From 63bdc1119fc551f1ca295b14fd7e65158eb0eded Mon Sep 17 00:00:00 2001
From: Jason Dellaluce <jasondellaluce@gmail.com>
Date: Tue, 30 Aug 2022 12:40:43 +0000
Subject: [PATCH] cleanup(userspace/falco): remove legacy hacks on source
 selection action

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
---
 .../app_actions/select_event_sources.cpp      | 101 ++++++++----------
 1 file changed, 45 insertions(+), 56 deletions(-)

diff --git a/userspace/falco/app_actions/select_event_sources.cpp b/userspace/falco/app_actions/select_event_sources.cpp
index 476b152b..39cedfcd 100644
--- a/userspace/falco/app_actions/select_event_sources.cpp
+++ b/userspace/falco/app_actions/select_event_sources.cpp
@@ -17,65 +17,54 @@ using namespace falco::app;
 
 application::run_result application::select_event_sources()
 {
+	m_state->enabled_sources = m_state->loaded_sources;
+
 	// event sources selection is meaningless when reading trace files
-	if (!is_capture_mode())
+	if (is_capture_mode())
 	{
-		if (!m_options.enable_sources.empty() && !m_options.disable_sources.empty())
-		{
-			return run_result::fatal("You can not mix --enable-source and --disable-source");
-		}
-
-		if (!m_options.enable_sources.empty())
-		{
-			m_state->enabled_sources.clear();
-			for(const auto &src : m_options.enable_sources)
-			{
-				if (m_state->loaded_sources.find(src) == m_state->loaded_sources.end())
-				{
-					return run_result::fatal("Attempted enabling an unknown event source: " + src);
-				}
-				m_state->enabled_sources.insert(src);
-			}
-		}
-		else if (!m_options.disable_sources.empty())
-		{
-			// this little hack ensure that the single-source samentic gets respected
-			// todo(jasondellaluce): remove this insert once we support multiple enabled event sources
-			m_state->enabled_sources = m_state->loaded_sources;
-
-			for(const auto &src : m_options.disable_sources)
-			{
-				if (m_state->loaded_sources.find(src) == m_state->loaded_sources.end())
-				{
-					return run_result::fatal("Attempted disabling an unknown event source: " + src);
-				}
-				m_state->enabled_sources.erase(src);
-			}
-		}
-
-		if(m_state->enabled_sources.empty())
-		{
-			return run_result::fatal("Must enable at least one event source");
-		}
-
-		// these two little hacks ensure that the single-source samentic gets respected
-		// todo(jasondellaluce): remove these two once we support multiple enabled event sources
-		if(m_state->enabled_sources.size() > 1)
-		{
-			return run_result::fatal("Can not enable more than one event source");
-		}
-		if(*m_state->enabled_sources.begin() == falco_common::syscall_source)
-		{
-			m_state->inspector->m_input_plugin = nullptr;
-		}
-
-		/* Print all enabled sources. */
-		std::ostringstream os;
-		std::copy(m_state->enabled_sources.begin(), m_state->enabled_sources.end(), std::ostream_iterator<std::string>(os, ","));
-		std::string result = os.str();
-		result.pop_back();
-		falco_logger::log(LOG_INFO, "Enabled event sources: " + result + "\n");
+		return run_result::ok();
 	}
 
+	if (!m_options.enable_sources.empty() && !m_options.disable_sources.empty())
+	{
+		return run_result::fatal("You can not mix --enable-source and --disable-source");
+	}
+
+	if (!m_options.enable_sources.empty())
+	{
+		m_state->enabled_sources.clear();
+		for(const auto &src : m_options.enable_sources)
+		{
+			if (m_state->loaded_sources.find(src) == m_state->loaded_sources.end())
+			{
+				return run_result::fatal("Attempted enabling an unknown event source: " + src);
+			}
+			m_state->enabled_sources.insert(src);
+		}
+	}
+	else if (!m_options.disable_sources.empty())
+	{
+		for(const auto &src : m_options.disable_sources)
+		{
+			if (m_state->loaded_sources.find(src) == m_state->loaded_sources.end())
+			{
+				return run_result::fatal("Attempted disabling an unknown event source: " + src);
+			}
+			m_state->enabled_sources.erase(src);
+		}
+	}
+
+	if(m_state->enabled_sources.empty())
+	{
+		return run_result::fatal("Must enable at least one event source");
+	}
+
+	/* Print all enabled sources. */
+	std::ostringstream os;
+	std::copy(m_state->enabled_sources.begin(), m_state->enabled_sources.end(), std::ostream_iterator<std::string>(os, ", "));
+	std::string result = os.str();
+	result.pop_back();
+	falco_logger::log(LOG_INFO, "Enabled event sources: " + result + "\n");
+
 	return run_result::ok();
 }
\ No newline at end of file