1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */ 3 4 #include "vmlinux.h" 5 #include <bpf/bpf_helpers.h> 6 7 char _license[] SEC("license") = "GPL"; 8 9 struct { 10 __uint(type, BPF_MAP_TYPE_HASH); 11 __uint(max_entries, 1); 12 __type(key, int); 13 __type(value, int); 14 } hash_map SEC(".maps"); 15 16 struct { 17 __uint(type, BPF_MAP_TYPE_STACK); 18 __uint(max_entries, 1); 19 __type(value, int); 20 } stack_map SEC(".maps"); 21 22 struct { 23 __uint(type, BPF_MAP_TYPE_ARRAY); 24 __uint(max_entries, 1); 25 __type(key, int); 26 __type(value, int); 27 } array_map SEC(".maps"); 28 29 const volatile pid_t pid; 30 long err = 0; 31 32 static u64 callback(u64 map, u64 key, u64 val, u64 ctx, u64 flags) 33 { 34 return 0; 35 } 36 37 SEC("tp/syscalls/sys_enter_getpid") 38 int map_update(void *ctx) 39 { 40 const int key = 0; 41 const int val = 1; 42 43 if (pid != (bpf_get_current_pid_tgid() >> 32)) 44 return 0; 45 46 err = bpf_map_update_elem(&hash_map, &key, &val, BPF_NOEXIST); 47 48 return 0; 49 } 50 51 SEC("tp/syscalls/sys_enter_getppid") 52 int map_delete(void *ctx) 53 { 54 const int key = 0; 55 56 if (pid != (bpf_get_current_pid_tgid() >> 32)) 57 return 0; 58 59 err = bpf_map_delete_elem(&hash_map, &key); 60 61 return 0; 62 } 63 64 SEC("tp/syscalls/sys_enter_getuid") 65 int map_push(void *ctx) 66 { 67 const int val = 1; 68 69 if (pid != (bpf_get_current_pid_tgid() >> 32)) 70 return 0; 71 72 err = bpf_map_push_elem(&stack_map, &val, 0); 73 74 return 0; 75 } 76 77 SEC("tp/syscalls/sys_enter_geteuid") 78 int map_pop(void *ctx) 79 { 80 int val; 81 82 if (pid != (bpf_get_current_pid_tgid() >> 32)) 83 return 0; 84 85 err = bpf_map_pop_elem(&stack_map, &val); 86 87 return 0; 88 } 89 90 SEC("tp/syscalls/sys_enter_getgid") 91 int map_peek(void *ctx) 92 { 93 int val; 94 95 if (pid != (bpf_get_current_pid_tgid() >> 32)) 96 return 0; 97 98 err = bpf_map_peek_elem(&stack_map, &val); 99 100 return 0; 101 } 102 103 SEC("tp/syscalls/sys_enter_gettid") 104 int map_for_each_pass(void *ctx) 105 { 106 const int key = 0; 107 const int val = 1; 108 const u64 flags = 0; 109 int callback_ctx; 110 111 if (pid != (bpf_get_current_pid_tgid() >> 32)) 112 return 0; 113 114 bpf_map_update_elem(&array_map, &key, &val, flags); 115 116 err = bpf_for_each_map_elem(&array_map, callback, &callback_ctx, flags); 117 118 return 0; 119 } 120 121 SEC("tp/syscalls/sys_enter_getpgid") 122 int map_for_each_fail(void *ctx) 123 { 124 const int key = 0; 125 const int val = 1; 126 const u64 flags = BPF_NOEXIST; 127 int callback_ctx; 128 129 if (pid != (bpf_get_current_pid_tgid() >> 32)) 130 return 0; 131 132 bpf_map_update_elem(&array_map, &key, &val, flags); 133 134 /* calling for_each with non-zero flags will return error */ 135 err = bpf_for_each_map_elem(&array_map, callback, &callback_ctx, flags); 136 137 return 0; 138 } 139