0001
0002
0003 #include "vmlinux.h"
0004 #include <bpf/bpf_helpers.h>
0005 #include <bpf/bpf_tracing.h>
0006
0007 #define MAX_PATH_LEN 128
0008 #define MAX_FILES 7
0009
0010 pid_t my_pid = 0;
0011 __u32 cnt_stat = 0;
0012 __u32 cnt_close = 0;
0013 char paths_stat[MAX_FILES][MAX_PATH_LEN] = {};
0014 char paths_close[MAX_FILES][MAX_PATH_LEN] = {};
0015 int rets_stat[MAX_FILES] = {};
0016 int rets_close[MAX_FILES] = {};
0017
0018 int called_stat = 0;
0019 int called_close = 0;
0020
0021 SEC("fentry/security_inode_getattr")
0022 int BPF_PROG(prog_stat, struct path *path, struct kstat *stat,
0023 __u32 request_mask, unsigned int query_flags)
0024 {
0025 pid_t pid = bpf_get_current_pid_tgid() >> 32;
0026 __u32 cnt = cnt_stat;
0027 int ret;
0028
0029 called_stat = 1;
0030
0031 if (pid != my_pid)
0032 return 0;
0033
0034 if (cnt >= MAX_FILES)
0035 return 0;
0036 ret = bpf_d_path(path, paths_stat[cnt], MAX_PATH_LEN);
0037
0038 rets_stat[cnt] = ret;
0039 cnt_stat++;
0040 return 0;
0041 }
0042
0043 SEC("fentry/filp_close")
0044 int BPF_PROG(prog_close, struct file *file, void *id)
0045 {
0046 pid_t pid = bpf_get_current_pid_tgid() >> 32;
0047 __u32 cnt = cnt_close;
0048 int ret;
0049
0050 called_close = 1;
0051
0052 if (pid != my_pid)
0053 return 0;
0054
0055 if (cnt >= MAX_FILES)
0056 return 0;
0057 ret = bpf_d_path(&file->f_path,
0058 paths_close[cnt], MAX_PATH_LEN);
0059
0060 rets_close[cnt] = ret;
0061 cnt_close++;
0062 return 0;
0063 }
0064
0065 char _license[] SEC("license") = "GPL";
