134b82d3aSKP Singh // SPDX-License-Identifier: GPL-2.0 234b82d3aSKP Singh 334b82d3aSKP Singh /* 434b82d3aSKP Singh * Copyright 2020 Google LLC. 534b82d3aSKP Singh */ 634b82d3aSKP Singh 734b82d3aSKP Singh #include "vmlinux.h" 834b82d3aSKP Singh #include <errno.h> 934b82d3aSKP Singh #include <bpf/bpf_helpers.h> 1034b82d3aSKP Singh #include <bpf/bpf_tracing.h> 1134b82d3aSKP Singh 1234b82d3aSKP Singh u32 monitored_pid = 0; 1334b82d3aSKP Singh 14f446b570SKP Singh struct { 15f446b570SKP Singh __uint(type, BPF_MAP_TYPE_RINGBUF); 16f446b570SKP Singh __uint(max_entries, 1 << 12); 17f446b570SKP Singh } ringbuf SEC(".maps"); 18f446b570SKP Singh 1934b82d3aSKP Singh char _license[] SEC("license") = "GPL"; 2034b82d3aSKP Singh 21*2746de3cSRoberto Sassu static void ima_test_common(struct file *file) 2234b82d3aSKP Singh { 23f446b570SKP Singh u64 ima_hash = 0; 24f446b570SKP Singh u64 *sample; 25f446b570SKP Singh int ret; 26f446b570SKP Singh u32 pid; 2734b82d3aSKP Singh 28f446b570SKP Singh pid = bpf_get_current_pid_tgid() >> 32; 29f446b570SKP Singh if (pid == monitored_pid) { 30*2746de3cSRoberto Sassu ret = bpf_ima_inode_hash(file->f_inode, &ima_hash, 31f446b570SKP Singh sizeof(ima_hash)); 32f446b570SKP Singh if (ret < 0 || ima_hash == 0) 33f446b570SKP Singh return; 3434b82d3aSKP Singh 35f446b570SKP Singh sample = bpf_ringbuf_reserve(&ringbuf, sizeof(u64), 0); 36f446b570SKP Singh if (!sample) 37f446b570SKP Singh return; 38f446b570SKP Singh 39f446b570SKP Singh *sample = ima_hash; 40f446b570SKP Singh bpf_ringbuf_submit(sample, 0); 41f446b570SKP Singh } 42f446b570SKP Singh 43f446b570SKP Singh return; 4434b82d3aSKP Singh } 45*2746de3cSRoberto Sassu 46*2746de3cSRoberto Sassu SEC("lsm.s/bprm_committed_creds") 47*2746de3cSRoberto Sassu void BPF_PROG(bprm_committed_creds, struct linux_binprm *bprm) 48*2746de3cSRoberto Sassu { 49*2746de3cSRoberto Sassu ima_test_common(bprm->file); 50*2746de3cSRoberto Sassu } 51