162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci 362306a36Sopenharmony_ci/* 462306a36Sopenharmony_ci * Copyright 2020 Google LLC. 562306a36Sopenharmony_ci */ 662306a36Sopenharmony_ci 762306a36Sopenharmony_ci#include <linux/bpf.h> 862306a36Sopenharmony_ci#include <errno.h> 962306a36Sopenharmony_ci#include <bpf/bpf_helpers.h> 1062306a36Sopenharmony_ci#include <bpf/bpf_tracing.h> 1162306a36Sopenharmony_ci 1262306a36Sopenharmony_cichar _license[] SEC("license") = "GPL"; 1362306a36Sopenharmony_ci 1462306a36Sopenharmony_cistruct { 1562306a36Sopenharmony_ci __uint(type, BPF_MAP_TYPE_TASK_STORAGE); 1662306a36Sopenharmony_ci __uint(map_flags, BPF_F_NO_PREALLOC); 1762306a36Sopenharmony_ci __type(key, int); 1862306a36Sopenharmony_ci __type(value, int); 1962306a36Sopenharmony_ci} secure_exec_task_map SEC(".maps"); 2062306a36Sopenharmony_ci 2162306a36Sopenharmony_ciSEC("lsm/bprm_creds_for_exec") 2262306a36Sopenharmony_ciint BPF_PROG(secure_exec, struct linux_binprm *bprm) 2362306a36Sopenharmony_ci{ 2462306a36Sopenharmony_ci int *secureexec; 2562306a36Sopenharmony_ci 2662306a36Sopenharmony_ci secureexec = bpf_task_storage_get(&secure_exec_task_map, 2762306a36Sopenharmony_ci bpf_get_current_task_btf(), 0, 2862306a36Sopenharmony_ci BPF_LOCAL_STORAGE_GET_F_CREATE); 2962306a36Sopenharmony_ci 3062306a36Sopenharmony_ci if (secureexec && *secureexec) 3162306a36Sopenharmony_ci bpf_bprm_opts_set(bprm, BPF_F_BPRM_SECUREEXEC); 3262306a36Sopenharmony_ci 3362306a36Sopenharmony_ci return 0; 3462306a36Sopenharmony_ci} 35