1// SPDX-License-Identifier: GPL-2.0
2/* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
3
4#include "vmlinux.h"
5#include <bpf/bpf_helpers.h>
6
7char _license[] SEC("license") = "GPL";
8
9struct {
10	__uint(type, BPF_MAP_TYPE_HASH);
11	__uint(max_entries, 1);
12	__type(key, int);
13	__type(value, int);
14} hash_map SEC(".maps");
15
16struct {
17	__uint(type, BPF_MAP_TYPE_STACK);
18	__uint(max_entries, 1);
19	__type(value, int);
20} stack_map SEC(".maps");
21
22struct {
23	__uint(type, BPF_MAP_TYPE_ARRAY);
24	__uint(max_entries, 1);
25	__type(key, int);
26	__type(value, int);
27} array_map SEC(".maps");
28
29const volatile pid_t pid;
30long err = 0;
31
32static u64 callback(u64 map, u64 key, u64 val, u64 ctx, u64 flags)
33{
34	return 0;
35}
36
37SEC("tp/syscalls/sys_enter_getpid")
38int map_update(void *ctx)
39{
40	const int key = 0;
41	const int val = 1;
42
43	if (pid != (bpf_get_current_pid_tgid() >> 32))
44		return 0;
45
46	err = bpf_map_update_elem(&hash_map, &key, &val, BPF_NOEXIST);
47
48	return 0;
49}
50
51SEC("tp/syscalls/sys_enter_getppid")
52int map_delete(void *ctx)
53{
54	const int key = 0;
55
56	if (pid != (bpf_get_current_pid_tgid() >> 32))
57		return 0;
58
59	err = bpf_map_delete_elem(&hash_map, &key);
60
61	return 0;
62}
63
64SEC("tp/syscalls/sys_enter_getuid")
65int map_push(void *ctx)
66{
67	const int val = 1;
68
69	if (pid != (bpf_get_current_pid_tgid() >> 32))
70		return 0;
71
72	err = bpf_map_push_elem(&stack_map, &val, 0);
73
74	return 0;
75}
76
77SEC("tp/syscalls/sys_enter_geteuid")
78int map_pop(void *ctx)
79{
80	int val;
81
82	if (pid != (bpf_get_current_pid_tgid() >> 32))
83		return 0;
84
85	err = bpf_map_pop_elem(&stack_map, &val);
86
87	return 0;
88}
89
90SEC("tp/syscalls/sys_enter_getgid")
91int map_peek(void *ctx)
92{
93	int val;
94
95	if (pid != (bpf_get_current_pid_tgid() >> 32))
96		return 0;
97
98	err = bpf_map_peek_elem(&stack_map, &val);
99
100	return 0;
101}
102
103SEC("tp/syscalls/sys_enter_gettid")
104int map_for_each_pass(void *ctx)
105{
106	const int key = 0;
107	const int val = 1;
108	const u64 flags = 0;
109	int callback_ctx;
110
111	if (pid != (bpf_get_current_pid_tgid() >> 32))
112		return 0;
113
114	bpf_map_update_elem(&array_map, &key, &val, flags);
115
116	err = bpf_for_each_map_elem(&array_map, callback, &callback_ctx, flags);
117
118	return 0;
119}
120
121SEC("tp/syscalls/sys_enter_getpgid")
122int map_for_each_fail(void *ctx)
123{
124	const int key = 0;
125	const int val = 1;
126	const u64 flags = BPF_NOEXIST;
127	int callback_ctx;
128
129	if (pid != (bpf_get_current_pid_tgid() >> 32))
130		return 0;
131
132	bpf_map_update_elem(&array_map, &key, &val, flags);
133
134	/* calling for_each with non-zero flags will return error */
135	err = bpf_for_each_map_elem(&array_map, callback, &callback_ctx, flags);
136
137	return 0;
138}
139