1// SPDX-License-Identifier: GPL-2.0
 2
 3/*
 4 * Copyright (C) 2020 Google LLC.
 5 */
 6
 7#include <linux/filter.h>
 8#include <linux/bpf.h>
 9#include <linux/btf.h>
10#include <linux/lsm_hooks.h>
11#include <linux/bpf_lsm.h>
12#include <linux/kallsyms.h>
13#include <linux/bpf_verifier.h>
14
15/* For every LSM hook that allows attachment of BPF programs, declare a nop
16 * function where a BPF program can be attached.
17 */
18#define LSM_HOOK(RET, DEFAULT, NAME, ...)	\
19noinline RET bpf_lsm_##NAME(__VA_ARGS__)	\
20{						\
21	return DEFAULT;				\
22}
23
24#include <linux/lsm_hook_defs.h>
25#undef LSM_HOOK
26
27#define BPF_LSM_SYM_PREFX  "bpf_lsm_"
28
29int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
30			const struct bpf_prog *prog)
31{
32	if (!prog->gpl_compatible) {
33		bpf_log(vlog,
34			"LSM programs must have a GPL compatible license\n");
35		return -EINVAL;
36	}
37
38	if (strncmp(BPF_LSM_SYM_PREFX, prog->aux->attach_func_name,
39		    sizeof(BPF_LSM_SYM_PREFX) - 1)) {
40		bpf_log(vlog, "attach_btf_id %u points to wrong type name %s\n",
41			prog->aux->attach_btf_id, prog->aux->attach_func_name);
42		return -EINVAL;
43	}
44
45	return 0;
46}
47
48const struct bpf_prog_ops lsm_prog_ops = {
49};
50
51const struct bpf_verifier_ops lsm_verifier_ops = {
52	.get_func_proto = tracing_prog_func_proto,
53	.is_valid_access = btf_ctx_access,
54};