xref: /linux/tools/testing/selftests/bpf/progs/test_fsverity.c (revision 06d07429858317ded2db7986113a9e0129cd599b)
1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
3 
4 #include "vmlinux.h"
5 #include <bpf/bpf_helpers.h>
6 #include <bpf/bpf_tracing.h>
7 #include "bpf_kfuncs.h"
8 
9 char _license[] SEC("license") = "GPL";
10 
11 #ifndef SHA256_DIGEST_SIZE
12 #define SHA256_DIGEST_SIZE      32
13 #endif
14 
15 #define SIZEOF_STRUCT_FSVERITY_DIGEST 4  /* sizeof(struct fsverity_digest) */
16 
17 char expected_digest[SIZEOF_STRUCT_FSVERITY_DIGEST + SHA256_DIGEST_SIZE];
18 char digest[SIZEOF_STRUCT_FSVERITY_DIGEST + SHA256_DIGEST_SIZE];
19 __u32 monitored_pid;
20 __u32 got_fsverity;
21 __u32 digest_matches;
22 
23 SEC("lsm.s/file_open")
BPF_PROG(test_file_open,struct file * f)24 int BPF_PROG(test_file_open, struct file *f)
25 {
26 	struct bpf_dynptr digest_ptr;
27 	__u32 pid;
28 	int ret;
29 	int i;
30 
31 	pid = bpf_get_current_pid_tgid() >> 32;
32 	if (pid != monitored_pid)
33 		return 0;
34 
35 	bpf_dynptr_from_mem(digest, sizeof(digest), 0, &digest_ptr);
36 	ret = bpf_get_fsverity_digest(f, &digest_ptr);
37 	if (ret < 0)
38 		return 0;
39 	got_fsverity = 1;
40 
41 	for (i = 0; i < (int)sizeof(digest); i++) {
42 		if (digest[i] != expected_digest[i])
43 			return 0;
44 	}
45 
46 	digest_matches = 1;
47 	return 0;
48 }
49