volatility3.framework.symbols.linux.utilities.tainting module

class Tainting(*args, **kwargs)[source]

Bases: VersionableInterface

Tainted kernel and modules parsing capabilities.

Relevant Linux kernel functions:

  • modules: module_flags_taint

  • kernel: print_tainted

classmethod get_taints_as_plain_string(context, kernel_module_name, taints, is_module=False)[source]

Convert the taints value to a 1-1 character mapping.

Parameters:

  • taints (int) – The taints value, represented by an integer

  • is_module (bool) – Indicates if the taints value is associated with a built-in/LKM module

Return type:

str

Returns:

The raw taints string.

Documentation:

  • module_flags_taint kernel function

classmethod get_taints_parsed(context, kernel_module_name, taints, is_module=False)[source]

Convert the taints string to a 1-1 descriptor mapping.

Parameters:

  • taints (int) – The taints value, represented by an integer

  • is_module (bool) – Indicates if the taints value is associated with a built-in/LKM module

Return type:

List[str]

Returns:

A comprehensive (user-friendly) taint descriptor list.

Documentation:

  • module_flags_taint kernel function

version = (1, 0, 0)