1 /* syscall_filter.h 2 * Copyright (c) 2012 The Chromium OS Authors. All rights reserved. 3 * Use of this source code is governed by a BSD-style license that can be 4 * found in the LICENSE file. 5 * 6 * Syscall filter functions. 7 */ 8 9 #ifndef SYSCALL_FILTER_H 10 #define SYSCALL_FILTER_H 11 12 #include "bpf.h" 13 14 #ifdef __cplusplus 15 extern "C" { 16 #endif 17 18 struct filter_block { 19 struct sock_filter *instrs; 20 size_t len; 21 22 struct filter_block *next; 23 struct filter_block *last; 24 size_t total_len; 25 }; 26 27 struct parser_state { 28 const char *filename; 29 size_t line_number; 30 }; 31 32 enum block_action { ACTION_RET_KILL = 0, ACTION_RET_TRAP, ACTION_RET_LOG }; 33 34 struct filter_options { 35 enum block_action action; 36 int allow_logging; 37 int allow_syscalls_for_logging; 38 }; 39 40 struct bpf_labels; 41 42 struct filter_block *compile_policy_line(struct parser_state *state, int nr, 43 const char *policy_line, 44 unsigned int label_id, 45 struct bpf_labels *labels, 46 enum block_action action); 47 48 int compile_file(const char *filename, FILE *policy_file, 49 struct filter_block *head, struct filter_block **arg_blocks, 50 struct bpf_labels *labels, 51 const struct filter_options *filteropts, 52 unsigned int include_level); 53 54 int compile_filter(const char *filename, FILE *policy_file, 55 struct sock_fprog *prog, 56 const struct filter_options *filteropts); 57 58 struct filter_block *new_filter_block(void); 59 int flatten_block_list(struct filter_block *head, struct sock_filter *filter, 60 size_t index, size_t cap); 61 void free_block_list(struct filter_block *head); 62 63 int seccomp_can_softfail(void); 64 65 #ifdef __cplusplus 66 }; /* extern "C" */ 67 #endif 68 69 #endif /* SYSCALL_FILTER_H */ 70