c95e1b7c237ecda1f93719dc97bbb283efe55ee1 Mon Sep 17 00:00:00 2001
From: CFC4N <cfc4n.cs@gmail.com>
Date: Sat, 23 Dec 2023 22:55:59 +0800
Subject: [PATCH] pkg: support android on docker. (#453)

* pkg: support android on docker.

Added detection of Android running on containers

Signed-off-by: cfc4n <cfc4n.cs@gmail.com>
---
 pkg/util/ebpf/bpf.go            | 95 +++++++++++++++++++++++++++++++++
 pkg/util/ebpf/bpf_androidgki.go |  5 --
 pkg/util/ebpf/bpf_linux.go      | 95 +--------------------------------
 pkg/util/ebpf/bpf_test.go       |  2 +-
 4 files changed, 98 insertions(+), 99 deletions(-)

diff --git a/pkg/util/ebpf/bpf.go b/pkg/util/ebpf/bpf.go
index 75c52ea8c..427898a56 100644
--- a/pkg/util/ebpf/bpf.go
+++ b/pkg/util/ebpf/bpf.go
@@ -18,6 +18,12 @@ import (
 	"fmt"
 	"golang.org/x/sys/unix"
 	"os"
+	"strings"
+)
+
+const (
+	ProcContainerCgroupPath = "/proc/1/cgroup"
+	ProcContainerSchedPath  = "/proc/1/sched"
 )
 
 // CONFIG CHECK ITEMS
@@ -27,6 +33,12 @@ var (
 		"CONFIG_UPROBES",
 		"CONFIG_ARCH_SUPPORTS_UPROBES",
 	}
+
+	configPaths = []string{
+		"/proc/config.gz",
+		"/boot/config",
+		"/boot/config-%s",
+	}
 )
 
 type UnameInfo struct {
@@ -154,3 +166,86 @@ func IsEnableBPF() (bool, error) {
 
 	return true, nil
 }
+
+// IsContainer returns true if the process is running in a container.
+func IsContainer() (bool, error) {
+	b, e := isContainerCgroup()
+	if e != nil {
+		return false, e
+	}
+
+	// if b is true, it's a container
+	if b {
+		return true, nil
+	}
+
+	// if b is false, continue to check sched
+	b, e = isContainerSched()
+	if e != nil {
+		return false, e
+	}
+
+	return b, nil
+}
+
+// isContainerCgroup returns true if the process is running in a container.
+// https://www.baeldung.com/linux/is-process-running-inside-container
+
+func isContainerCgroup() (bool, error) {
+	var f *os.File
+	var err error
+	var i int
+	f, err = os.Open(ProcContainerCgroupPath)
+	if err != nil {
+		return false, err
+	}
+	defer f.Close()
+	b := make([]byte, 1024)
+	i, err = f.Read(b)
+	if err != nil {
+		return false, err
+	}
+	switch {
+	case strings.Contains(string(b[:i]), "cpuset:/docker"):
+		// CGROUP V1 docker container
+		return true, nil
+	case strings.Contains(string(b[:i]), "cpuset:/kubepods"):
+		// k8s container
+		return true, nil
+	case strings.Contains(string(b[:i]), "0::/\n"):
+		// CGROUP V2 docker container
+		return true, nil
+	}
+
+	return false, nil
+}
+
+// isContainerSched returns true if the process is running in a container.
+// https://man7.org/linux/man-pages/man7/sched.7.html
+func isContainerSched() (bool, error) {
+	var f *os.File
+	var err error
+	var i int
+	f, err = os.Open(ProcContainerSchedPath)
+	if err != nil {
+		return false, err
+	}
+	defer f.Close()
+	b := make([]byte, 1024)
+	i, err = f.Read(b)
+	if err != nil {
+		return false, err
+	}
+	switch {
+	case strings.Contains(string(b[:i]), "bash (1, #threads"):
+		return true, nil
+	case strings.Contains(string(b[:i]), "run-on-arch-com (1, #threads"):
+		return true, nil
+	case strings.Contains(string(b[:i]), "init (1, #threads:"):
+		return false, nil
+	case strings.Contains(string(b[:i]), "systemd (1, #threads"):
+		return false, nil
+	}
+
+	return false, nil
+}
diff --git a/pkg/util/ebpf/bpf_androidgki.go b/pkg/util/ebpf/bpf_androidgki.go
index f61b42450..78892d636 100644
--- a/pkg/util/ebpf/bpf_androidgki.go
+++ b/pkg/util/ebpf/bpf_androidgki.go
@@ -89,8 +89,3 @@ func getAndroidConfig(filename string) (map[string]string, error) {
 	}
 	return KernelConfig, nil
 }
-
-// IsContainedInCgroup returns true if the process is running in a container.
-func IsContainer() (bool, error) {
-	return false, nil
-}
diff --git a/pkg/util/ebpf/bpf_linux.go b/pkg/util/ebpf/bpf_linux.go
index b689303df..1949ffd67 100644
--- a/pkg/util/ebpf/bpf_linux.go
+++ b/pkg/util/ebpf/bpf_linux.go
@@ -26,10 +26,8 @@ import (
 )
 
