| // SPDX-License-Identifier: GPL-2.0 |
| |
| /* |
| * Copyright (C) 2020 Google LLC. |
| */ |
| |
| #include <linux/filter.h> |
| #include <linux/bpf.h> |
| #include <linux/btf.h> |
| #include <linux/lsm_hooks.h> |
| #include <linux/bpf_lsm.h> |
| #include <linux/kallsyms.h> |
| #include <linux/bpf_verifier.h> |
| |
| /* For every LSM hook that allows attachment of BPF programs, declare a nop |
| * function where a BPF program can be attached. |
| */ |
| #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ |
| noinline RET bpf_lsm_##NAME(__VA_ARGS__) \ |
| { \ |
| return DEFAULT; \ |
| } |
| |
| #include <linux/lsm_hook_defs.h> |
| #undef LSM_HOOK |
| |
| #define BPF_LSM_SYM_PREFX "bpf_lsm_" |
| |
| int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog, |
| const struct bpf_prog *prog) |
| { |
| if (!prog->gpl_compatible) { |
| bpf_log(vlog, |
| "LSM programs must have a GPL compatible license\n"); |
| return -EINVAL; |
| } |
| |
| if (strncmp(BPF_LSM_SYM_PREFX, prog->aux->attach_func_name, |
| sizeof(BPF_LSM_SYM_PREFX) - 1)) { |
| bpf_log(vlog, "attach_btf_id %u points to wrong type name %s\n", |
| prog->aux->attach_btf_id, prog->aux->attach_func_name); |
| return -EINVAL; |
| } |
| |
| return 0; |
| } |
| |
| const struct bpf_prog_ops lsm_prog_ops = { |
| }; |
| |
| const struct bpf_verifier_ops lsm_verifier_ops = { |
| .get_func_proto = tracing_prog_func_proto, |
| .is_valid_access = btf_ctx_access, |
| }; |
