2015-12-17 20:56:48 +03:00
/*
Generalize seccomp filter parser
Linux socket filter uses almost the same classic BPF as seccomp filter,
The only difference noticeable from strace PoV is the meaning of generic
multiuse field.
Transform the parser of seccomp filters to a more generic parser
of classic BPF, parametrized with a method of parsing the generic
multiuse field in BPF_STMT.
* bpf_filter.c: New file.
* bpf_filter.h: Likewise.
* bpf_fprog.h: Likewise.
* bpf_seccomp_filter.c: Likewise.
* fetch_bpf_fprog.c: Likewise.
* fetch_seccomp_fprog.c: Remove.
* seccomp_fprog.h: Likewise.
* Makefile.am (strace_SOURCES): Add bpf_filter.c, bpf_filter.h,
bpf_fprog.h, bpf_seccomp_filter.c, and fetch_bpf_fprog.c.
Remove fetch_seccomp_fprog.c and seccomp_fprog.h.
* seccomp.c: Do not include linux/filter.h and xlat header files.
Do not define SECCOMP_RET_ACTION.
(bpf_filter, decode_bpf_code, decode_bpf_stmt, decode_bpf_jump,
print_bpf_filter, print_seccomp_fprog, print_seccomp_filter): Remove.
* defs.h (print_seccomp_filter): Rename to decode_seccomp_fprog.
(SYS_FUNC(seccomp)): Replace print_seccomp_filter
with decode_seccomp_fprog.
* prctl.c (SYS_FUNC(prctl)): Likewise.
2017-07-08 04:49:00 +03:00
* Decoder of seccomp filter programs .
*
2018-12-25 02:46:43 +03:00
* Copyright ( c ) 2015 - 2018 Dmitry V . Levin < ldv @ altlinux . org >
2015-12-17 20:56:48 +03:00
* All rights reserved .
*
2018-12-10 03:00:00 +03:00
* SPDX - License - Identifier : LGPL - 2.1 - or - later
2015-12-17 20:56:48 +03:00
*/
2015-09-20 00:28:23 +03:00
# include "defs.h"
Generalize seccomp filter parser
Linux socket filter uses almost the same classic BPF as seccomp filter,
The only difference noticeable from strace PoV is the meaning of generic
multiuse field.
Transform the parser of seccomp filters to a more generic parser
of classic BPF, parametrized with a method of parsing the generic
multiuse field in BPF_STMT.
* bpf_filter.c: New file.
* bpf_filter.h: Likewise.
* bpf_fprog.h: Likewise.
* bpf_seccomp_filter.c: Likewise.
* fetch_bpf_fprog.c: Likewise.
* fetch_seccomp_fprog.c: Remove.
* seccomp_fprog.h: Likewise.
* Makefile.am (strace_SOURCES): Add bpf_filter.c, bpf_filter.h,
bpf_fprog.h, bpf_seccomp_filter.c, and fetch_bpf_fprog.c.
Remove fetch_seccomp_fprog.c and seccomp_fprog.h.
* seccomp.c: Do not include linux/filter.h and xlat header files.
Do not define SECCOMP_RET_ACTION.
(bpf_filter, decode_bpf_code, decode_bpf_stmt, decode_bpf_jump,
print_bpf_filter, print_seccomp_fprog, print_seccomp_filter): Remove.
* defs.h (print_seccomp_filter): Rename to decode_seccomp_fprog.
(SYS_FUNC(seccomp)): Replace print_seccomp_filter
with decode_seccomp_fprog.
* prctl.c (SYS_FUNC(prctl)): Likewise.
2017-07-08 04:49:00 +03:00
# include "bpf_filter.h"
2015-09-20 00:28:23 +03:00
Generalize seccomp filter parser
Linux socket filter uses almost the same classic BPF as seccomp filter,
The only difference noticeable from strace PoV is the meaning of generic
multiuse field.
Transform the parser of seccomp filters to a more generic parser
of classic BPF, parametrized with a method of parsing the generic
multiuse field in BPF_STMT.
* bpf_filter.c: New file.
* bpf_filter.h: Likewise.
* bpf_fprog.h: Likewise.
* bpf_seccomp_filter.c: Likewise.
* fetch_bpf_fprog.c: Likewise.
* fetch_seccomp_fprog.c: Remove.
* seccomp_fprog.h: Likewise.
