yxsra

yxsra / ebpf-open

Public

基于 eBPF 的 Android 文件访问监控与拦截工具

79
10
69% credibility
Found Feb 24, 2026 at 50 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C
AI Summary

An open-source tool for monitoring file access syscalls and redirecting paths on rooted Android devices with process filtering and hot-reloadable rules.

How It Works

1
🔍 Discover file watcher

You hear about a handy tool that lets you watch and control how apps access files on your rooted Android phone.

2
💻 Get ready on computer

You download the project to your computer and run easy setup steps to prepare a version for your phone.

3
📦 Create phone package

With a quick build, you make a ready-to-install package tailored for Android or general use.

4
📱 Add to your phone

On your rooted phone, use the Magisk app to install the package like any other module.

5
✏️ Customize your rules

Edit a simple settings file to pick which folders or files to monitor or redirect, and who can access them.

6
▶️ Launch the protector

Start the tool—it runs quietly in the background, updating rules automatically if you change them.

🛡️ Files are safe and watched

Now you see logs of file access attempts and can block sneaky redirects, keeping your phone secure.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 50 to 79 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is ebpf-open?

ebpf-open is a Rust-powered eBPF tool for rooted Android devices (kernel 5.10+) that monitors and intercepts file access syscalls like openat, execve, and statx. It logs events with PID/UID/process filters, transparently redirects paths (with sys_exit restore), and runs as a daemon with hot-reloadable TOML configs. Developers get a CLI binary—build via NDK or musl—for quick ebpf android hook setup without bpftrace or BCC hassle.

Why is it gaining traction?

Unlike general ebpf open source projects like Cilium or Aya on GitHub, this targets Android ebpf open file monitoring with Magisk modules for one-tap install, CO-RE for kernel portability, and per-UID group filtering (app/isolated). Path redirection beats basic tracing, mimicking ebpf opensnitch for ebpf android 抓包 or 逆向, while hot reload skips restarts. Low-overhead raw_tracepoint hooks make it a solid android ebpf example over kprobe hacks.

Who should use this?

Android reverse engineers tracing app file I/O, security testers blocking sandbox escapes, or kernel devs prototyping ebpf android github actions. Ideal for rooted devices needing ebpf openat interception without full ebpf 环境 搭建 from scratch—think auditing /data access by UID ranges.

Verdict

Promising ebpf open source project at 19 stars and 0.7% credibility—docs shine with build scripts and config.toml example, but test coverage lacks. Grab for ebpf android experiments if rooted; otherwise, watch for maturity.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.