2015-02-05 02:50:50 +03:00
/*
* Copyright ( c ) 2015 Dmitry V . Levin < ldv @ altlinux . org >
* All rights reserved .
*
* Redistribution and use in source and binary forms , with or without
* modification , are permitted provided that the following conditions
* are met :
* 1. Redistributions of source code must retain the above copyright
* notice , this list of conditions and the following disclaimer .
* 2. Redistributions in binary form must reproduce the above copyright
* notice , this list of conditions and the following disclaimer in the
* documentation and / or other materials provided with the distribution .
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission .
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ` ` AS IS ' ' AND ANY EXPRESS OR
* IMPLIED WARRANTIES , INCLUDING , BUT NOT LIMITED TO , THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED .
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT , INDIRECT ,
* INCIDENTAL , SPECIAL , EXEMPLARY , OR CONSEQUENTIAL DAMAGES ( INCLUDING , BUT
* NOT LIMITED TO , PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES ; LOSS OF USE ,
* DATA , OR PROFITS ; OR BUSINESS INTERRUPTION ) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY , WHETHER IN CONTRACT , STRICT LIABILITY , OR TORT
* ( INCLUDING NEGLIGENCE OR OTHERWISE ) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE , EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE .
*/
# include "defs.h"
# ifdef HAVE_LINUX_SECCOMP_H
# include <linux / seccomp.h>
# endif
# include "xlat/seccomp_ops.h"
# include "xlat/seccomp_filter_flags.h"
# ifdef HAVE_LINUX_FILTER_H
# include <linux / filter.h>
# include "xlat / bpf_class.h"
# include "xlat / bpf_miscop.h"
# include "xlat / bpf_mode.h"
# include "xlat / bpf_op_alu.h"
# include "xlat / bpf_op_jmp.h"
# include "xlat / bpf_rval.h"
# include "xlat / bpf_size.h"
# include "xlat / bpf_src.h"
# ifndef SECCOMP_RET_ACTION
# define SECCOMP_RET_ACTION 0x7fff0000U
# endif
# include "xlat / seccomp_ret_action.h"
# endif
struct bpf_filter {
uint16_t code ;
uint8_t jt ;
uint8_t jf ;
uint32_t k ;
} ;
# ifdef HAVE_LINUX_FILTER_H
static void
decode_bpf_code ( uint16_t code )
{
uint16_t i = code & ~ BPF_CLASS ( code ) ;
printxval ( bpf_class , BPF_CLASS ( code ) , " BPF_??? " ) ;
switch ( BPF_CLASS ( code ) ) {
case BPF_LD :
case BPF_LDX :
2016-04-11 23:25:01 +03:00
tprints ( " | " ) ;
2015-02-05 02:50:50 +03:00
printxval ( bpf_size , BPF_SIZE ( code ) , " BPF_??? " ) ;
2016-04-11 23:25:01 +03:00
tprints ( " | " ) ;
2015-02-05 02:50:50 +03:00
printxval ( bpf_mode , BPF_MODE ( code ) , " BPF_??? " ) ;
break ;
case BPF_ST :
case BPF_STX :
if ( i )
2016-04-11 23:25:01 +03:00
tprintf ( " |%#x /* %s */ " , i , " BPF_??? " ) ;
2015-02-05 02:50:50 +03:00
break ;
case BPF_ALU :
2016-04-11 23:25:01 +03:00
tprints ( " | " ) ;
2015-02-05 02:50:50 +03:00
printxval ( bpf_src , BPF_SRC ( code ) , " BPF_??? " ) ;
2016-04-11 23:25:01 +03:00
tprints ( " | " ) ;
2015-02-05 02:50:50 +03:00
printxval ( bpf_op_alu , BPF_OP ( code ) , " BPF_??? " ) ;
break ;
case BPF_JMP :
2016-04-11 23:25:01 +03:00
tprints ( " | " ) ;
2015-02-05 02:50:50 +03:00
printxval ( bpf_src , BPF_SRC ( code ) , " BPF_??? " ) ;
2016-04-11 23:25:01 +03:00
tprints ( " | " ) ;
2015-02-05 02:50:50 +03:00
printxval ( bpf_op_jmp , BPF_OP ( code ) , " BPF_??? " ) ;
break ;
case BPF_RET :
2016-04-11 23:25:01 +03:00
tprints ( " | " ) ;
2015-02-05 02:50:50 +03:00
printxval ( bpf_rval , BPF_RVAL ( code ) , " BPF_??? " ) ;
i & = ~ BPF_RVAL ( code ) ;
if ( i )
2016-04-11 23:25:01 +03:00
tprintf ( " |%#x /* %s */ " , i , " BPF_??? " ) ;
2015-02-05 02:50:50 +03:00
break ;
case BPF_MISC :
2016-04-11 23:25:01 +03:00
tprints ( " | " ) ;
2015-02-05 02:50:50 +03:00
printxval ( bpf_miscop , BPF_MISCOP ( code ) , " BPF_??? " ) ;
i & = ~ BPF_MISCOP ( code ) ;