* Makefile.am (strace_SOURCES): Add bpf_filter.c, bpf_filter.h,
bpf_fprog.h, bpf_seccomp_filter.c, and fetch_bpf_fprog.c.
Remove fetch_seccomp_fprog.c and seccomp_fprog.h.
* seccomp.c: Do not include linux/filter.h and xlat header files.
Do not define SECCOMP_RET_ACTION.
(bpf_filter, decode_bpf_code, decode_bpf_stmt, decode_bpf_jump,
print_bpf_filter, print_seccomp_fprog, print_seccomp_filter): Remove.
* defs.h (print_seccomp_filter): Rename to decode_seccomp_fprog.
(SYS_FUNC(seccomp)): Replace print_seccomp_filter
with decode_seccomp_fprog.
* prctl.c (SYS_FUNC(prctl)): Likewise.
2017-07-08 04:49:00 +03:00
# include <linux/filter.h>
# ifdef HAVE_LINUX_SECCOMP_H
# include <linux / seccomp.h>
# endif
2017-11-01 05:05:41 +03:00
# ifndef SECCOMP_RET_ACTION_FULL
# define SECCOMP_RET_ACTION_FULL 0xffff0000U
Generalize seccomp filter parser
Linux socket filter uses almost the same classic BPF as seccomp filter,
The only difference noticeable from strace PoV is the meaning of generic
multiuse field.
Transform the parser of seccomp filters to a more generic parser
of classic BPF, parametrized with a method of parsing the generic
multiuse field in BPF_STMT.
* bpf_filter.c: New file.
* bpf_filter.h: Likewise.
* bpf_fprog.h: Likewise.
* bpf_seccomp_filter.c: Likewise.
* fetch_bpf_fprog.c: Likewise.
* fetch_seccomp_fprog.c: Remove.
* seccomp_fprog.h: Likewise.
* Makefile.am (strace_SOURCES): Add bpf_filter.c, bpf_filter.h,
bpf_fprog.h, bpf_seccomp_filter.c, and fetch_bpf_fprog.c.
Remove fetch_seccomp_fprog.c and seccomp_fprog.h.
* seccomp.c: Do not include linux/filter.h and xlat header files.
Do not define SECCOMP_RET_ACTION.
(bpf_filter, decode_bpf_code, decode_bpf_stmt, decode_bpf_jump,
print_bpf_filter, print_seccomp_fprog, print_seccomp_filter): Remove.
* defs.h (print_seccomp_filter): Rename to decode_seccomp_fprog.
(SYS_FUNC(seccomp)): Replace print_seccomp_filter
with decode_seccomp_fprog.
* prctl.c (SYS_FUNC(prctl)): Likewise.
2017-07-08 04:49:00 +03:00
# endif
# include "xlat/seccomp_ret_action.h"
2015-09-20 00:28:23 +03:00
Generalize seccomp filter parser
Linux socket filter uses almost the same classic BPF as seccomp filter,
The only difference noticeable from strace PoV is the meaning of generic
multiuse field.
Transform the parser of seccomp filters to a more generic parser
of classic BPF, parametrized with a method of parsing the generic
multiuse field in BPF_STMT.
* bpf_filter.c: New file.
* bpf_filter.h: Likewise.
* bpf_fprog.h: Likewise.
* bpf_seccomp_filter.c: Likewise.
* fetch_bpf_fprog.c: Likewise.
* fetch_seccomp_fprog.c: Remove.
* seccomp_fprog.h: Likewise.
* Makefile.am (strace_SOURCES): Add bpf_filter.c, bpf_filter.h,
bpf_fprog.h, bpf_seccomp_filter.c, and fetch_bpf_fprog.c.
Remove fetch_seccomp_fprog.c and seccomp_fprog.h.
* seccomp.c: Do not include linux/filter.h and xlat header files.
Do not define SECCOMP_RET_ACTION.
(bpf_filter, decode_bpf_code, decode_bpf_stmt, decode_bpf_jump,
print_bpf_filter, print_seccomp_fprog, print_seccomp_filter): Remove.
* defs.h (print_seccomp_filter): Rename to decode_seccomp_fprog.
(SYS_FUNC(seccomp)): Replace print_seccomp_filter
with decode_seccomp_fprog.
* prctl.c (SYS_FUNC(prctl)): Likewise.
