bpf: Add a BPF helper for getting the IMA hash of an inode Provide a wrapper function to get the IMA hash of an inode. This helper is useful in fingerprinting files (e.g executables on execution) and using these fingerprints in detections like an executable unlinking itself. Since the ima_inode_hash can sleep, it's only allowed for sleepable LSM hooks. Signed-off-by: KP Singh <kpsingh@google.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/bpf/20201124151210.1081188-3-kpsingh@chromium.org

commit: 27672f0d280a3f286a410a8db2004f46ace72a17 [log] [tgz]
author: KP Singh <kpsingh@google.com> Tue Nov 24 15:12:09 2020 +0000
committer: Daniel Borkmann <daniel@iogearbox.net> Thu Nov 26 00:04:04 2020 +0100
tree: 04cce21fa652d2576937ea9e0b8c6378c7d96062
parent: 403319be5de51167cd70ddf594b76c95e6d26844 [diff] [blame]
diff --git a/scripts/bpf_helpers_doc.py b/scripts/bpf_helpers_doc.py
index c5bc947..8b829748 100755
--- a/scripts/bpf_helpers_doc.py
+++ b/scripts/bpf_helpers_doc.py

@@ -436,6 +436,7 @@
             'struct xdp_md',
             'struct path',
             'struct btf_ptr',
+            'struct inode',
     ]
     known_types = {
             '...',
@@ -480,6 +481,7 @@
             'struct task_struct',
             'struct path',
             'struct btf_ptr',
+            'struct inode',
     }
     mapped_types = {
             'u8': '__u8',
commit	27672f0d280a3f286a410a8db2004f46ace72a17	[log] [tgz]
author	KP Singh <kpsingh@google.com>	Tue Nov 24 15:12:09 2020 +0000
committer	Daniel Borkmann <daniel@iogearbox.net>	Thu Nov 26 00:04:04 2020 +0100
tree	04cce21fa652d2576937ea9e0b8c6378c7d96062
parent	403319be5de51167cd70ddf594b76c95e6d26844 [diff] [blame]