xref: /openbmc/linux/samples/seccomp/bpf-fancy.c (revision d0b73b48) 
1 /*
2  * Seccomp BPF example using a macro-based generator.
3  *
4  * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org>
5  * Author: Will Drewry <wad@chromium.org>
6  *
7  * The code may be used by anyone for any purpose,
8  * and can serve as a starting point for developing
9  * applications using prctl(PR_ATTACH_SECCOMP_FILTER).
10  */
11 
12 #include <linux/filter.h>
13 #include <linux/seccomp.h>
14 #include <linux/unistd.h>
15 #include <stdio.h>
16 #include <string.h>
17 #include <sys/prctl.h>
18 #include <unistd.h>
19 
20 #include "bpf-helper.h"
21 
22 #ifndef PR_SET_NO_NEW_PRIVS
23 #define PR_SET_NO_NEW_PRIVS 38
24 #endif
25 
26 int main(int argc, char **argv)
27 {
28 	struct bpf_labels l;
29 	static const char msg1[] = "Please type something: ";
30 	static const char msg2[] = "You typed: ";
31 	char buf[256];
32 	struct sock_filter filter[] = {
33 		/* TODO: LOAD_SYSCALL_NR(arch) and enforce an arch */
34 		LOAD_SYSCALL_NR,
35 		SYSCALL(__NR_exit, ALLOW),
36 		SYSCALL(__NR_exit_group, ALLOW),
37 		SYSCALL(__NR_write, JUMP(&l, write_fd)),
38 		SYSCALL(__NR_read, JUMP(&l, read)),
39 		DENY,  /* Don't passthrough into a label */
40 
41 		LABEL(&l, read),
42 		ARG(0),
43 		JNE(STDIN_FILENO, DENY),
44 		ARG(1),
45 		JNE((unsigned long)buf, DENY),
46 		ARG(2),
47 		JGE(sizeof(buf), DENY),
48 		ALLOW,
49 
50 		LABEL(&l, write_fd),
51 		ARG(0),
52 		JEQ(STDOUT_FILENO, JUMP(&l, write_buf)),
53 		JEQ(STDERR_FILENO, JUMP(&l, write_buf)),
54 		DENY,
55 
56 		LABEL(&l, write_buf),
57 		ARG(1),
58 		JEQ((unsigned long)msg1, JUMP(&l, msg1_len)),
59 		JEQ((unsigned long)msg2, JUMP(&l, msg2_len)),
60 		JEQ((unsigned long)buf, JUMP(&l, buf_len)),
61 		DENY,
62 
63 		LABEL(&l, msg1_len),
64 		ARG(2),
65 		JLT(sizeof(msg1), ALLOW),
66 		DENY,
67 
68 		LABEL(&l, msg2_len),
69 		ARG(2),
70 		JLT(sizeof(msg2), ALLOW),
71 		DENY,
72 
73 		LABEL(&l, buf_len),
74 		ARG(2),
75 		JLT(sizeof(buf), ALLOW),
76 		DENY,
77 	};
78 	struct sock_fprog prog = {
79 		.filter = filter,
80 		.len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),
81 	};
82 	ssize_t bytes;
83 	bpf_resolve_jumps(&l, filter, sizeof(filter)/sizeof(*filter));
84 
85 	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
86 		perror("prctl(NO_NEW_PRIVS)");
87 		return 1;
88 	}
89 
90 	if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) {
91 		perror("prctl(SECCOMP)");
92 		return 1;
93 	}
94 	syscall(__NR_write, STDOUT_FILENO, msg1, strlen(msg1));
95 	bytes = syscall(__NR_read, STDIN_FILENO, buf, sizeof(buf)-1);
96 	bytes = (bytes > 0 ? bytes : 0);
97 	syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2));
98 	syscall(__NR_write, STDERR_FILENO, buf, bytes);
99 	/* Now get killed */
100 	syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2)+2);
101 	return 0;
102 }
103