1 // SPDX-License-Identifier: GPL-2.0 2 3 /* 4 * Copyright 2020 Google LLC. 5 */ 6 7 #include "vmlinux.h" 8 #include <bpf/bpf_helpers.h> 9 #include <bpf/bpf_tracing.h> 10 #include <errno.h> 11 12 char _license[] SEC("license") = "GPL"; 13 14 int monitored_pid = 0; 15 int mprotect_count = 0; 16 int bprm_count = 0; 17 18 SEC("lsm/file_mprotect") 19 int BPF_PROG(test_int_hook, struct vm_area_struct *vma, 20 unsigned long reqprot, unsigned long prot, int ret) 21 { 22 if (ret != 0) 23 return ret; 24 25 __u32 pid = bpf_get_current_pid_tgid() >> 32; 26 int is_stack = 0; 27 28 is_stack = (vma->vm_start <= vma->vm_mm->start_stack && 29 vma->vm_end >= vma->vm_mm->start_stack); 30 31 if (is_stack && monitored_pid == pid) { 32 mprotect_count++; 33 ret = -EPERM; 34 } 35 36 return ret; 37 } 38 39 SEC("lsm/bprm_committed_creds") 40 int BPF_PROG(test_void_hook, struct linux_binprm *bprm) 41 { 42 __u32 pid = bpf_get_current_pid_tgid() >> 32; 43 44 if (monitored_pid == pid) 45 bprm_count++; 46 47 return 0; 48 } 49