2017-07-08 04:49:00 +03:00
static bool
print_seccomp_filter_k ( const struct bpf_filter_block * const fp )
2015-09-20 00:28:23 +03:00
{
Generalize seccomp filter parser
Linux socket filter uses almost the same classic BPF as seccomp filter,
The only difference noticeable from strace PoV is the meaning of generic
multiuse field.
Transform the parser of seccomp filters to a more generic parser
of classic BPF, parametrized with a method of parsing the generic
multiuse field in BPF_STMT.
* bpf_filter.c: New file.
* bpf_filter.h: Likewise.
* bpf_fprog.h: Likewise.
* bpf_seccomp_filter.c: Likewise.
* fetch_bpf_fprog.c: Likewise.
* fetch_seccomp_fprog.c: Remove.
* seccomp_fprog.h: Likewise.
* Makefile.am (strace_SOURCES): Add bpf_filter.c, bpf_filter.h,
bpf_fprog.h, bpf_seccomp_filter.c, and fetch_bpf_fprog.c.
Remove fetch_seccomp_fprog.c and seccomp_fprog.h.
* seccomp.c: Do not include linux/filter.h and xlat header files.
Do not define SECCOMP_RET_ACTION.
(bpf_filter, decode_bpf_code, decode_bpf_stmt, decode_bpf_jump,
print_bpf_filter, print_seccomp_fprog, print_seccomp_filter): Remove.
* defs.h (print_seccomp_filter): Rename to decode_seccomp_fprog.
(SYS_FUNC(seccomp)): Replace print_seccomp_filter
with decode_seccomp_fprog.
* prctl.c (SYS_FUNC(prctl)): Likewise.
2017-07-08 04:49:00 +03:00
if ( BPF_CLASS ( fp - > code ) = = BPF_RET ) {
2017-11-01 05:05:41 +03:00
unsigned int action = SECCOMP_RET_ACTION_FULL & fp - > k ;
Generalize seccomp filter parser
Linux socket filter uses almost the same classic BPF as seccomp filter,
The only difference noticeable from strace PoV is the meaning of generic
multiuse field.
Transform the parser of seccomp filters to a more generic parser
of classic BPF, parametrized with a method of parsing the generic
multiuse field in BPF_STMT.
* bpf_filter.c: New file.
* bpf_filter.h: Likewise.
* bpf_fprog.h: Likewise.
* bpf_seccomp_filter.c: Likewise.
* fetch_bpf_fprog.c: Likewise.
* fetch_seccomp_fprog.c: Remove.
* seccomp_fprog.h: Likewise.
* Makefile.am (strace_SOURCES): Add bpf_filter.c, bpf_filter.h,
bpf_fprog.h, bpf_seccomp_filter.c, and fetch_bpf_fprog.c.
Remove fetch_seccomp_fprog.c and seccomp_fprog.h.
* seccomp.c: Do not include linux/filter.h and xlat header files.
Do not define SECCOMP_RET_ACTION.
(bpf_filter, decode_bpf_code, decode_bpf_stmt, decode_bpf_jump,
print_bpf_filter, print_seccomp_fprog, print_seccomp_filter): Remove.
* defs.h (print_seccomp_filter): Rename to decode_seccomp_fprog.
(SYS_FUNC(seccomp)): Replace print_seccomp_filter
with decode_seccomp_fprog.
* prctl.c (SYS_FUNC(prctl)): Likewise.
2017-07-08 04:49:00 +03:00
unsigned int data = fp - > k & ~ action ;
printxval ( seccomp_ret_action , action , " SECCOMP_RET_??? " ) ;
if ( data )
tprintf ( " |%#x " , data ) ;
return true ;
}
2015-09-20 00:28:23 +03:00
Generalize seccomp filter parser
Linux socket filter uses almost the same classic BPF as seccomp filter,
The only difference noticeable from strace PoV is the meaning of generic
multiuse field.
Transform the parser of seccomp filters to a more generic parser
of classic BPF, parametrized with a method of parsing the generic
multiuse field in BPF_STMT.
* bpf_filter.c: New file.
* bpf_filter.h: Likewise.
* bpf_fprog.h: Likewise.
* bpf_seccomp_filter.c: Likewise.
* fetch_bpf_fprog.c: Likewise.
* fetch_seccomp_fprog.c: Remove.
* seccomp_fprog.h: Likewise.
* Makefile.am (strace_SOURCES): Add bpf_filter.c, bpf_filter.h,
bpf_fprog.h, bpf_seccomp_filter.c, and fetch_bpf_fprog.c.
