1 // SPDX-License-Identifier: GPL-2.0 2 3 #include "vmlinux.h" 4 #include <bpf/bpf_helpers.h> 5 #include <bpf/bpf_tracing.h> 6 7 #define MAX_PATH_LEN 128 8 #define MAX_FILES 7 9 10 pid_t my_pid = 0; 11 __u32 cnt_stat = 0; 12 __u32 cnt_close = 0; 13 char paths_stat[MAX_FILES][MAX_PATH_LEN] = {}; 14 char paths_close[MAX_FILES][MAX_PATH_LEN] = {}; 15 int rets_stat[MAX_FILES] = {}; 16 int rets_close[MAX_FILES] = {}; 17 18 int called_stat = 0; 19 int called_close = 0; 20 21 SEC("fentry/security_inode_getattr") 22 int BPF_PROG(prog_stat, struct path *path, struct kstat *stat, 23 __u32 request_mask, unsigned int query_flags) 24 { 25 pid_t pid = bpf_get_current_pid_tgid() >> 32; 26 __u32 cnt = cnt_stat; 27 int ret; 28 29 called_stat = 1; 30 31 if (pid != my_pid) 32 return 0; 33 34 if (cnt >= MAX_FILES) 35 return 0; 36 ret = bpf_d_path(path, paths_stat[cnt], MAX_PATH_LEN); 37 38 rets_stat[cnt] = ret; 39 cnt_stat++; 40 return 0; 41 } 42 43 SEC("fentry/filp_close") 44 int BPF_PROG(prog_close, struct file *file, void *id) 45 { 46 pid_t pid = bpf_get_current_pid_tgid() >> 32; 47 __u32 cnt = cnt_close; 48 int ret; 49 50 called_close = 1; 51 52 if (pid != my_pid) 53 return 0; 54 55 if (cnt >= MAX_FILES) 56 return 0; 57 ret = bpf_d_path(&file->f_path, 58 paths_close[cnt], MAX_PATH_LEN); 59 60 rets_close[cnt] = ret; 61 cnt_close++; 62 return 0; 63 } 64 65 char _license[] SEC("license") = "GPL"; 66