// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
#include "vmlinux.h"
#include <bpf/bpf_helpers.h>
char _license[] SEC("license") = "GPL";
struct {
__uint(type, BPF_MAP_TYPE_HASH);
__uint(max_entries, 1);
__type(key, int);
__type(value, int);
} hash_map SEC(".maps");
struct {
__uint(type, BPF_MAP_TYPE_STACK);
__uint(max_entries, 1);
__type(value, int);
} stack_map SEC(".maps");
struct {
__uint(type, BPF_MAP_TYPE_ARRAY);
__uint(max_entries, 1);
__type(key, int);
__type(value, int);
} array_map SEC(".maps");
const volatile pid_t pid;
long err = 0;
static u64 callback(u64 map, u64 key, u64 val, u64 ctx, u64 flags)
{
return 0;
}
SEC("tp/syscalls/sys_enter_getpid")
int map_update(void *ctx)
{
const int key = 0;
const int val = 1;
if (pid != (bpf_get_current_pid_tgid() >> 32))
return 0;
err = bpf_map_update_elem(&hash_map, &key, &val, BPF_NOEXIST);
return 0;
}
SEC("tp/syscalls/sys_enter_getppid")
int map_delete(void *ctx)
{
const int key = 0;
if (pid != (bpf_get_current_pid_tgid() >> 32))
return 0;
err = bpf_map_delete_elem(&hash_map, &key);
return 0;
}
SEC("tp/syscalls/sys_enter_getuid")
int map_push(void *ctx)
{
const int val = 1;
if (pid != (bpf_get_current_pid_tgid() >> 32))
return 0;
err = bpf_map_push_elem(&stack_map, &val, 0);
return 0;
}
SEC("tp/syscalls/sys_enter_geteuid")
int map_pop(void *ctx)
{
int val;
if (pid != (bpf_get_current_pid_tgid() >> 32))
return 0;
err = bpf_map_pop_elem(&stack_map, &val);
return 0;
}
SEC("tp/syscalls/sys_enter_getgid")
int map_peek(void *ctx)
{
int val;
if (pid != (bpf_get_current_pid_tgid() >> 32))
return 0;
err = bpf_map_peek_elem(&stack_map, &val);
return 0;
}
SEC("tp/syscalls/sys_enter_gettid")
int map_for_each_pass(void *ctx)
{
const int key = 0;
const int val = 1;
const u64 flags = 0;
int callback_ctx;
if (pid != (bpf_get_current_pid_tgid() >> 32))
return 0;
bpf_map_update_elem(&array_map, &key, &val, flags);
err = bpf_for_each_map_elem(&array_map, callback, &callback_ctx, flags);
return 0;
}
SEC("tp/syscalls/sys_enter_getpgid")
int map_for_each_fail(void *ctx)
{
const int key = 0;
const int val = 1;
const u64 flags = BPF_NOEXIST;
int callback_ctx;
if (pid != (bpf_get_current_pid_tgid() >> 32))
return 0;
bpf_map_update_elem(&array_map, &key, &val, flags);
/* calling for_each with non-zero flags will return error */
err = bpf_for_each_map_elem(&array_map, callback, &callback_ctx, flags);
return 0;
}