ebpf: remove dev checking

fleek-network · Jun 4, 2024 · 8314b4a · 8314b4a
1 parent b9162db
commit 8314b4a
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 23 deletions.
diff --git a/etc/ebpf/common/src/lib.rs b/etc/ebpf/common/src/lib.rs
@@ -80,6 +80,16 @@ pub struct File {
     pub dev: u32,
 }
 
+impl File {
+    pub fn new(inode: u64) -> Self {
+        Self {
+            inode,
+            // Todo: This is not supported yet.
+            dev: 0,
+        }
+    }
+}
+
 #[cfg(feature = "userspace")]
 unsafe impl aya::Pod for File {}
 

diff --git a/etc/ebpf/ebpf/src/file_open.rs b/etc/ebpf/ebpf/src/file_open.rs
@@ -18,44 +18,38 @@ unsafe fn try_file_open(ctx: LsmContext) -> Result<i32, c_long> {
 
     info!(&ctx, "file_open attempt on {}", inode_n);
 
-    // Todo: Get device ID.
-    let file = File {
-        inode: inode_n,
-        dev: 0,
-    };
-
-    verify_permission(&ctx, &file)
+    verify_permission(&ctx, inode_n)
 }
 
-unsafe fn verify_permission(ctx: &LsmContext, file: &File) -> Result<i32, c_long> {
-    let binfile = get_current_process_binfile()?;
+unsafe fn verify_permission(ctx: &LsmContext, target_inode: u64) -> Result<i32, c_long> {
+    let task_inode = get_inode_from_current_task()?;
+
+    // Todo: let's put this log behind a flag as it's for debugging.
     let pid = aya_ebpf::helpers::bpf_get_current_pid_tgid();
     info!(
         ctx,
-        "Process {} running bin {} attempting to open file", pid, binfile.inode
+        "Process {} running bin {} attempting to open file", pid, task_inode
     );
 
-    if let Some(rule_list) = maps::FILE_RULES.get(&binfile) {
-        if binfile.dev == file.dev {
-            if let Some(rule) = rule_list.rules.iter().find(|rule| rule.inode == file.inode) {
-                return Ok(rule.allow);
-            }
+    if let Some(rule_list) = maps::FILE_RULES.get(&File::new(task_inode)) {
+        if let Some(rule) = rule_list
+            .rules
+            .iter()
+            .find(|rule| rule.inode == target_inode)
+        {
+            return Ok(rule.allow);
         }
+        // Todo: Send event about access that was not accounted for.
     }
 
-    // Todo: Send event about access that was not accounted for.
     Ok(0)
 }
 
-unsafe fn get_current_process_binfile() -> Result<File, c_long> {
+/// Get the inode number of the current process's binary file.
+unsafe fn get_inode_from_current_task() -> Result<u64, c_long> {
     let task = aya_ebpf::helpers::bpf_get_current_task() as *mut vmlinux::task_struct;
     let mm = aya_ebpf::helpers::bpf_probe_read_kernel(access::task_struct_mm(task))?;
     let file = aya_ebpf::helpers::bpf_probe_read_kernel(access::mm_exe_file(mm))?;
     let f_inode = aya_ebpf::helpers::bpf_probe_read_kernel(access::file_inode(file))?;
-    // Get the inode number.
-    let i_ino = aya_ebpf::helpers::bpf_probe_read_kernel(access::inode_i_ino(f_inode))?;
-    // Get the device ID from the SuperBlock obj.
-    let super_block = aya_ebpf::helpers::bpf_probe_read_kernel(access::inode_i_sb(f_inode))?;
-    let dev = aya_ebpf::helpers::bpf_probe_read_kernel(access::super_block_s_dev(super_block))?;
-    Ok(File { inode: i_ino, dev })
+    aya_ebpf::helpers::bpf_probe_read_kernel(access::inode_i_ino(f_inode))
 }