yanguangshaonian
/
aya
mirror of https://github.com/aya-rs/aya
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
fix-verifier-blixt
linker-bindep
gh-pages
aya-v0.13.1
aya-obj-v0.2.1
aya-log-v0.2.1
aya-log-common-v0.1.15
aya-ebpf-bindings-v0.1.1
aya-ebpf-cty-v0.2.2
aya-v0.13.0
aya-obj-v0.2.0
aya-log-ebpf-v0.1.0
aya-log-ebpf-macros-v0.1.0
aya-log-parser-v0.1.13
aya-ebpf-v0.1.0
aya-ebpf-macros-v0.1.0
aya-ebpf-bindings-v0.1.0
aya-ebpf-cty-v0.2.1
aya-log-v0.2.0
aya-log-common-v0.1.14
aya-v0.12.0
aya-obj-v0.1.0
aya-log-common-v0.1.13
aya-log-v0.1.13
aya-log-common-v0.1.11
aya-log-v0.1.11
aya-log-common-v0.1.10
aya-log-v0.1.10
aya-v0.11.0
aya-log-common-v0.1.9
aya-log-v0.1.9
aya-v0.10.7
aya-v0.10.6
aya-log-v0.1.1
aya-v0.10.5
aya-v0.10.4
aya-v0.10.3
aya-v0.10.2
aya-v0.10.1
aya-v0.10.0
aya-ebpf-macros-v0.1.1
aya-ebpf-v0.1.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8dc0b80d86'
${ noResults }
aya/ebpf/aya-ebpf/src/programs/lsm.rs

63 lines
2.1 KiB
Rust
Raw Blame History

use core::ffi::c_void;
use crate::{args::FromBtfArgument, EbpfContext};
pub struct LsmContext {
ctx: *mut c_void,
}
impl LsmContext {
pub fn new(ctx: *mut c_void) -> LsmContext {
LsmContext { ctx }
}
/// Returns the `n`th argument passed to the LSM hook, starting from 0.
///
/// You can refer to [the kernel's list of LSM hook definitions][1] to find the
/// appropriate argument list for your LSM hook, where the argument list starts
/// _after_ the third parameter to the kernel's `LSM_HOOK` macro.
///
/// LSM probes specifically have access to an additional argument `retval: int`
/// which provides the return value of the previous LSM program that was called on
/// this code path, or 0 if this is the first LSM program to be called. This phony
/// argument is always last in the argument list.
///
/// SAFETY: This function is deeply unsafe, as we are reading raw pointers into kernel memory.
/// In particular, the value of `n` must not exceed the number of function arguments.
/// Luckily, the BPF verifier will catch this for us.
///
/// # Examples
///
/// ```no_run
/// # #![expect(dead_code)]
/// # use aya_ebpf::{programs::LsmContext, cty::{c_int, c_ulong}};
/// unsafe fn try_lsm_mmap_addr(ctx: LsmContext) -> Result<i32, i32> {
/// // In the kernel, this hook is defined as:
/// // LSM_HOOK(int, 0, mmap_addr, unsigned long addr)
/// let addr: c_ulong = ctx.arg(0);
/// let retval: c_int = ctx.arg(1);
///
/// // You can then do stuff with addr and retval down here.
///
/// // To practice good LSM hygiene, let's defer to a previous retval
/// // if available:
/// if (retval != 0) {
/// return Ok(retval);
/// }
///
/// Ok(0)
/// }
/// ```
///
/// [1]: https://elixir.bootlin.com/linux/latest/source/include/linux/lsm_hook_defs.h
pub unsafe fn arg<T: FromBtfArgument>(&self, n: usize) -> T {
T::from_argument(self.ctx as *const _, n)
}
}
impl EbpfContext for LsmContext {
fn as_ptr(&self) -> *mut c_void {
self.ctx
}
}
Reference in New Issue View Git Blame Copy Permalink