1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * Seccomp BPF example using a macro-based generator. |
4 | * |
5 | * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org> |
6 | * Author: Will Drewry <wad@chromium.org> |
7 | * |
8 | * The code may be used by anyone for any purpose, |
9 | * and can serve as a starting point for developing |
10 | * applications using prctl(PR_ATTACH_SECCOMP_FILTER). |
11 | */ |
12 | |
13 | #include <linux/filter.h> |
14 | #include <linux/seccomp.h> |
15 | #include <linux/unistd.h> |
16 | #include <stdio.h> |
17 | #include <string.h> |
18 | #include <sys/prctl.h> |
19 | #include <unistd.h> |
20 | |
21 | #include "bpf-helper.h" |
22 | |
23 | #ifndef PR_SET_NO_NEW_PRIVS |
24 | #define PR_SET_NO_NEW_PRIVS 38 |
25 | #endif |
26 | |
27 | int main(int argc, char **argv) |
28 | { |
29 | struct bpf_labels l = { |
30 | .count = 0, |
31 | }; |
32 | static const char msg1[] = "Please type something: " ; |
33 | static const char msg2[] = "You typed: " ; |
34 | char buf[256]; |
35 | struct sock_filter filter[] = { |
36 | /* TODO: LOAD_SYSCALL_NR(arch) and enforce an arch */ |
37 | LOAD_SYSCALL_NR, |
38 | SYSCALL(__NR_exit, ALLOW), |
39 | SYSCALL(__NR_exit_group, ALLOW), |
40 | SYSCALL(__NR_write, JUMP(&l, write_fd)), |
41 | SYSCALL(__NR_read, JUMP(&l, read)), |
42 | DENY, /* Don't passthrough into a label */ |
43 | |
44 | LABEL(&l, read), |
45 | ARG(0), |
46 | JNE(STDIN_FILENO, DENY), |
47 | ARG(1), |
48 | JNE((unsigned long)buf, DENY), |
49 | ARG(2), |
50 | JGE(sizeof(buf), DENY), |
51 | ALLOW, |
52 | |
53 | LABEL(&l, write_fd), |
54 | ARG(0), |
55 | JEQ(STDOUT_FILENO, JUMP(&l, write_buf)), |
56 | JEQ(STDERR_FILENO, JUMP(&l, write_buf)), |
57 | DENY, |
58 | |
59 | LABEL(&l, write_buf), |
60 | ARG(1), |
61 | JEQ((unsigned long)msg1, JUMP(&l, msg1_len)), |
62 | JEQ((unsigned long)msg2, JUMP(&l, msg2_len)), |
63 | JEQ((unsigned long)buf, JUMP(&l, buf_len)), |
64 | DENY, |
65 | |
66 | LABEL(&l, msg1_len), |
67 | ARG(2), |
68 | JLT(sizeof(msg1), ALLOW), |
69 | DENY, |
70 | |
71 | LABEL(&l, msg2_len), |
72 | ARG(2), |
73 | JLT(sizeof(msg2), ALLOW), |
74 | DENY, |
75 | |
76 | LABEL(&l, buf_len), |
77 | ARG(2), |
78 | JLT(sizeof(buf), ALLOW), |
79 | DENY, |
80 | }; |
81 | struct sock_fprog prog = { |
82 | .filter = filter, |
83 | .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])), |
84 | }; |
85 | ssize_t bytes; |
86 | bpf_resolve_jumps(labels: &l, filter, count: sizeof(filter)/sizeof(*filter)); |
87 | |
88 | if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { |
89 | perror(s: "prctl(NO_NEW_PRIVS)" ); |
90 | return 1; |
91 | } |
92 | |
93 | if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) { |
94 | perror(s: "prctl(SECCOMP)" ); |
95 | return 1; |
96 | } |
97 | syscall(__NR_write, STDOUT_FILENO, msg1, strlen(s: msg1)); |
98 | bytes = syscall(__NR_read, STDIN_FILENO, buf, sizeof(buf)-1); |
99 | bytes = (bytes > 0 ? bytes : 0); |
100 | syscall(__NR_write, STDERR_FILENO, msg2, strlen(s: msg2)); |
101 | syscall(__NR_write, STDERR_FILENO, buf, bytes); |
102 | /* Now get killed */ |
103 | syscall(__NR_write, STDERR_FILENO, msg2, strlen(s: msg2)+2); |
104 | return 0; |
105 | } |
106 | |