Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
8ac270d1 WD |
2 | /* |
3 | * Seccomp BPF example using a macro-based generator. | |
4 | * | |
5 | * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org> | |
6 | * Author: Will Drewry <wad@chromium.org> | |
7 | * | |
8 | * The code may be used by anyone for any purpose, | |
9 | * and can serve as a starting point for developing | |
10 | * applications using prctl(PR_ATTACH_SECCOMP_FILTER). | |
11 | */ | |
12 | ||
13 | #include <linux/filter.h> | |
14 | #include <linux/seccomp.h> | |
15 | #include <linux/unistd.h> | |
16 | #include <stdio.h> | |
17 | #include <string.h> | |
18 | #include <sys/prctl.h> | |
19 | #include <unistd.h> | |
20 | ||
21 | #include "bpf-helper.h" | |
22 | ||
23 | #ifndef PR_SET_NO_NEW_PRIVS | |
24 | #define PR_SET_NO_NEW_PRIVS 38 | |
25 | #endif | |
26 | ||
27 | int main(int argc, char **argv) | |
28 | { | |
3a9af0bd KC |
29 | struct bpf_labels l = { |
30 | .count = 0, | |
31 | }; | |
8ac270d1 WD |
32 | static const char msg1[] = "Please type something: "; |
33 | static const char msg2[] = "You typed: "; | |
34 | char buf[256]; | |
35 | struct sock_filter filter[] = { | |
36 | /* TODO: LOAD_SYSCALL_NR(arch) and enforce an arch */ | |
37 | LOAD_SYSCALL_NR, | |
38 | SYSCALL(__NR_exit, ALLOW), | |
39 | SYSCALL(__NR_exit_group, ALLOW), | |
40 | SYSCALL(__NR_write, JUMP(&l, write_fd)), | |
41 | SYSCALL(__NR_read, JUMP(&l, read)), | |
42 | DENY, /* Don't passthrough into a label */ | |
43 | ||
44 | LABEL(&l, read), | |
45 | ARG(0), | |
46 | JNE(STDIN_FILENO, DENY), | |
47 | ARG(1), | |
48 | JNE((unsigned long)buf, DENY), | |
49 | ARG(2), | |
50 | JGE(sizeof(buf), DENY), | |
51 | ALLOW, | |
52 | ||
53 | LABEL(&l, write_fd), | |
54 | ARG(0), | |
55 | JEQ(STDOUT_FILENO, JUMP(&l, write_buf)), | |
56 | JEQ(STDERR_FILENO, JUMP(&l, write_buf)), | |
57 | DENY, | |
58 | ||
59 | LABEL(&l, write_buf), | |
60 | ARG(1), | |
61 | JEQ((unsigned long)msg1, JUMP(&l, msg1_len)), | |
62 | JEQ((unsigned long)msg2, JUMP(&l, msg2_len)), | |
63 | JEQ((unsigned long)buf, JUMP(&l, buf_len)), | |
64 | DENY, | |
65 | ||
66 | LABEL(&l, msg1_len), | |
67 | ARG(2), | |
68 | JLT(sizeof(msg1), ALLOW), | |
69 | DENY, | |
70 | ||
71 | LABEL(&l, msg2_len), | |
72 | ARG(2), | |
73 | JLT(sizeof(msg2), ALLOW), | |
74 | DENY, | |
75 | ||
76 | LABEL(&l, buf_len), | |
77 | ARG(2), | |
78 | JLT(sizeof(buf), ALLOW), | |
79 | DENY, | |
80 | }; | |
81 | struct sock_fprog prog = { | |
82 | .filter = filter, | |
83 | .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])), | |
84 | }; | |
85 | ssize_t bytes; | |
86 | bpf_resolve_jumps(&l, filter, sizeof(filter)/sizeof(*filter)); | |
87 | ||
88 | if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { | |
89 | perror("prctl(NO_NEW_PRIVS)"); | |
90 | return 1; | |
91 | } | |
92 | ||
93 | if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) { | |
94 | perror("prctl(SECCOMP)"); | |
95 | return 1; | |
96 | } | |
97 | syscall(__NR_write, STDOUT_FILENO, msg1, strlen(msg1)); | |
98 | bytes = syscall(__NR_read, STDIN_FILENO, buf, sizeof(buf)-1); | |
99 | bytes = (bytes > 0 ? bytes : 0); | |
100 | syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2)); | |
101 | syscall(__NR_write, STDERR_FILENO, buf, bytes); | |
102 | /* Now get killed */ | |
103 | syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2)+2); | |
104 | return 0; | |
105 | } |