 const (
-	SysKernelBtfVmlinux     = "/sys/kernel/btf/vmlinux"
-	ConfigDebugInfoBtf      = "CONFIG_DEBUG_INFO_BTF"
-	ProcContainerCgroupPath = "/proc/1/cgroup"
-	ProcContainerSchedPath  = "/proc/1/sched"
+	SysKernelBtfVmlinux = "/sys/kernel/btf/vmlinux"
+	ConfigDebugInfoBtf  = "CONFIG_DEBUG_INFO_BTF"
 )
 
 var (
@@ -45,12 +43,6 @@ var (
 		"/usr/lib/debug/boot/vmlinux-%s.debug",
 		"/usr/lib/debug/lib/modules/%s/vmlinux",
 	}
-
-	configPaths = []string{
-		"/proc/config.gz",
-		"/boot/config",
-		"/boot/config-%s",
-	}
 )
 
 func GetSystemConfig() (map[string]string, error) {
@@ -134,86 +126,3 @@ func getLinuxConfig(filename string) (map[string]string, error) {
 	}
 	return KernelConfig, nil
 }
-
-// IsContainer returns true if the process is running in a container.
-func IsContainer() (bool, error) {
-	b, e := isContainerCgroup()
-	if e != nil {
-		return false, e
-	}
-
-	// if b is true, it's a container
-	if b {
-		return true, nil
-	}
-
-	// if b is false, continue to check sched
-	b, e = isCOntainerSched()
-	if e != nil {
-		return false, e
-	}
-
-	return b, nil
-}
-
-// isContainerCgroup returns true if the process is running in a container.
-// https://www.baeldung.com/linux/is-process-running-inside-container
-
-func isContainerCgroup() (bool, error) {
-	var f *os.File
-	var err error
-	var i int
-	f, err = os.Open(ProcContainerCgroupPath)
-	if err != nil {
-		return false, err
-	}
-	defer f.Close()
-	b := make([]byte, 1024)
-	i, err = f.Read(b)
-	if err != nil {
-		return false, err
-	}
-	switch {
-	case strings.Contains(string(b[:i]), "cpuset:/docker"):
-		// CGROUP V1 docker container
-		return true, nil
-	case strings.Contains(string(b[:i]), "cpuset:/kubepods"):
-		// k8s container
-		return true, nil
-	case strings.Contains(string(b[:i]), "0::/\n"):
-		// CGROUP V2 docker container
-		return true, nil
-	}
-
-	return false, nil
-}
-
-// isCOntainerSched returns true if the process is running in a container.
-// https://man7.org/linux/man-pages/man7/sched.7.html
-func isCOntainerSched() (bool, error) {
-	var f *os.File
-	var err error
-	var i int
-	f, err = os.Open(ProcContainerSchedPath)
-	if err != nil {
-		return false, err
-	}
-	defer f.Close()
-	b := make([]byte, 1024)
-	i, err = f.Read(b)
-	if err != nil {
-		return false, err
-	}
-	switch {
-	case strings.Contains(string(b[:i]), "bash (1, #threads"):
-		return true, nil
-	case strings.Contains(string(b[:i]), "run-on-arch-com (1, #threads"):
-		return true, nil
-	case strings.Contains(string(b[:i]), "init (1, #threads:"):
-		return false, nil
-	case strings.Contains(string(b[:i]), "systemd (1, #threads"):
-		return false, nil
-	}
-
-	return false, nil
-}
diff --git a/pkg/util/ebpf/bpf_test.go b/pkg/util/ebpf/bpf_test.go
index 5c58e7959..547af8fbc 100644
--- a/pkg/util/ebpf/bpf_test.go
+++ b/pkg/util/ebpf/bpf_test.go
@@ -110,7 +110,7 @@ func TestIsContainerCgroup(t *testing.T) {
 }
 
 func TestIsContainerSched(t *testing.T) {
-	isContainer, err := isCOntainerSched()
+	isContainer, err := isContainerSched()
 	if err != nil {
 		t.Fatalf("TestIsContainerSched :: IsContainer error:%s", err.Error())
 	}