2023-11-29 15:44:16 -08:00
|
|
|
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
|
/* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
|
|
|
|
|
|
|
|
|
|
#include "vmlinux.h"
|
2024-08-06 16:09:04 -07:00
|
|
|
#include <errno.h>
|
2023-11-29 15:44:16 -08:00
|
|
|
#include <bpf/bpf_helpers.h>
|
|
|
|
|
#include <bpf/bpf_tracing.h>
|
|
|
|
|
#include "bpf_kfuncs.h"
|
2025-01-30 13:35:46 -08:00
|
|
|
#include "bpf_misc.h"
|
2023-11-29 15:44:16 -08:00
|
|
|
|
|
|
|
|
char _license[] SEC("license") = "GPL";
|
|
|
|
|
|
|
|
|
|
__u32 monitored_pid;
|
2024-08-06 16:09:04 -07:00
|
|
|
__u32 found_xattr_from_file;
|
|
|
|
|
__u32 found_xattr_from_dentry;
|
2023-11-29 15:44:16 -08:00
|
|
|
|
|
|
|
|
static const char expected_value[] = "hello";
|
2024-08-06 16:09:04 -07:00
|
|
|
char value1[32];
|
|
|
|
|
char value2[32];
|
2023-11-29 15:44:16 -08:00
|
|
|
|
2025-01-30 13:35:46 -08:00
|
|
|
/* Matches caller of test_get_xattr() in prog_tests/fs_kfuncs.c */
|
|
|
|
|
static const char xattr_names[][64] = {
|
|
|
|
|
/* The following work. */
|
|
|
|
|
"user.kfuncs",
|
|
|
|
|
"security.bpf.xxx",
|
|
|
|
|
|
|
|
|
|
/* The following do not work. */
|
|
|
|
|
"security.bpf",
|
|
|
|
|
"security.selinux"
|
|
|
|
|
};
|
|
|
|
|
|
2023-11-29 15:44:16 -08:00
|
|
|
SEC("lsm.s/file_open")
|
|
|
|
|
int BPF_PROG(test_file_open, struct file *f)
|
|
|
|
|
{
|
|
|
|
|
struct bpf_dynptr value_ptr;
|
|
|
|
|
__u32 pid;
|
2025-01-30 13:35:46 -08:00
|
|
|
int ret, i;
|
2023-11-29 15:44:16 -08:00
|
|
|
|
|
|
|
|
pid = bpf_get_current_pid_tgid() >> 32;
|
|
|
|
|
if (pid != monitored_pid)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2024-08-06 16:09:04 -07:00
|
|
|
bpf_dynptr_from_mem(value1, sizeof(value1), 0, &value_ptr);
|
2023-11-29 15:44:16 -08:00
|
|
|
|
2025-01-30 13:35:46 -08:00
|
|
|
for (i = 0; i < ARRAY_SIZE(xattr_names); i++) {
|
|
|
|
|
ret = bpf_get_file_xattr(f, xattr_names[i], &value_ptr);
|
|
|
|
|
if (ret == sizeof(expected_value))
|
|
|
|
|
break;
|
|
|
|
|
}
|
2023-11-29 15:44:16 -08:00
|
|
|
if (ret != sizeof(expected_value))
|
|
|
|
|
return 0;
|
2024-08-06 16:09:04 -07:00
|
|
|
if (bpf_strncmp(value1, ret, expected_value))
|
2023-11-29 15:44:16 -08:00
|
|
|
return 0;
|
2024-08-06 16:09:04 -07:00
|
|
|
found_xattr_from_file = 1;
|
2023-11-29 15:44:16 -08:00
|
|
|
return 0;
|
|
|
|
|
}
|
2024-08-06 16:09:04 -07:00
|
|
|
|
|
|
|
|
SEC("lsm.s/inode_getxattr")
|
|
|
|
|
int BPF_PROG(test_inode_getxattr, struct dentry *dentry, char *name)
|
|
|
|
|
{
|
|
|
|
|
struct bpf_dynptr value_ptr;
|
|
|
|
|
__u32 pid;
|
2025-01-30 13:35:46 -08:00
|
|
|
int ret, i;
|
2024-08-06 16:09:04 -07:00
|
|
|
|
|
|
|
|
pid = bpf_get_current_pid_tgid() >> 32;
|
|
|
|
|
if (pid != monitored_pid)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
bpf_dynptr_from_mem(value2, sizeof(value2), 0, &value_ptr);
|
|
|
|
|
|
2025-01-30 13:35:46 -08:00
|
|
|
for (i = 0; i < ARRAY_SIZE(xattr_names); i++) {
|
|
|
|
|
ret = bpf_get_dentry_xattr(dentry, xattr_names[i], &value_ptr);
|
|
|
|
|
if (ret == sizeof(expected_value))
|
|
|
|
|
break;
|
|
|
|
|
}
|
2024-08-06 16:09:04 -07:00
|
|
|
if (ret != sizeof(expected_value))
|
|
|
|
|
return 0;
|
|
|
|
|
if (bpf_strncmp(value2, ret, expected_value))
|
|
|
|
|
return 0;
|
|
|
|
|
found_xattr_from_dentry = 1;
|
|
|
|
|
|
|
|
|
|
/* return non-zero to fail getxattr from user space */
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