if ( i )
2016-04-11 23:25:01 +03:00
tprintf ( " |%#x /* %s */ " , i , " BPF_??? " ) ;
2015-02-05 02:50:50 +03:00
break ;
}
}
2016-05-08 02:11:52 +03:00
# endif /* HAVE_LINUX_FILTER_H */
2015-02-05 02:50:50 +03:00
static void
decode_bpf_stmt ( const struct bpf_filter * filter )
{
# ifdef HAVE_LINUX_FILTER_H
tprints ( " BPF_STMT( " ) ;
decode_bpf_code ( filter - > code ) ;
tprints ( " , " ) ;
if ( BPF_CLASS ( filter - > code ) = = BPF_RET ) {
unsigned int action = SECCOMP_RET_ACTION & filter - > k ;
unsigned int data = filter - > k & ~ action ;
printxval ( seccomp_ret_action , action , " SECCOMP_RET_??? " ) ;
if ( data )
2016-04-11 23:25:01 +03:00
tprintf ( " |%#x) " , data ) ;
2015-02-05 02:50:50 +03:00
else
tprints ( " ) " ) ;
} else {
tprintf ( " %#x) " , filter - > k ) ;
}
# else
tprintf ( " BPF_STMT(%#x, %#x) " , filter - > code , filter - > k ) ;
# endif /* HAVE_LINUX_FILTER_H */
}
static void
decode_bpf_jump ( const struct bpf_filter * filter )
{
# ifdef HAVE_LINUX_FILTER_H
tprints ( " BPF_JUMP( " ) ;
decode_bpf_code ( filter - > code ) ;
tprintf ( " , %#x, %#x, %#x) " ,
filter - > k , filter - > jt , filter - > jf ) ;
# else
tprintf ( " BPF_JUMP(%#x, %#x, %#x, %#x) " ,
filter - > code , filter - > k , filter - > jt , filter - > jf ) ;
# endif /* HAVE_LINUX_FILTER_H */
}
# ifndef BPF_MAXINSNS
# define BPF_MAXINSNS 4096
# endif
2016-05-08 02:11:52 +03:00
static bool
print_bpf_filter ( struct tcb * tcp , void * elem_buf , size_t elem_size , void * data )
2015-02-05 02:50:50 +03:00
{
2016-05-08 02:11:52 +03:00
const struct bpf_filter * filter = elem_buf ;
unsigned int * pn = data ;
if ( ( * pn ) + + > = BPF_MAXINSNS ) {
tprints ( " ... " ) ;
return false ;
2015-02-05 02:50:50 +03:00
}
2016-05-08 02:11:52 +03:00
if ( filter - > jt | | filter - > jf )
decode_bpf_jump ( filter ) ;
else
decode_bpf_stmt ( filter ) ;
return true ;
2016-04-12 03:05:43 +03:00
}
2016-05-12 17:23:50 +03:00
void
2016-05-08 02:11:52 +03:00
print_seccomp_fprog ( struct tcb * tcp , unsigned long addr , unsigned short len )
2016-04-12 03:05:43 +03:00
{
2016-05-08 02:11:52 +03:00
if ( abbrev ( tcp ) ) {
2016-04-12 03:05:43 +03:00
printaddr ( addr ) ;
2016-05-08 02:11:52 +03:00
} else {
unsigned int insns = 0 ;
struct bpf_filter filter ;
print_array ( tcp , addr , len , & filter , sizeof ( filter ) ,
umoven_or_printaddr , print_bpf_filter , & insns ) ;
}
2015-02-05 02:50:50 +03:00
}
2015-09-20 00:28:23 +03:00
# include "seccomp_fprog.h"
2015-02-05 02:50:50 +03:00
void
print_seccomp_filter ( struct tcb * tcp , unsigned long addr )
{
2015-09-20 00:28:23 +03:00
struct seccomp_fprog fprog ;
2016-05-12 17:23:50 +03:00
if ( fetch_seccomp_fprog ( tcp , addr , & fprog ) ) {
tprintf ( " {len=%hu, filter= " , fprog . len ) ;
2016-05-08 02:11:52 +03:00
print_seccomp_fprog ( tcp , fprog . filter , fprog . len ) ;
2016-05-12 17:23:50 +03:00
tprints ( " } " ) ;
}
2015-02-05 02:50:50 +03:00
}
static void
decode_seccomp_set_mode_strict ( unsigned int flags , unsigned long addr )
{
tprintf ( " %u, " , flags ) ;
2015-07-17 04:10:45 +03:00
printaddr ( addr ) ;
2015-02-05 02:50:50 +03:00
}
2015-04-07 04:36:50 +03:00
SYS_FUNC ( seccomp )
2015-02-05 02:50:50 +03:00
{
2015-07-17 04:14:51 +03:00
unsigned int op = tcp - > u_arg [ 0 ] ;
2015-02-05 02:50:50 +03:00
2015-07-17 04:14:51 +03:00
printxval ( seccomp_ops , op , " SECCOMP_SET_MODE_??? " ) ;
tprints ( " , " ) ;
2015-02-05 02:50:50 +03:00
2015-07-17 04:14:51 +03:00
if ( op = = SECCOMP_SET_MODE_FILTER ) {
printflags ( seccomp_filter_flags , tcp - > u_arg [ 1 ] ,
" SECCOMP_FILTER_FLAG_??? " ) ;
tprints ( " , " ) ;
print_seccomp_filter ( tcp , tcp - > u_arg [ 2 ] ) ;
} else {
decode_seccomp_set_mode_strict ( tcp - > u_arg [ 1 ] ,
tcp - > u_arg [ 2 ] ) ;
2015-02-05 02:50:50 +03:00
}
2015-07-17 04:14:51 +03:00
return RVAL_DECODED ;
2015-02-05 02:50:50 +03:00
}