1 | // SPDX-License-Identifier: GPL-2.0 |
2 | |
3 | #include "vmlinux.h" |
4 | #include <bpf/bpf_helpers.h> |
5 | #include <bpf/bpf_tracing.h> |
6 | |
7 | #define MAX_PATH_LEN 128 |
8 | #define MAX_FILES 7 |
9 | |
10 | pid_t my_pid = 0; |
11 | __u32 cnt_stat = 0; |
12 | __u32 cnt_close = 0; |
13 | char paths_stat[MAX_FILES][MAX_PATH_LEN] = {}; |
14 | char paths_close[MAX_FILES][MAX_PATH_LEN] = {}; |
15 | int rets_stat[MAX_FILES] = {}; |
16 | int rets_close[MAX_FILES] = {}; |
17 | |
18 | int called_stat = 0; |
19 | int called_close = 0; |
20 | |
21 | SEC("fentry/security_inode_getattr" ) |
22 | int BPF_PROG(prog_stat, struct path *path, struct kstat *stat, |
23 | __u32 request_mask, unsigned int query_flags) |
24 | { |
25 | pid_t pid = bpf_get_current_pid_tgid() >> 32; |
26 | __u32 cnt = cnt_stat; |
27 | int ret; |
28 | |
29 | called_stat = 1; |
30 | |
31 | if (pid != my_pid) |
32 | return 0; |
33 | |
34 | if (cnt >= MAX_FILES) |
35 | return 0; |
36 | ret = bpf_d_path(path, paths_stat[cnt], MAX_PATH_LEN); |
37 | |
38 | rets_stat[cnt] = ret; |
39 | cnt_stat++; |
40 | return 0; |
41 | } |
42 | |
43 | SEC("fentry/filp_close" ) |
44 | int BPF_PROG(prog_close, struct file *file, void *id) |
45 | { |
46 | pid_t pid = bpf_get_current_pid_tgid() >> 32; |
47 | __u32 cnt = cnt_close; |
48 | int ret; |
49 | |
50 | called_close = 1; |
51 | |
52 | if (pid != my_pid) |
53 | return 0; |
54 | |
55 | if (cnt >= MAX_FILES) |
56 | return 0; |
57 | ret = bpf_d_path(&file->f_path, |
58 | paths_close[cnt], MAX_PATH_LEN); |
59 | |
60 | rets_close[cnt] = ret; |
61 | cnt_close++; |
62 | return 0; |
63 | } |
64 | |
65 | char _license[] SEC("license" ) = "GPL" ; |
66 | |