Home Explore Help
Sign In
miti
/
graphene
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 84f81d8f13
Branches Tags
graphene
/
Pal
/
src
/
security
/
Linux
/
bpf_helper.c

bpf_helper.c 2.3 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. /*
    2. 

  2.  * Seccomp BPF helper functions
    3. 

  3.  *
    4. 

  4.  * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org>
    5. 

  5.  * Author: Will Drewry <wad@chromium.org>
    6. 

  6.  *
    7. 

  7.  * The code may be used by anyone for any purpose,
    8. 

  8.  * and can serve as a starting point for developing
    9. 

  9.  * applications using prctl(PR_ATTACH_SECCOMP_FILTER).
    10. 

  10.  */
    11. 

  11. 

  12. #define _GNU_SOURCE 1
    13. 

  13. #ifndef __GNUC__
    14. 

  14. #define __GNUC__ 1
    15. 

  15. #endif
    16. 

  16. typedef __builtin_va_list __gnuc_va_list;
    17. 

  17. 

  18. #include "bpf-helper.h"
    19. 

  19. #include "internal.h"
    20. 

  20. 

  21. int bpf_resolve_jumps(struct bpf_labels *labels,
    22. 

  22. 		      struct sock_filter *filter, int count)
    23. 

  23. {
    24. 

  24. 	struct sock_filter *begin = filter;
    25. 

  25. 	__u8 insn = count - 1;
    26. 

  26. 

  27. 	if (count < 1)
    28. 

  28. 		return -1;
    29. 

  29. 	/*
    30. 

  30. 	* Walk it once, backwards, to build the label table and do fixups.
    31. 

  31. 	* Since backward jumps are disallowed by BPF, this is easy.
    32. 

  32. 	*/
    33. 

  33. 	filter += insn;
    34. 

  34. 	for (; filter >= begin; --insn, --filter) {
    35. 

  35. 		if (filter->code != (BPF_JMP+BPF_JA))
    36. 

  36. 			continue;
    37. 

  37. 		switch ((filter->jt<<8)|filter->jf) {
    38. 

  38. 		case (JUMP_JT<<8)|JUMP_JF:
    39. 

  39. 			if (labels->labels[filter->k].location == 0xffffffff) {
    40. 

  40. 				printf("Unresolved label: '%s'\n",
    41. 

  41. 				       labels->labels[filter->k].label);
    42. 

  42. 				return 1;
    43. 

  43. 			}
    44. 

  44. 			filter->k = labels->labels[filter->k].location -
    45. 

  45. 				    (insn + 1);
    46. 

  46. 			filter->jt = 0;
    47. 

  47. 			filter->jf = 0;
    48. 

  48. 			continue;
    49. 

  49. 		case (LABEL_JT<<8)|LABEL_JF:
    50. 

  50. 			if (labels->labels[filter->k].location != 0xffffffff) {
    51. 

  51. 				printf("Duplicate label use: '%s'\n",
    52. 

  52. 				       labels->labels[filter->k].label);
    53. 

  53. 				return 1;
    54. 

  54. 			}
    55. 

  55. 			labels->labels[filter->k].location = insn;
    56. 

  56. 			filter->k = 0; /* fall through */
    57. 

  57. 			filter->jt = 0;
    58. 

  58. 			filter->jf = 0;
    59. 

  59. 			continue;
    60. 

  60. 		}
    61. 

  61. 	}
    62. 

  62. 	return 0;
    63. 

  63. }
    64. 

  64. 

  65. /* Simple lookup table for labels. */
    66. 

  66. __u32 seccomp_bpf_label(struct bpf_labels *labels, const char *label)
    67. 

  67. {
    68. 

  68. 	struct __bpf_label *begin = labels->labels, *end;
    69. 

  69. 	int id;
    70. 

  70. 	if (labels->count == 0) {
    71. 

  71. 		begin->label = label;
    72. 

  72. 		begin->location = 0xffffffff;
    73. 

  73. 		labels->count++;
    74. 

  74. 		return 0;
    75. 

  75. 	}
    76. 

  76. 	int len = strlen(label);
    77. 

  77. 	end = begin + labels->count;
    78. 

  78. 	for (id = 0; begin < end; ++begin, ++id) {
    79. 

  79. 		if (!memcmp(label, begin->label, len + 1))
    80. 

  80. 			return id;
    81. 

  81. 	}
    82. 

  82. 	begin->label = label;
    83. 

  83. 	begin->location = 0xffffffff;
    84. 

  84. 	labels->count++;
    85. 

  85. 	return id;
    86. 

  86. }
    87. 

  87. 

  88. void seccomp_bpf_print(struct sock_filter *filter, int count)
    89. 

  89. {
    90. 

  90. 	struct sock_filter *end = filter + count;
    91. 

  91. 	for ( ; filter < end; ++filter)
    92. 

  92. 		printf("{ code=%u,jt=%u,jf=%u,k=%u },\n",
    93. 

  93. 		       filter->code, filter->jt, filter->jf, filter->k);
    94. 

  94. }
    95. 

  95.