LXR linux/samples/seccomp/bpf-fancy.c

   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * Seccomp BPF example using a macro-based generator.
   4 *
   5 * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org>
   6 * Author: Will Drewry <wad@chromium.org>
   7 *
   8 * The code may be used by anyone for any purpose,
   9 * and can serve as a starting point for developing
  10 * applications using prctl(PR_ATTACH_SECCOMP_FILTER).
  11 */
  12
  13#include <linux/filter.h>
  14#include <linux/seccomp.h>
  15#include <linux/unistd.h>
  16#include <stdio.h>
  17#include <string.h>
  18#include <sys/prctl.h>
  19#include <unistd.h>
  20
  21#include "bpf-helper.h"
  22
  23#ifndef PR_SET_NO_NEW_PRIVS
  24#define PR_SET_NO_NEW_PRIVS 38
  25#endif
  26
  27int main(int argc, char **argv)
  28{
  29        struct bpf_labels l = {
  30                .count = 0,
  31        };
  32        static const char msg1[] = "Please type something: ";
  33        static const char msg2[] = "You typed: ";
  34        char buf[256];
  35        struct sock_filter filter[] = {
  36                /* TODO: LOAD_SYSCALL_NR(arch) and enforce an arch */
  37                LOAD_SYSCALL_NR,
  38                SYSCALL(__NR_exit, ALLOW),
  39                SYSCALL(__NR_exit_group, ALLOW),
  40                SYSCALL(__NR_write, JUMP(&l, write_fd)),
  41                SYSCALL(__NR_read, JUMP(&l, read)),
  42                DENY,  /* Don't passthrough into a label */
  43
  44                LABEL(&l, read),
  45                ARG(0),
  46                JNE(STDIN_FILENO, DENY),
  47                ARG(1),
  48                JNE((unsigned long)buf, DENY),
  49                ARG(2),
  50                JGE(sizeof(buf), DENY),
  51                ALLOW,
  52
  53                LABEL(&l, write_fd),
  54                ARG(0),
  55                JEQ(STDOUT_FILENO, JUMP(&l, write_buf)),
  56                JEQ(STDERR_FILENO, JUMP(&l, write_buf)),
  57                DENY,
  58
  59                LABEL(&l, write_buf),
  60                ARG(1),
  61                JEQ((unsigned long)msg1, JUMP(&l, msg1_len)),
  62                JEQ((unsigned long)msg2, JUMP(&l, msg2_len)),
  63                JEQ((unsigned long)buf, JUMP(&l, buf_len)),
  64                DENY,
  65
  66                LABEL(&l, msg1_len),
  67                ARG(2),
  68                JLT(sizeof(msg1), ALLOW),
  69                DENY,
  70
  71                LABEL(&l, msg2_len),
  72                ARG(2),
  73                JLT(sizeof(msg2), ALLOW),
  74                DENY,
  75
  76                LABEL(&l, buf_len),
  77                ARG(2),
  78                JLT(sizeof(buf), ALLOW),
  79                DENY,
  80        };
  81        struct sock_fprog prog = {
  82                .filter = filter,
  83                .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),
  84        };
  85        ssize_t bytes;
  86        bpf_resolve_jumps(&l, filter, sizeof(filter)/sizeof(*filter));
  87
  88        if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
  89                perror("prctl(NO_NEW_PRIVS)");
  90                return 1;
  91        }
  92
  93        if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) {
  94                perror("prctl(SECCOMP)");
  95                return 1;
  96        }
  97        syscall(__NR_write, STDOUT_FILENO, msg1, strlen(msg1));
  98        bytes = syscall(__NR_read, STDIN_FILENO, buf, sizeof(buf)-1);
  99        bytes = (bytes > 0 ? bytes : 0);
 100        syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2));
 101        syscall(__NR_write, STDERR_FILENO, buf, bytes);
 102        /* Now get killed */
 103        syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2)+2);
 104        return 0;
 105}
 106