1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (c) 2024 Meta Platforms, Inc. and affiliates. */ 3 4 #include "vmlinux.h" 5 #include <bpf/bpf_helpers.h> 6 #include <bpf/bpf_tracing.h> 7 8 char _license[] SEC("license") = "GPL"; 9 10 int my_pid; 11 bool reject_capable; 12 bool reject_cmd; 13 14 SEC("lsm/bpf_token_capable") 15 int BPF_PROG(token_capable, struct bpf_token *token, int cap) 16 { 17 if (my_pid == 0 || my_pid != (bpf_get_current_pid_tgid() >> 32)) 18 return 0; 19 if (reject_capable) 20 return -1; 21 return 0; 22 } 23 24 SEC("lsm/bpf_token_cmd") 25 int BPF_PROG(token_cmd, struct bpf_token *token, enum bpf_cmd cmd) 26 { 27 if (my_pid == 0 || my_pid != (bpf_get_current_pid_tgid() >> 32)) 28 return 0; 29 if (reject_cmd) 30 return -1; 31 return 0; 32 } 33