1 /*
2 * Decoder of seccomp filter programs.
3 *
4 * Copyright (c) 2015-2017 Dmitry V. Levin <ldv@altlinux.org>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #include "defs.h"
31
32 #include "bpf_filter.h"
33
34 #include <linux/filter.h>
35 #ifdef HAVE_LINUX_SECCOMP_H
36 # include <linux/seccomp.h>
37 #endif
38 #ifndef SECCOMP_RET_ACTION_FULL
39 # define SECCOMP_RET_ACTION_FULL 0xffff0000U
40 #endif
41 #include "xlat/seccomp_ret_action.h"
42
43 static bool
print_seccomp_filter_k(const struct bpf_filter_block * const fp)44 print_seccomp_filter_k(const struct bpf_filter_block *const fp)
45 {
46 if (BPF_CLASS(fp->code) == BPF_RET) {
47 unsigned int action = SECCOMP_RET_ACTION_FULL & fp->k;
48 unsigned int data = fp->k & ~action;
49
50 printxval(seccomp_ret_action, action, "SECCOMP_RET_???");
51 if (data)
52 tprintf("|%#x", data);
53
54 return true;
55 }
56
57 return false;
58 }
59
60 void
print_seccomp_fprog(struct tcb * const tcp,const kernel_ulong_t addr,const unsigned short len)61 print_seccomp_fprog(struct tcb *const tcp, const kernel_ulong_t addr,
62 const unsigned short len)
63 {
64 print_bpf_fprog(tcp, addr, len, print_seccomp_filter_k);
65 }
66
67 void
decode_seccomp_fprog(struct tcb * const tcp,const kernel_ulong_t addr)68 decode_seccomp_fprog(struct tcb *const tcp, const kernel_ulong_t addr)
69 {
70 decode_bpf_fprog(tcp, addr, print_seccomp_filter_k);
71 }
72