Root/
| 1 | /* |
| 2 | * Seccomp filter example for x86 (32-bit and 64-bit) with BPF macros |
| 3 | * |
| 4 | * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org> |
| 5 | * Author: Will Drewry <wad@chromium.org> |
| 6 | * |
| 7 | * The code may be used by anyone for any purpose, |
| 8 | * and can serve as a starting point for developing |
| 9 | * applications using prctl(PR_SET_SECCOMP, 2, ...). |
| 10 | */ |
| 11 | #if defined(__i386__) || defined(__x86_64__) |
| 12 | #define SUPPORTED_ARCH 1 |
| 13 | #endif |
| 14 | |
| 15 | #if defined(SUPPORTED_ARCH) |
| 16 | #define __USE_GNU 1 |
| 17 | #define _GNU_SOURCE 1 |
| 18 | |
| 19 | #include <linux/types.h> |
| 20 | #include <linux/filter.h> |
| 21 | #include <linux/seccomp.h> |
| 22 | #include <linux/unistd.h> |
| 23 | #include <signal.h> |
| 24 | #include <stdio.h> |
| 25 | #include <stddef.h> |
| 26 | #include <string.h> |
| 27 | #include <sys/prctl.h> |
| 28 | #include <unistd.h> |
| 29 | |
| 30 | #define syscall_arg(_n) (offsetof(struct seccomp_data, args[_n])) |
| 31 | #define syscall_nr (offsetof(struct seccomp_data, nr)) |
| 32 | |
| 33 | #if defined(__i386__) |
| 34 | #define REG_RESULT REG_EAX |
| 35 | #define REG_SYSCALL REG_EAX |
| 36 | #define REG_ARG0 REG_EBX |
| 37 | #define REG_ARG1 REG_ECX |
| 38 | #define REG_ARG2 REG_EDX |
| 39 | #define REG_ARG3 REG_ESI |
| 40 | #define REG_ARG4 REG_EDI |
| 41 | #define REG_ARG5 REG_EBP |
| 42 | #elif defined(__x86_64__) |
| 43 | #define REG_RESULT REG_RAX |
| 44 | #define REG_SYSCALL REG_RAX |
| 45 | #define REG_ARG0 REG_RDI |
| 46 | #define REG_ARG1 REG_RSI |
| 47 | #define REG_ARG2 REG_RDX |
| 48 | #define REG_ARG3 REG_R10 |
| 49 | #define REG_ARG4 REG_R8 |
| 50 | #define REG_ARG5 REG_R9 |
| 51 | #endif |
| 52 | |
| 53 | #ifndef PR_SET_NO_NEW_PRIVS |
| 54 | #define PR_SET_NO_NEW_PRIVS 38 |
| 55 | #endif |
| 56 | |
| 57 | #ifndef SYS_SECCOMP |
| 58 | #define SYS_SECCOMP 1 |
| 59 | #endif |
| 60 | |
| 61 | static void emulator(int nr, siginfo_t *info, void *void_context) |
| 62 | { |
| 63 | ucontext_t *ctx = (ucontext_t *)(void_context); |
| 64 | int syscall; |
| 65 | char *buf; |
| 66 | ssize_t bytes; |
| 67 | size_t len; |
| 68 | if (info->si_code != SYS_SECCOMP) |
| 69 | return; |
| 70 | if (!ctx) |
| 71 | return; |
| 72 | syscall = ctx->uc_mcontext.gregs[REG_SYSCALL]; |
| 73 | buf = (char *) ctx->uc_mcontext.gregs[REG_ARG1]; |
| 74 | len = (size_t) ctx->uc_mcontext.gregs[REG_ARG2]; |
| 75 | |
| 76 | if (syscall != __NR_write) |
| 77 | return; |
| 78 | if (ctx->uc_mcontext.gregs[REG_ARG0] != STDERR_FILENO) |
| 79 | return; |
| 80 | /* Redirect stderr messages to stdout. Doesn't handle EINTR, etc */ |
| 81 | ctx->uc_mcontext.gregs[REG_RESULT] = -1; |
| 82 | if (write(STDOUT_FILENO, "[ERR] ", 6) > 0) { |
| 83 | bytes = write(STDOUT_FILENO, buf, len); |
| 84 | ctx->uc_mcontext.gregs[REG_RESULT] = bytes; |
| 85 | } |
| 86 | return; |
| 87 | } |
| 88 | |
| 89 | static int install_emulator(void) |
| 90 | { |
| 91 | struct sigaction act; |
| 92 | sigset_t mask; |
| 93 | memset(&act, 0, sizeof(act)); |
| 94 | sigemptyset(&mask); |
| 95 | sigaddset(&mask, SIGSYS); |
| 96 | |
| 97 | act.sa_sigaction = &emulator; |
| 98 | act.sa_flags = SA_SIGINFO; |
| 99 | if (sigaction(SIGSYS, &act, NULL) < 0) { |
| 100 | perror("sigaction"); |
| 101 | return -1; |
| 102 | } |
| 103 | if (sigprocmask(SIG_UNBLOCK, &mask, NULL)) { |
| 104 | perror("sigprocmask"); |
| 105 | return -1; |
| 106 | } |
| 107 | return 0; |
| 108 | } |
