1 // SPDX-License-Identifier: GPL-2.0 1 // SPDX-License-Identifier: GPL-2.0 2 /* 2 /* 3 * Seccomp BPF example using a macro-based gen 3 * Seccomp BPF example using a macro-based generator. 4 * 4 * 5 * Copyright (c) 2012 The Chromium OS Authors 5 * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org> 6 * Author: Will Drewry <wad@chromium.org> 6 * Author: Will Drewry <wad@chromium.org> 7 * 7 * 8 * The code may be used by anyone for any purp 8 * The code may be used by anyone for any purpose, 9 * and can serve as a starting point for devel 9 * and can serve as a starting point for developing 10 * applications using prctl(PR_ATTACH_SECCOMP_ 10 * applications using prctl(PR_ATTACH_SECCOMP_FILTER). 11 */ 11 */ 12 12 13 #include <linux/filter.h> 13 #include <linux/filter.h> 14 #include <linux/seccomp.h> 14 #include <linux/seccomp.h> 15 #include <linux/unistd.h> 15 #include <linux/unistd.h> 16 #include <stdio.h> 16 #include <stdio.h> 17 #include <string.h> 17 #include <string.h> 18 #include <sys/prctl.h> 18 #include <sys/prctl.h> 19 #include <unistd.h> 19 #include <unistd.h> 20 20 21 #include "bpf-helper.h" 21 #include "bpf-helper.h" 22 22 23 #ifndef PR_SET_NO_NEW_PRIVS 23 #ifndef PR_SET_NO_NEW_PRIVS 24 #define PR_SET_NO_NEW_PRIVS 38 24 #define PR_SET_NO_NEW_PRIVS 38 25 #endif 25 #endif 26 26 27 int main(int argc, char **argv) 27 int main(int argc, char **argv) 28 { 28 { 29 struct bpf_labels l = { 29 struct bpf_labels l = { 30 .count = 0, 30 .count = 0, 31 }; 31 }; 32 static const char msg1[] = "Please typ 32 static const char msg1[] = "Please type something: "; 33 static const char msg2[] = "You typed: 33 static const char msg2[] = "You typed: "; 34 char buf[256]; 34 char buf[256]; 35 struct sock_filter filter[] = { 35 struct sock_filter filter[] = { 36 /* TODO: LOAD_SYSCALL_NR(arch) 36 /* TODO: LOAD_SYSCALL_NR(arch) and enforce an arch */ 37 LOAD_SYSCALL_NR, 37 LOAD_SYSCALL_NR, 38 SYSCALL(__NR_exit, ALLOW), 38 SYSCALL(__NR_exit, ALLOW), 39 SYSCALL(__NR_exit_group, ALLOW 39 SYSCALL(__NR_exit_group, ALLOW), 40 SYSCALL(__NR_write, JUMP(&l, w 40 SYSCALL(__NR_write, JUMP(&l, write_fd)), 41 SYSCALL(__NR_read, JUMP(&l, re 41 SYSCALL(__NR_read, JUMP(&l, read)), 42 DENY, /* Don't passthrough in 42 DENY, /* Don't passthrough into a label */ 43 43 44 LABEL(&l, read), 44 LABEL(&l, read), 45 ARG(0), 45 ARG(0), 46 JNE(STDIN_FILENO, DENY), 46 JNE(STDIN_FILENO, DENY), 47 ARG(1), 47 ARG(1), 48 JNE((unsigned long)buf, DENY), 48 JNE((unsigned long)buf, DENY), 49 ARG(2), 49 ARG(2), 50 JGE(sizeof(buf), DENY), 50 JGE(sizeof(buf), DENY), 51 ALLOW, 51 ALLOW, 52 52 53 LABEL(&l, write_fd), 53 LABEL(&l, write_fd), 54 ARG(0), 54 ARG(0), 55 JEQ(STDOUT_FILENO, JUMP(&l, wr 55 JEQ(STDOUT_FILENO, JUMP(&l, write_buf)), 56 JEQ(STDERR_FILENO, JUMP(&l, wr 56 JEQ(STDERR_FILENO, JUMP(&l, write_buf)), 57 DENY, 57 DENY, 58 58 59 LABEL(&l, write_buf), 59 LABEL(&l, write_buf), 60 ARG(1), 60 ARG(1), 61 JEQ((unsigned long)msg1, JUMP( 61 JEQ((unsigned long)msg1, JUMP(&l, msg1_len)), 62 JEQ((unsigned long)msg2, JUMP( 62 JEQ((unsigned long)msg2, JUMP(&l, msg2_len)), 63 JEQ((unsigned long)buf, JUMP(& 63 JEQ((unsigned long)buf, JUMP(&l, buf_len)), 64 DENY, 64 DENY, 65 65 66 LABEL(&l, msg1_len), 66 LABEL(&l, msg1_len), 67 ARG(2), 67 ARG(2), 68 JLT(sizeof(msg1), ALLOW), 68 JLT(sizeof(msg1), ALLOW), 69 DENY, 69 DENY, 70 70 71 LABEL(&l, msg2_len), 71 LABEL(&l, msg2_len), 72 ARG(2), 72 ARG(2), 73 JLT(sizeof(msg2), ALLOW), 73 JLT(sizeof(msg2), ALLOW), 74 DENY, 74 DENY, 75 75 76 LABEL(&l, buf_len), 76 LABEL(&l, buf_len), 77 ARG(2), 77 ARG(2), 78 JLT(sizeof(buf), ALLOW), 78 JLT(sizeof(buf), ALLOW), 79 DENY, 79 DENY, 80 }; 80 }; 81 struct sock_fprog prog = { 81 struct sock_fprog prog = { 82 .filter = filter, 82 .filter = filter, 83 .len = (unsigned short)(sizeof 83 .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])), 84 }; 84 }; 85 ssize_t bytes; 85 ssize_t bytes; 86 bpf_resolve_jumps(&l, filter, sizeof(f 86 bpf_resolve_jumps(&l, filter, sizeof(filter)/sizeof(*filter)); 87 87 88 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0 88 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { 89 perror("prctl(NO_NEW_PRIVS)"); 89 perror("prctl(NO_NEW_PRIVS)"); 90 return 1; 90 return 1; 91 } 91 } 92 92 93 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE 93 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) { 94 perror("prctl(SECCOMP)"); 94 perror("prctl(SECCOMP)"); 95 return 1; 95 return 1; 96 } 96 } 97 syscall(__NR_write, STDOUT_FILENO, msg 97 syscall(__NR_write, STDOUT_FILENO, msg1, strlen(msg1)); 98 bytes = syscall(__NR_read, STDIN_FILEN 98 bytes = syscall(__NR_read, STDIN_FILENO, buf, sizeof(buf)-1); 99 bytes = (bytes > 0 ? bytes : 0); 99 bytes = (bytes > 0 ? bytes : 0); 100 syscall(__NR_write, STDERR_FILENO, msg 100 syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2)); 101 syscall(__NR_write, STDERR_FILENO, buf 101 syscall(__NR_write, STDERR_FILENO, buf, bytes); 102 /* Now get killed */ 102 /* Now get killed */ 103 syscall(__NR_write, STDERR_FILENO, msg 103 syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2)+2); 104 return 0; 104 return 0; 105 } 105 } 106 106
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.