xref: /linux/tools/testing/selftests/bpf/progs/dev_cgroup.c (revision c532de5a67a70f8533d495f8f2aaa9a0491c3ad0)
1 /* Copyright (c) 2017 Facebook
2  *
3  * This program is free software; you can redistribute it and/or
4  * modify it under the terms of version 2 of the GNU General Public
5  * License as published by the Free Software Foundation.
6  */
7 
8 #include <linux/bpf.h>
9 #include <linux/version.h>
10 #include <bpf/bpf_helpers.h>
11 
12 SEC("cgroup/dev")
13 int bpf_prog1(struct bpf_cgroup_dev_ctx *ctx)
14 {
15 	short type = ctx->access_type & 0xFFFF;
16 #ifdef DEBUG
17 	short access = ctx->access_type >> 16;
18 	char fmt[] = "  %d:%d    \n";
19 
20 	switch (type) {
21 	case BPF_DEVCG_DEV_BLOCK:
22 		fmt[0] = 'b';
23 		break;
24 	case BPF_DEVCG_DEV_CHAR:
25 		fmt[0] = 'c';
26 		break;
27 	default:
28 		fmt[0] = '?';
29 		break;
30 	}
31 
32 	if (access & BPF_DEVCG_ACC_READ)
33 		fmt[8] = 'r';
34 
35 	if (access & BPF_DEVCG_ACC_WRITE)
36 		fmt[9] = 'w';
37 
38 	if (access & BPF_DEVCG_ACC_MKNOD)
39 		fmt[10] = 'm';
40 
41 	bpf_trace_printk(fmt, sizeof(fmt), ctx->major, ctx->minor);
42 #endif
43 
44 	/* Allow access to /dev/null and /dev/urandom.
45 	 * Forbid everything else.
46 	 */
47 	if (ctx->major != 1 || type != BPF_DEVCG_DEV_CHAR)
48 		return 0;
49 
50 	switch (ctx->minor) {
51 	case 3: /* 1:3 /dev/null */
52 	case 9: /* 1:9 /dev/urandom */
53 		return 1;
54 	}
55 
56 	return 0;
57 }
58 
59 char _license[] SEC("license") = "GPL";
60