• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0
2 
3 #include "vmlinux.h"
4 #include <bpf/bpf_helpers.h>
5 #include <bpf/bpf_tracing.h>
6 
7 #define MAX_PATH_LEN		128
8 #define MAX_FILES		7
9 
10 pid_t my_pid = 0;
11 __u32 cnt_stat = 0;
12 __u32 cnt_close = 0;
13 char paths_stat[MAX_FILES][MAX_PATH_LEN] = {};
14 char paths_close[MAX_FILES][MAX_PATH_LEN] = {};
15 int rets_stat[MAX_FILES] = {};
16 int rets_close[MAX_FILES] = {};
17 
18 int called_stat = 0;
19 int called_close = 0;
20 
21 SEC("fentry/security_inode_getattr")
BPF_PROG(prog_stat,struct path * path,struct kstat * stat,__u32 request_mask,unsigned int query_flags)22 int BPF_PROG(prog_stat, struct path *path, struct kstat *stat,
23 	     __u32 request_mask, unsigned int query_flags)
24 {
25 	pid_t pid = bpf_get_current_pid_tgid() >> 32;
26 	__u32 cnt = cnt_stat;
27 	int ret;
28 
29 	called_stat = 1;
30 
31 	if (pid != my_pid)
32 		return 0;
33 
34 	if (cnt >= MAX_FILES)
35 		return 0;
36 	ret = bpf_d_path(path, paths_stat[cnt], MAX_PATH_LEN);
37 
38 	rets_stat[cnt] = ret;
39 	cnt_stat++;
40 	return 0;
41 }
42 
43 SEC("fentry/filp_close")
BPF_PROG(prog_close,struct file * file,void * id)44 int BPF_PROG(prog_close, struct file *file, void *id)
45 {
46 	pid_t pid = bpf_get_current_pid_tgid() >> 32;
47 	__u32 cnt = cnt_close;
48 	int ret;
49 
50 	called_close = 1;
51 
52 	if (pid != my_pid)
53 		return 0;
54 
55 	if (cnt >= MAX_FILES)
56 		return 0;
57 	ret = bpf_d_path(&file->f_path,
58 			 paths_close[cnt], MAX_PATH_LEN);
59 
60 	rets_close[cnt] = ret;
61 	cnt_close++;
62 	return 0;
63 }
64 
65 char _license[] SEC("license") = "GPL";
66