kernel: use rename lsm hook

kernel/kprobe_hook.c

@@ -21,26 +21,50 @@ static int handler_pre(struct kprobe *p, struct pt_regs *regs)
 	return ksu_handle_prctl(option, arg2, arg3, arg4, arg5);
 }
 
-static struct kprobe kp = {
+static struct kprobe prctl_kp = {
 	.symbol_name = PRCTL_SYMBOL,
 	.pre_handler = handler_pre,
 };
 
+static int renameat_handler_pre(struct kprobe *p, struct pt_regs *regs)
+{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 12, 0)
+	// https://elixir.bootlin.com/linux/v5.12-rc1/source/include/linux/fs.h
+	struct renamedata *rd = PT_REGS_PARM1(regs);
+	struct dentry *old_entry = rd->old_dentry;
+	struct dentry *new_entry = rd->new_dentry;
+#else
+	struct dentry *old_entry = PT_REGS_PARM2(regs);
+	struct dentry *new_entry = PT_REGS_PARM4(regs);
+#endif
+
+	return ksu_handle_rename(old_entry, new_entry);
+}
+
+static struct kprobe renameat_kp = {
+	.symbol_name = "vfs_rename",
+	.pre_handler = renameat_handler_pre,
+};
+
 __maybe_unused int ksu_kprobe_init()
 {
 	int rc = 0;
-	rc = register_kprobe(&kp);
+	rc = register_kprobe(&prctl_kp);
 
 	if (rc) {
-		pr_info("prctl kprobe failed: %d, please check your kernel config.\n",
-			rc);
+		pr_info("prctl kprobe failed: %d.\n", rc);
 		return rc;
 	}
 
-    return rc;
+	rc = register_kprobe(&renameat_kp);
+	pr_info("renameat kp: %d\n", rc);
+
+	return rc;
 }
 
-__maybe_unused int ksu_kprobe_exit() {
-	unregister_kprobe(&kp);
-    return 0;
+__maybe_unused int ksu_kprobe_exit()
+{
+	unregister_kprobe(&prctl_kp);
+	unregister_kprobe(&renameat_kp);
+	return 0;
 }