| 109 | |
| 110 | static int install_filter(void) |
| 111 | { |
| 112 | struct sock_filter filter[] = { |
| 113 | /* Grab the system call number */ |
| 114 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_nr), |
| 115 | /* Jump table for the allowed syscalls */ |
| 116 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_rt_sigreturn, 0, 1), |
| 117 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), |
| 118 | #ifdef __NR_sigreturn |
| 119 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_sigreturn, 0, 1), |
| 120 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), |
| 121 | #endif |
| 122 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_exit_group, 0, 1), |
| 123 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), |
| 124 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_exit, 0, 1), |
| 125 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), |
| 126 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_read, 1, 0), |
| 127 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_write, 3, 2), |
| 128 | |
| 129 | /* Check that read is only using stdin. */ |
| 130 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_arg(0)), |
| 131 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, STDIN_FILENO, 4, 0), |
| 132 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL), |
| 133 | |
| 134 | /* Check that write is only using stdout */ |
| 135 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_arg(0)), |
| 136 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, STDOUT_FILENO, 1, 0), |
| 137 | /* Trap attempts to write to stderr */ |
| 138 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, STDERR_FILENO, 1, 2), |
| 139 | |
| 140 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), |
| 141 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_TRAP), |
| 142 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL), |
| 143 | }; |
| 144 | struct sock_fprog prog = { |
| 145 | .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])), |
| 146 | .filter = filter, |
| 147 | }; |
| 148 | |
| 149 | if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { |
| 150 | perror("prctl(NO_NEW_PRIVS)"); |
| 151 | return 1; |
| 152 | } |
| 153 | |
| 154 | |
| 155 | if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) { |
| 156 | perror("prctl"); |
| 157 | return 1; |
| 158 | } |
| 159 | return 0; |
| 160 | } |
| 161 | |
| 162 | #define payload(_c) (_c), sizeof((_c)) |
| 163 | int main(int argc, char **argv) |
| 164 | { |
| 165 | char buf[4096]; |
| 166 | ssize_t bytes = 0; |
| 167 | if (install_emulator()) |
| 168 | return 1; |
| 169 | if (install_filter()) |
| 170 | return 1; |
| 171 | syscall(__NR_write, STDOUT_FILENO, |
| 172 | payload("OHAI! WHAT IS YOUR NAME? ")); |
| 173 | bytes = syscall(__NR_read, STDIN_FILENO, buf, sizeof(buf)); |
| 174 | syscall(__NR_write, STDOUT_FILENO, payload("HELLO, ")); |
| 175 | syscall(__NR_write, STDOUT_FILENO, buf, bytes); |
| 176 | syscall(__NR_write, STDERR_FILENO, |
| 177 | payload("Error message going to STDERR\n")); |
| 178 | return 0; |
| 179 | } |
| 180 | #else /* SUPPORTED_ARCH */ |
| 181 | /* |
| 182 | * This sample is x86-only. Since kernel samples are compiled with the |
| 183 | * host toolchain, a non-x86 host will result in using only the main() |
| 184 | * below. |
| 185 | */ |
| 186 | int main(void) |
| 187 | { |
| 188 | return 1; |
| 189 | } |
| 190 | #endif /* SUPPORTED_ARCH */ |
| 191 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9
