1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Seccomp BPF example using a macro-based generator. 4 * 5 * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org> 6 * Author: Will Drewry <wad@chromium.org> 7 * 8 * The code may be used by anyone for any purpose, 9 * and can serve as a starting point for developing 10 * applications using prctl(PR_ATTACH_SECCOMP_FILTER). 11 */ 12 13#include <linux/filter.h> 14#include <linux/seccomp.h> 15#include <linux/unistd.h> 16#include <stdio.h> 17#include <string.h> 18#include <sys/prctl.h> 19#include <unistd.h> 20 21#include "bpf-helper.h" 22 23#ifndef PR_SET_NO_NEW_PRIVS 24#define PR_SET_NO_NEW_PRIVS 38 25#endif 26 27int main(int argc, char **argv) 28{ 29 struct bpf_labels l = { 30 .count = 0, 31 }; 32 static const char msg1[] = "Please type something: "; 33 static const char msg2[] = "You typed: "; 34 char buf[256]; 35 struct sock_filter filter[] = { 36 /* TODO: LOAD_SYSCALL_NR(arch) and enforce an arch */ 37 LOAD_SYSCALL_NR, 38 SYSCALL(__NR_exit, ALLOW), 39 SYSCALL(__NR_exit_group, ALLOW), 40 SYSCALL(__NR_write, JUMP(&l, write_fd)), 41 SYSCALL(__NR_read, JUMP(&l, read)), 42 DENY, /* Don't passthrough into a label */ 43 44 LABEL(&l, read), 45 ARG(0), 46 JNE(STDIN_FILENO, DENY), 47 ARG(1), 48 JNE((unsigned long)buf, DENY), 49 ARG(2), 50 JGE(sizeof(buf), DENY), 51 ALLOW, 52 53 LABEL(&l, write_fd), 54 ARG(0), 55 JEQ(STDOUT_FILENO, JUMP(&l, write_buf)), 56 JEQ(STDERR_FILENO, JUMP(&l, write_buf)), 57 DENY, 58 59 LABEL(&l, write_buf), 60 ARG(1), 61 JEQ((unsigned long)msg1, JUMP(&l, msg1_len)), 62 JEQ((unsigned long)msg2, JUMP(&l, msg2_len)), 63 JEQ((unsigned long)buf, JUMP(&l, buf_len)), 64 DENY, 65 66 LABEL(&l, msg1_len), 67 ARG(2), 68 JLT(sizeof(msg1), ALLOW), 69 DENY, 70 71 LABEL(&l, msg2_len), 72 ARG(2), 73 JLT(sizeof(msg2), ALLOW), 74 DENY, 75 76 LABEL(&l, buf_len), 77 ARG(2), 78 JLT(sizeof(buf), ALLOW), 79 DENY, 80 }; 81 struct sock_fprog prog = { 82 .filter = filter, 83 .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])), 84 }; 85 ssize_t bytes; 86 bpf_resolve_jumps(&l, filter, sizeof(filter)/sizeof(*filter)); 87 88 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { 89 perror("prctl(NO_NEW_PRIVS)"); 90 return 1; 91 } 92 93 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) { 94 perror("prctl(SECCOMP)"); 95 return 1; 96 } 97 syscall(__NR_write, STDOUT_FILENO, msg1, strlen(msg1)); 98 bytes = syscall(__NR_read, STDIN_FILENO, buf, sizeof(buf)-1); 99 bytes = (bytes > 0 ? bytes : 0); 100 syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2)); 101 syscall(__NR_write, STDERR_FILENO, buf, bytes); 102 /* Now get killed */ 103 syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2)+2); 104 return 0; 105} 106