From 38abaebab795d87a4e5bbf2ce00e7e37a3db3847 Mon Sep 17 00:00:00 2001 From: Kuan-Ying Lee Date: Fri, 18 Jun 2021 13:36:30 +0800 Subject: [PATCH] ANDROID: syscall_check: add vendor hook for bpf syscall Through this vendor hook, we can get the timing to check current running task for the validation of its credential and bpf operations. Bug: 191291287 Signed-off-by: Kuan-Ying Lee Change-Id: Ie4ed8df7ad66df2486fc7e52a26d9191fc0c176e --- drivers/android/vendor_hooks.c | 1 + include/trace/hooks/syscall_check.h | 5 +++++ kernel/bpf/syscall.c | 4 ++++ 3 files changed, 10 insertions(+) diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index b39c1a45587f..a3225fd58f8a 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -349,3 +349,4 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_ptype_head); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_kfree_skb); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_check_mmap_file); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_check_file_open); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_check_bpf_syscall); diff --git a/include/trace/hooks/syscall_check.h b/include/trace/hooks/syscall_check.h index f21a52730111..d39802aa4a1e 100644 --- a/include/trace/hooks/syscall_check.h +++ b/include/trace/hooks/syscall_check.h @@ -12,6 +12,7 @@ * mechanism for vendor modules to hook and extend functionality */ struct file; +union bpf_attr; DECLARE_HOOK(android_vh_check_mmap_file, TP_PROTO(const struct file *file, unsigned long prot, unsigned long flag, unsigned long ret), @@ -21,6 +22,10 @@ DECLARE_HOOK(android_vh_check_file_open, TP_PROTO(const struct file *file), TP_ARGS(file)); +DECLARE_HOOK(android_vh_check_bpf_syscall, + TP_PROTO(int cmd, const union bpf_attr *attr, unsigned int size), + TP_ARGS(cmd, attr, size)); + #endif /* _TRACE_HOOK_SYSCALL_CHECK_H */ /* This part must be outside protection */ #include diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 9433ab9995cd..2fee91544ecb 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -32,6 +32,8 @@ #include #include +#include + #define IS_FD_ARRAY(map) ((map)->map_type == BPF_MAP_TYPE_PERF_EVENT_ARRAY || \ (map)->map_type == BPF_MAP_TYPE_CGROUP_ARRAY || \ (map)->map_type == BPF_MAP_TYPE_ARRAY_OF_MAPS) @@ -4374,6 +4376,8 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz if (copy_from_user(&attr, uattr, size) != 0) return -EFAULT; + trace_android_vh_check_bpf_syscall(cmd, &attr, size); + err = security_bpf(cmd, &attr, size); if (err < 0) return err;