samples/seccomp/bpf-fancy.c

   1 /*
   2  * Seccomp BPF example using a macro-based generator.
   3  *
   4  * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org>
   5  * Author: Will Drewry <wad@chromium.org>
   6  *
   7  * The code may be used by anyone for any purpose,
   8  * and can serve as a starting point for developing
   9  * applications using prctl(PR_ATTACH_SECCOMP_FILTER).
  10  */
  11
  12 #include <linux/filter.h>
  13 #include <linux/seccomp.h>
  14 #include <linux/unistd.h>
  15 #include <stdio.h>
  16 #include <string.h>
  17 #include <sys/prctl.h>
  18 #include <unistd.h>
  19
  20 #include "bpf-helper.h"
  21
  22 #ifndef PR_SET_NO_NEW_PRIVS
  23 #define PR_SET_NO_NEW_PRIVS 38
  24 #endif
  25
  26 int main(int argc, char **argv)
  27 {
  28         struct bpf_labels l;
  29         static const char msg1[] = "Please type something: ";
  30         static const char msg2[] = "You typed: ";
  31         char buf[256];
  32         struct sock_filter filter[] = {
  33                 /* TODO: LOAD_SYSCALL_NR(arch) and enforce an arch */
  34                 LOAD_SYSCALL_NR,
  35                 SYSCALL(__NR_exit, ALLOW),
  36                 SYSCALL(__NR_exit_group, ALLOW),
  37                 SYSCALL(__NR_write, JUMP(&l, write_fd)),
  38                 SYSCALL(__NR_read, JUMP(&l, read)),
  39                 DENY,  /* Don't passthrough into a label */
  40
  41                 LABEL(&l, read),
  42                 ARG(0),
  43                 JNE(STDIN_FILENO, DENY),
  44                 ARG(1),
  45                 JNE((unsigned long)buf, DENY),
  46                 ARG(2),
  47                 JGE(sizeof(buf), DENY),
  48                 ALLOW,
  49
  50                 LABEL(&l, write_fd),
  51                 ARG(0),
  52                 JEQ(STDOUT_FILENO, JUMP(&l, write_buf)),
  53                 JEQ(STDERR_FILENO, JUMP(&l, write_buf)),
  54                 DENY,
  55
  56                 LABEL(&l, write_buf),
  57                 ARG(1),
  58                 JEQ((unsigned long)msg1, JUMP(&l, msg1_len)),
  59                 JEQ((unsigned long)msg2, JUMP(&l, msg2_len)),
  60                 JEQ((unsigned long)buf, JUMP(&l, buf_len)),
  61                 DENY,
  62
  63                 LABEL(&l, msg1_len),
  64                 ARG(2),
  65                 JLT(sizeof(msg1), ALLOW),
  66                 DENY,
  67
  68                 LABEL(&l, msg2_len),
  69                 ARG(2),
  70                 JLT(sizeof(msg2), ALLOW),
  71                 DENY,
  72
  73                 LABEL(&l, buf_len),
  74                 ARG(2),
  75                 JLT(sizeof(buf), ALLOW),
  76                 DENY,
  77         };
  78         struct sock_fprog prog = {
  79                 .filter = filter,
  80                 .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),
  81         };
  82         ssize_t bytes;
  83         bpf_resolve_jumps(&l, filter, sizeof(filter)/sizeof(*filter));
  84
  85         if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
  86                 perror("prctl(NO_NEW_PRIVS)");
  87                 return 1;
  88         }
  89
  90         if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) {
  91                 perror("prctl(SECCOMP)");
  92                 return 1;
  93         }
  94         syscall(__NR_write, STDOUT_FILENO, msg1, strlen(msg1));
  95         bytes = syscall(__NR_read, STDIN_FILENO, buf, sizeof(buf)-1);
  96         bytes = (bytes > 0 ? bytes : 0);
  97         syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2));
  98         syscall(__NR_write, STDERR_FILENO, buf, bytes);
  99         /* Now get killed */
 100         syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2)+2);
 101         return 0;
 102 }