1*1783903dSAndroid Build Coastguard Worker /* 2*1783903dSAndroid Build Coastguard Worker * fuseMedia eBPF program 3*1783903dSAndroid Build Coastguard Worker * 4*1783903dSAndroid Build Coastguard Worker * Copyright (C) 2021 Google 5*1783903dSAndroid Build Coastguard Worker * 6*1783903dSAndroid Build Coastguard Worker * This program is free software; you can redistribute it and/or 7*1783903dSAndroid Build Coastguard Worker * modify it under the terms of the GNU General Public License version 8*1783903dSAndroid Build Coastguard Worker * 2 as published by the Free Software Foundation. 9*1783903dSAndroid Build Coastguard Worker * 10*1783903dSAndroid Build Coastguard Worker * This program is distributed in the hope that it will be useful, 11*1783903dSAndroid Build Coastguard Worker * but WITHOUT ANY WARRANTY; without even the implied warranty of 12*1783903dSAndroid Build Coastguard Worker * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13*1783903dSAndroid Build Coastguard Worker * GNU General Public License for more details. 14*1783903dSAndroid Build Coastguard Worker * 15*1783903dSAndroid Build Coastguard Worker */ 16*1783903dSAndroid Build Coastguard Worker 17*1783903dSAndroid Build Coastguard Worker #include <android_bpf_defs.h> 18*1783903dSAndroid Build Coastguard Worker #include <stdint.h> 19*1783903dSAndroid Build Coastguard Worker #define __KERNEL__ 20*1783903dSAndroid Build Coastguard Worker #include <fuse_kernel.h> 21*1783903dSAndroid Build Coastguard Worker 22*1783903dSAndroid Build Coastguard Worker DEFINE_BPF_PROG("fuse/media", AID_ROOT, AID_MEDIA_RW, fuse_media) 23*1783903dSAndroid Build Coastguard Worker (struct fuse_bpf_args* fa) { 24*1783903dSAndroid Build Coastguard Worker switch (fa->opcode) { 25*1783903dSAndroid Build Coastguard Worker case FUSE_LOOKUP | FUSE_PREFILTER: { 26*1783903dSAndroid Build Coastguard Worker const char* name = fa->in_args[0].value; 27*1783903dSAndroid Build Coastguard Worker 28*1783903dSAndroid Build Coastguard Worker bpf_printk("LOOKUP_PREFILTER: %lx %s", fa->nodeid, name); 29*1783903dSAndroid Build Coastguard Worker return FUSE_BPF_BACKING | FUSE_BPF_POST_FILTER; 30*1783903dSAndroid Build Coastguard Worker } 31*1783903dSAndroid Build Coastguard Worker 32*1783903dSAndroid Build Coastguard Worker case FUSE_LOOKUP | FUSE_POSTFILTER: { 33*1783903dSAndroid Build Coastguard Worker struct fuse_entry_out* feo = fa->out_args[0].value; 34*1783903dSAndroid Build Coastguard Worker struct fuse_entry_bpf_out* febo = fa->out_args[1].value; 35*1783903dSAndroid Build Coastguard Worker uint64_t uid_gid = bpf_get_current_uid_gid(); 36*1783903dSAndroid Build Coastguard Worker uint32_t uid = uid_gid; 37*1783903dSAndroid Build Coastguard Worker uint32_t gid = uid_gid >> 32; 38*1783903dSAndroid Build Coastguard Worker 39*1783903dSAndroid Build Coastguard Worker febo->bpf_action = FUSE_ACTION_REMOVE; 40*1783903dSAndroid Build Coastguard Worker 41*1783903dSAndroid Build Coastguard Worker /* If the decision is easy, make it here for performance */ 42*1783903dSAndroid Build Coastguard Worker if (fa->error_in || (feo->attr.mode & 0001) || 43*1783903dSAndroid Build Coastguard Worker ((feo->attr.mode & 0010) && gid == feo->attr.gid) || 44*1783903dSAndroid Build Coastguard Worker ((feo->attr.mode & 0100) && uid == feo->attr.uid)) 45*1783903dSAndroid Build Coastguard Worker return 0; 46*1783903dSAndroid Build Coastguard Worker 47*1783903dSAndroid Build Coastguard Worker /* Delegate to the daemon */ 48*1783903dSAndroid Build Coastguard Worker return FUSE_BPF_USER_FILTER; 49*1783903dSAndroid Build Coastguard Worker } 50*1783903dSAndroid Build Coastguard Worker 51*1783903dSAndroid Build Coastguard Worker case FUSE_READDIR | FUSE_PREFILTER: { 52*1783903dSAndroid Build Coastguard Worker return FUSE_BPF_BACKING | FUSE_BPF_POST_FILTER; 53*1783903dSAndroid Build Coastguard Worker } 54*1783903dSAndroid Build Coastguard Worker 55*1783903dSAndroid Build Coastguard Worker case FUSE_READDIR | FUSE_POSTFILTER: { 56*1783903dSAndroid Build Coastguard Worker return FUSE_BPF_USER_FILTER; 57*1783903dSAndroid Build Coastguard Worker } 58*1783903dSAndroid Build Coastguard Worker 59*1783903dSAndroid Build Coastguard Worker default: 60*1783903dSAndroid Build Coastguard Worker return FUSE_BPF_BACKING; 61*1783903dSAndroid Build Coastguard Worker } 62*1783903dSAndroid Build Coastguard Worker } 63*1783903dSAndroid Build Coastguard Worker 64*1783903dSAndroid Build Coastguard Worker LICENSE("GPL"); 65