1 /* syscall_filter.h 2 * Copyright (c) 2012 The Chromium OS Authors. All rights reserved. 3 * Use of this source code is governed by a BSD-style license that can be 4 * found in the LICENSE file. 5 * 6 * Syscall filter functions. 7 */ 8 9 #ifndef SYSCALL_FILTER_H 10 #define SYSCALL_FILTER_H 11 12 #include "bpf.h" 13 14 #ifdef __cplusplus 15 extern "C" { 16 #endif 17 18 struct filter_block { 19 struct sock_filter *instrs; 20 size_t len; 21 22 struct filter_block *next; 23 struct filter_block *last; 24 size_t total_len; 25 }; 26 27 struct parser_state { 28 const char *filename; 29 size_t line_number; 30 }; 31 32 struct bpf_labels; 33 34 struct filter_block *compile_policy_line(struct parser_state *state, int nr, 35 const char *policy_line, 36 unsigned int label_id, 37 struct bpf_labels *labels, 38 int do_ret_trap); 39 int compile_file(const char *filename, FILE *policy_file, 40 struct filter_block *head, struct filter_block **arg_blocks, 41 struct bpf_labels *labels, int use_ret_trap, int allow_logging, 42 unsigned int include_level); 43 int compile_filter(const char *filename, FILE *policy_file, 44 struct sock_fprog *prog, int do_ret_trap, 45 int add_logging_syscalls); 46 47 struct filter_block *new_filter_block(void); 48 int flatten_block_list(struct filter_block *head, struct sock_filter *filter, 49 size_t index, size_t cap); 50 void free_block_list(struct filter_block *head); 51 52 int seccomp_can_softfail(void); 53 54 #ifdef __cplusplus 55 }; /* extern "C" */ 56 #endif 57 58 #endif /* SYSCALL_FILTER_H */ 59