1 /*
2 * Seccomp BPF example using a macro-based generator.
3 *
4 * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org>
5 * Author: Will Drewry <wad@chromium.org>
6 *
7 * The code may be used by anyone for any purpose,
8 * and can serve as a starting point for developing
9 * applications using prctl(PR_ATTACH_SECCOMP_FILTER).
10 */
11
12 #include <linux/filter.h>
13 #include <linux/seccomp.h>
14 #include <linux/unistd.h>
15 #include <stdio.h>
16 #include <string.h>
17 #include <sys/prctl.h>
18 #include <unistd.h>
19
20 #include "bpf-helper.h"
21
22 #ifndef PR_SET_NO_NEW_PRIVS
23 #define PR_SET_NO_NEW_PRIVS 38
24 #endif
25
main(int argc,char ** argv)26 int main(int argc, char **argv)
27 {
28 struct bpf_labels l = {
29 .count = 0,
30 };
31 static const char msg1[] = "Please type something: ";
32 static const char msg2[] = "You typed: ";
33 char buf[256];
34 struct sock_filter filter[] = {
35 /* TODO: LOAD_SYSCALL_NR(arch) and enforce an arch */
36 LOAD_SYSCALL_NR,
37 SYSCALL(__NR_exit, ALLOW),
38 SYSCALL(__NR_exit_group, ALLOW),
39 SYSCALL(__NR_write, JUMP(&l, write_fd)),
40 SYSCALL(__NR_read, JUMP(&l, read)),
41 DENY, /* Don't passthrough into a label */
42
43 LABEL(&l, read),
44 ARG(0),
45 JNE(STDIN_FILENO, DENY),
46 ARG(1),
47 JNE((unsigned long)buf, DENY),
48 ARG(2),
49 JGE(sizeof(buf), DENY),
50 ALLOW,
51
52 LABEL(&l, write_fd),
53 ARG(0),
54 JEQ(STDOUT_FILENO, JUMP(&l, write_buf)),
55 JEQ(STDERR_FILENO, JUMP(&l, write_buf)),
56 DENY,
57
58 LABEL(&l, write_buf),
59 ARG(1),
60 JEQ((unsigned long)msg1, JUMP(&l, msg1_len)),
61 JEQ((unsigned long)msg2, JUMP(&l, msg2_len)),
62 JEQ((unsigned long)buf, JUMP(&l, buf_len)),
63 DENY,
64
65 LABEL(&l, msg1_len),
66 ARG(2),
67 JLT(sizeof(msg1), ALLOW),
68 DENY,
69
70 LABEL(&l, msg2_len),
71 ARG(2),
72 JLT(sizeof(msg2), ALLOW),
73 DENY,
74
75 LABEL(&l, buf_len),
76 ARG(2),
77 JLT(sizeof(buf), ALLOW),
78 DENY,
79 };
80 struct sock_fprog prog = {
81 .filter = filter,
82 .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),
83 };
84 ssize_t bytes;
85 bpf_resolve_jumps(&l, filter, sizeof(filter)/sizeof(*filter));
86
87 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
88 perror("prctl(NO_NEW_PRIVS)");
89 return 1;
90 }
91
92 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) {
93 perror("prctl(SECCOMP)");
94 return 1;
95 }
96 syscall(__NR_write, STDOUT_FILENO, msg1, strlen(msg1));
97 bytes = syscall(__NR_read, STDIN_FILENO, buf, sizeof(buf)-1);
98 bytes = (bytes > 0 ? bytes : 0);
99 syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2));
100 syscall(__NR_write, STDERR_FILENO, buf, bytes);
101 /* Now get killed */
102 syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2)+2);
103 return 0;
104 }
105