Remove fetch_seccomp_fprog.c and seccomp_fprog.h.
* seccomp.c: Do not include linux/filter.h and xlat header files.
Do not define SECCOMP_RET_ACTION.
(bpf_filter, decode_bpf_code, decode_bpf_stmt, decode_bpf_jump,
print_bpf_filter, print_seccomp_fprog, print_seccomp_filter): Remove.
* defs.h (print_seccomp_filter): Rename to decode_seccomp_fprog.
(SYS_FUNC(seccomp)): Replace print_seccomp_filter
with decode_seccomp_fprog.
* prctl.c (SYS_FUNC(prctl)): Likewise.
2017-07-08 04:49:00 +03:00
return false ;
}
2015-09-20 00:28:23 +03:00
Generalize seccomp filter parser
Linux socket filter uses almost the same classic BPF as seccomp filter,
The only difference noticeable from strace PoV is the meaning of generic
multiuse field.
Transform the parser of seccomp filters to a more generic parser
of classic BPF, parametrized with a method of parsing the generic
multiuse field in BPF_STMT.
* bpf_filter.c: New file.
* bpf_filter.h: Likewise.
* bpf_fprog.h: Likewise.
* bpf_seccomp_filter.c: Likewise.
* fetch_bpf_fprog.c: Likewise.
* fetch_seccomp_fprog.c: Remove.
* seccomp_fprog.h: Likewise.
* Makefile.am (strace_SOURCES): Add bpf_filter.c, bpf_filter.h,
bpf_fprog.h, bpf_seccomp_filter.c, and fetch_bpf_fprog.c.
Remove fetch_seccomp_fprog.c and seccomp_fprog.h.
* seccomp.c: Do not include linux/filter.h and xlat header files.
Do not define SECCOMP_RET_ACTION.
(bpf_filter, decode_bpf_code, decode_bpf_stmt, decode_bpf_jump,
print_bpf_filter, print_seccomp_fprog, print_seccomp_filter): Remove.
* defs.h (print_seccomp_filter): Rename to decode_seccomp_fprog.
(SYS_FUNC(seccomp)): Replace print_seccomp_filter
with decode_seccomp_fprog.
* prctl.c (SYS_FUNC(prctl)): Likewise.
2017-07-08 04:49:00 +03:00
void
print_seccomp_fprog ( struct tcb * const tcp , const kernel_ulong_t addr ,
const unsigned short len )
{
print_bpf_fprog ( tcp , addr , len , print_seccomp_filter_k ) ;
}
2015-09-20 00:28:23 +03:00
Generalize seccomp filter parser
Linux socket filter uses almost the same classic BPF as seccomp filter,
The only difference noticeable from strace PoV is the meaning of generic
multiuse field.
Transform the parser of seccomp filters to a more generic parser
of classic BPF, parametrized with a method of parsing the generic
multiuse field in BPF_STMT.
* bpf_filter.c: New file.
* bpf_filter.h: Likewise.
* bpf_fprog.h: Likewise.
* bpf_seccomp_filter.c: Likewise.
* fetch_bpf_fprog.c: Likewise.
* fetch_seccomp_fprog.c: Remove.
* seccomp_fprog.h: Likewise.
* Makefile.am (strace_SOURCES): Add bpf_filter.c, bpf_filter.h,
bpf_fprog.h, bpf_seccomp_filter.c, and fetch_bpf_fprog.c.
Remove fetch_seccomp_fprog.c and seccomp_fprog.h.
* seccomp.c: Do not include linux/filter.h and xlat header files.
Do not define SECCOMP_RET_ACTION.
(bpf_filter, decode_bpf_code, decode_bpf_stmt, decode_bpf_jump,
print_bpf_filter, print_seccomp_fprog, print_seccomp_filter): Remove.
* defs.h (print_seccomp_filter): Rename to decode_seccomp_fprog.
(SYS_FUNC(seccomp)): Replace print_seccomp_filter
with decode_seccomp_fprog.
* prctl.c (SYS_FUNC(prctl)): Likewise.
2017-07-08 04:49:00 +03:00
void
decode_seccomp_fprog ( struct tcb * const tcp , const kernel_ulong_t addr )
{
decode_bpf_fprog ( tcp , addr , print_seccomp_filter_k ) ;
2015-09-20 00:28:23 +03:00
}