add access data
This commit is contained in:
17
bpf/lsm.c
17
bpf/lsm.c
@ -24,6 +24,7 @@ typedef struct check_ctx {
|
||||
struct dentry *dentry;
|
||||
__u64 need_to_be_checked;
|
||||
__u64 return_value;
|
||||
__u64 root_inode;
|
||||
} check_ctx;
|
||||
|
||||
struct {
|
||||
@ -65,6 +66,7 @@ static __u64 check_file_need_protection(struct bpf_map *map,
|
||||
// enumerate from the leaf to root
|
||||
while (count_down-- > 0 && dentry != NULL) {
|
||||
if (dentry->d_inode->i_ino == *inode) {
|
||||
ctx->root_inode = dentry->d_inode->i_ino;
|
||||
ctx->need_to_be_checked = 1;
|
||||
return 1;
|
||||
}
|
||||
@ -111,6 +113,9 @@ int BPF_PROG(check_file_open, struct file *file, int ret) {
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
__u64 counter_init_val = 1;
|
||||
__u64 *counter;
|
||||
|
||||
check_ctx data = {
|
||||
.dentry = file->f_path.dentry,
|
||||
.need_to_be_checked = 0,
|
||||
@ -126,10 +131,18 @@ int BPF_PROG(check_file_open, struct file *file, int ret) {
|
||||
data.need_to_be_checked = 1;
|
||||
bpf_for_each_map_elem(&states, check_service_status, &data, 0);
|
||||
|
||||
// TODO: write perf data
|
||||
|
||||
if (!data.need_to_be_checked) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (data.return_value != 0) {
|
||||
counter = bpf_map_lookup_elem(&banned_access, &data.root_inode);
|
||||
if (counter == NULL)
|
||||
bpf_map_update_elem(&banned_access, &data.root_inode, &counter_init_val,
|
||||
BPF_ANY);
|
||||
else
|
||||
__sync_fetch_and_add(counter, 1);
|
||||
}
|
||||
|
||||
return data.return_value;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user