GNU Linux-libre 6.6.15-gnu
[releases.git] / samples / seccomp / bpf-fancy.c
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Seccomp BPF example using a macro-based generator.
4  *
5  * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org>
6  * Author: Will Drewry <wad@chromium.org>
7  *
8  * The code may be used by anyone for any purpose,
9  * and can serve as a starting point for developing
10  * applications using prctl(PR_ATTACH_SECCOMP_FILTER).
11  */
12
13 #include <linux/filter.h>
14 #include <linux/seccomp.h>
15 #include <linux/unistd.h>
16 #include <stdio.h>
17 #include <string.h>
18 #include <sys/prctl.h>
19 #include <unistd.h>
20
21 #include "bpf-helper.h"
22
23 #ifndef PR_SET_NO_NEW_PRIVS
24 #define PR_SET_NO_NEW_PRIVS 38
25 #endif
26
27 int main(int argc, char **argv)
28 {
29         struct bpf_labels l = {
30                 .count = 0,
31         };
32         static const char msg1[] = "Please type something: ";
33         static const char msg2[] = "You typed: ";
34         char buf[256];
35         struct sock_filter filter[] = {
36                 /* TODO: LOAD_SYSCALL_NR(arch) and enforce an arch */
37                 LOAD_SYSCALL_NR,
38                 SYSCALL(__NR_exit, ALLOW),
39                 SYSCALL(__NR_exit_group, ALLOW),
40                 SYSCALL(__NR_write, JUMP(&l, write_fd)),
41                 SYSCALL(__NR_read, JUMP(&l, read)),
42                 DENY,  /* Don't passthrough into a label */
43
44                 LABEL(&l, read),
45                 ARG(0),
46                 JNE(STDIN_FILENO, DENY),
47                 ARG(1),
48                 JNE((unsigned long)buf, DENY),
49                 ARG(2),
50                 JGE(sizeof(buf), DENY),
51                 ALLOW,
52
53                 LABEL(&l, write_fd),
54                 ARG(0),
55                 JEQ(STDOUT_FILENO, JUMP(&l, write_buf)),
56                 JEQ(STDERR_FILENO, JUMP(&l, write_buf)),
57                 DENY,
58
59                 LABEL(&l, write_buf),
60                 ARG(1),
61                 JEQ((unsigned long)msg1, JUMP(&l, msg1_len)),
62                 JEQ((unsigned long)msg2, JUMP(&l, msg2_len)),
63                 JEQ((unsigned long)buf, JUMP(&l, buf_len)),
64                 DENY,
65
66                 LABEL(&l, msg1_len),
67                 ARG(2),
68                 JLT(sizeof(msg1), ALLOW),
69                 DENY,
70
71                 LABEL(&l, msg2_len),
72                 ARG(2),
73                 JLT(sizeof(msg2), ALLOW),
74                 DENY,
75
76                 LABEL(&l, buf_len),
77                 ARG(2),
78                 JLT(sizeof(buf), ALLOW),
79                 DENY,
80         };
81         struct sock_fprog prog = {
82                 .filter = filter,
83                 .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),
84         };
85         ssize_t bytes;
86         bpf_resolve_jumps(&l, filter, sizeof(filter)/sizeof(*filter));
87
88         if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
89                 perror("prctl(NO_NEW_PRIVS)");
90                 return 1;
91         }
92
93         if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) {
94                 perror("prctl(SECCOMP)");
95                 return 1;
96         }
97         syscall(__NR_write, STDOUT_FILENO, msg1, strlen(msg1));
98         bytes = syscall(__NR_read, STDIN_FILENO, buf, sizeof(buf)-1);
99         bytes = (bytes > 0 ? bytes : 0);
100         syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2));
101         syscall(__NR_write, STDERR_FILENO, buf, bytes);
102         /* Now get killed */
103         syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2)+2);
104         return 0;
105 }