Home Explore Help
Sign In
DragonOS-Community
/
aya
mirror of https://github.com/aya-rs/aya
4
0
Fork 0
Files Issues 0 Wiki
Tree: 09eefd366f
Branches Tags
aya
/
ebpf
/
aya-ebpf
/
src
/
programs
/
lsm.rs

lsm.rs 2.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. use core::ffi::c_void;
    2. 

  2. 

  3. use crate::{args::FromBtfArgument, EbpfContext};
    4. 

  4. 

  5. pub struct LsmContext {
    6. 

  6.     ctx: *mut c_void,
    7. 

  7. }
    8. 

  8. 

  9. impl LsmContext {
    10. 

  10.     pub fn new(ctx: *mut c_void) -> LsmContext {
    11. 

  11.         LsmContext { ctx }
    12. 

  12.     }
    13. 

  13. 

  14.     /// Returns the `n`th argument passed to the LSM hook, starting from 0.
    15. 

  15.     ///
    16. 

  16.     /// You can refer to [the kernel's list of LSM hook definitions][1] to find the
    17. 

  17.     /// appropriate argument list for your LSM hook, where the argument list starts
    18. 

  18.     /// _after_ the third parameter to the kernel's `LSM_HOOK` macro.
    19. 

  19.     ///
    20. 

  20.     /// LSM probes specifically have access to an additional argument `retval: int`
    21. 

  21.     /// which provides the return value of the previous LSM program that was called on
    22. 

  22.     /// this code path, or 0 if this is the first LSM program to be called. This phony
    23. 

  23.     /// argument is always last in the argument list.
    24. 

  24.     ///
    25. 

  25.     /// SAFETY: This function is deeply unsafe, as we are reading raw pointers into kernel memory.
    26. 

  26.     /// In particular, the value of `n` must not exceed the number of function arguments.
    27. 

  27.     /// Luckily, the BPF verifier will catch this for us.
    28. 

  28.     ///
    29. 

  29.     /// # Examples
    30. 

  30.     ///
    31. 

  31.     /// ```no_run
    32. 

  32.     /// # #![allow(dead_code)]
    33. 

  33.     /// # use aya_ebpf::{programs::LsmContext, cty::{c_int, c_ulong}};
    34. 

  34.     /// unsafe fn try_lsm_mmap_addr(ctx: LsmContext) -> Result<i32, i32> {
    35. 

  35.     ///     // In the kernel, this hook is defined as:
    36. 

  36.     ///     //   LSM_HOOK(int, 0, mmap_addr, unsigned long addr)
    37. 

  37.     ///     let addr: c_ulong = ctx.arg(0);
    38. 

  38.     ///     let retval: c_int = ctx.arg(1);
    39. 

  39.     ///
    40. 

  40.     ///     // You can then do stuff with addr and retval down here.
    41. 

  41.     ///
    42. 

  42.     ///     // To practice good LSM hygiene, let's defer to a previous retval
    43. 

  43.     ///     // if available:
    44. 

  44.     ///     if (retval != 0) {
    45. 

  45.     ///         return Ok(retval);
    46. 

  46.     ///     }
    47. 

  47.     ///
    48. 

  48.     ///     Ok(0)
    49. 

  49.     /// }
    50. 

  50.     /// ```
    51. 

  51.     ///
    52. 

  52.     /// [1]: https://elixir.bootlin.com/linux/latest/source/include/linux/lsm_hook_defs.h
    53. 

  53.     pub unsafe fn arg<T: FromBtfArgument>(&self, n: usize) -> T {
    54. 

  54.         T::from_argument(self.ctx as *const _, n)
    55. 

  55.     }
    56. 

  56. }
    57. 

  57. 

  58. impl EbpfContext for LsmContext {
    59. 

  59.     fn as_ptr(&self) -> *mut c_void {
    60. 

  60.         self.ctx
    61. 

  61.     }
    62. 

  62. }
    63.