From e93fc4937af1881a7e230b2eca42de7f112327d6 Mon Sep 17 00:00:00 2001
From: zhanghan2021 <zhanghan@kylinos.cn>
Date: Mon, 3 Jul 2023 10:16:18 +0800
Subject: [PATCH] define inline tarce allowed func for opensnoop module

---
 src/opensnoop/opensnoop.bpf.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/opensnoop/opensnoop.bpf.c b/src/opensnoop/opensnoop.bpf.c
index c5c1b33d..1c22e307 100644
--- a/src/opensnoop/opensnoop.bpf.c
+++ b/src/opensnoop/opensnoop.bpf.c
@@ -18,3 +18,24 @@ struct
     __type(key, u32);
     __type(value, struct args_t);
 } start SEC(".maps");
+
+static __always_inline bool valid_uid(uid_t uid)
+{
+    return uid != INVALID_UID;
+}
+
+static __always_inline bool trace_allowed(u32 tgid, u32 pid)
+{
+    if (target_pid && target_pid != pid)
+        return false;
+    if (target_tgid && target_tgid != tgid)
+        return false;
+    if (valid_uid(target_uid))
+    {
+        uid_t uid = (u32)bpf_get_current_uid_gid();
+
+        if (target_uid != uid)
+            return false;
+    }
+    return true;
+}
-- 
Gitee