1*4882a593Smuzhiyun /* Copyright (c) 2017 Facebook 2*4882a593Smuzhiyun * 3*4882a593Smuzhiyun * This program is free software; you can redistribute it and/or 4*4882a593Smuzhiyun * modify it under the terms of version 2 of the GNU General Public 5*4882a593Smuzhiyun * License as published by the Free Software Foundation. 6*4882a593Smuzhiyun */ 7*4882a593Smuzhiyun 8*4882a593Smuzhiyun #include <linux/bpf.h> 9*4882a593Smuzhiyun #include <linux/version.h> 10*4882a593Smuzhiyun #include <bpf/bpf_helpers.h> 11*4882a593Smuzhiyun 12*4882a593Smuzhiyun SEC("cgroup/dev") bpf_prog1(struct bpf_cgroup_dev_ctx * ctx)13*4882a593Smuzhiyunint bpf_prog1(struct bpf_cgroup_dev_ctx *ctx) 14*4882a593Smuzhiyun { 15*4882a593Smuzhiyun short type = ctx->access_type & 0xFFFF; 16*4882a593Smuzhiyun #ifdef DEBUG 17*4882a593Smuzhiyun short access = ctx->access_type >> 16; 18*4882a593Smuzhiyun char fmt[] = " %d:%d \n"; 19*4882a593Smuzhiyun 20*4882a593Smuzhiyun switch (type) { 21*4882a593Smuzhiyun case BPF_DEVCG_DEV_BLOCK: 22*4882a593Smuzhiyun fmt[0] = 'b'; 23*4882a593Smuzhiyun break; 24*4882a593Smuzhiyun case BPF_DEVCG_DEV_CHAR: 25*4882a593Smuzhiyun fmt[0] = 'c'; 26*4882a593Smuzhiyun break; 27*4882a593Smuzhiyun default: 28*4882a593Smuzhiyun fmt[0] = '?'; 29*4882a593Smuzhiyun break; 30*4882a593Smuzhiyun } 31*4882a593Smuzhiyun 32*4882a593Smuzhiyun if (access & BPF_DEVCG_ACC_READ) 33*4882a593Smuzhiyun fmt[8] = 'r'; 34*4882a593Smuzhiyun 35*4882a593Smuzhiyun if (access & BPF_DEVCG_ACC_WRITE) 36*4882a593Smuzhiyun fmt[9] = 'w'; 37*4882a593Smuzhiyun 38*4882a593Smuzhiyun if (access & BPF_DEVCG_ACC_MKNOD) 39*4882a593Smuzhiyun fmt[10] = 'm'; 40*4882a593Smuzhiyun 41*4882a593Smuzhiyun bpf_trace_printk(fmt, sizeof(fmt), ctx->major, ctx->minor); 42*4882a593Smuzhiyun #endif 43*4882a593Smuzhiyun 44*4882a593Smuzhiyun /* Allow access to /dev/zero and /dev/random. 45*4882a593Smuzhiyun * Forbid everything else. 46*4882a593Smuzhiyun */ 47*4882a593Smuzhiyun if (ctx->major != 1 || type != BPF_DEVCG_DEV_CHAR) 48*4882a593Smuzhiyun return 0; 49*4882a593Smuzhiyun 50*4882a593Smuzhiyun switch (ctx->minor) { 51*4882a593Smuzhiyun case 5: /* 1:5 /dev/zero */ 52*4882a593Smuzhiyun case 9: /* 1:9 /dev/urandom */ 53*4882a593Smuzhiyun return 1; 54*4882a593Smuzhiyun } 55*4882a593Smuzhiyun 56*4882a593Smuzhiyun return 0; 57*4882a593Smuzhiyun } 58*4882a593Smuzhiyun 59*4882a593Smuzhiyun char _license[] SEC("license") = "GPL"; 60*4882a593Smuzhiyun __u32 _version SEC("version") = LINUX_VERSION_CODE; 61