1// SPDX-License-Identifier: GPL-2.0 2/* Copyright (c) 2024 Meta Platforms, Inc. and affiliates. */ 3 4#include "vmlinux.h" 5#include <bpf/bpf_helpers.h> 6#include <bpf/bpf_tracing.h> 7 8char _license[] SEC("license") = "GPL"; 9 10int my_pid; 11bool reject_capable; 12bool reject_cmd; 13 14SEC("lsm/bpf_token_capable") 15int BPF_PROG(token_capable, struct bpf_token *token, int cap) 16{ 17 if (my_pid == 0 || my_pid != (bpf_get_current_pid_tgid() >> 32)) 18 return 0; 19 if (reject_capable) 20 return -1; 21 return 0; 22} 23 24SEC("lsm/bpf_token_cmd") 25int BPF_PROG(token_cmd, struct bpf_token *token, enum bpf_cmd cmd) 26{ 27 if (my_pid == 0 || my_pid != (bpf_get_current_pid_tgid() >> 32)) 28 return 0; 29 if (reject_cmd) 30 return -1; 31 return 0; 32} 33