1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Seccomp BPF example using a macro-based generator.
4 *
5 * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org>
6 * Author: Will Drewry <wad@chromium.org>
7 *
8 * The code may be used by anyone for any purpose,
9 * and can serve as a starting point for developing
10 * applications using prctl(PR_ATTACH_SECCOMP_FILTER).
11 */
12
13 #include <linux/filter.h>
14 #include <linux/seccomp.h>
15 #include <linux/unistd.h>
16 #include <stdio.h>
17 #include <string.h>
18 #include <sys/prctl.h>
19 #include <unistd.h>
20
21 #include "bpf-helper.h"
22
23 #ifndef PR_SET_NO_NEW_PRIVS
24 #define PR_SET_NO_NEW_PRIVS 38
25 #endif
26
main(int argc,char ** argv)27 int main(int argc, char **argv)
28 {
29 struct bpf_labels l = {
30 .count = 0,
31 };
32 static const char msg1[] = "Please type something: ";
33 static const char msg2[] = "You typed: ";
34 char buf[256];
35 struct sock_filter filter[] = {
36 /* TODO: LOAD_SYSCALL_NR(arch) and enforce an arch */
37 LOAD_SYSCALL_NR,
38 SYSCALL(__NR_exit, ALLOW),
39 SYSCALL(__NR_exit_group, ALLOW),
40 SYSCALL(__NR_write, JUMP(&l, write_fd)),
41 SYSCALL(__NR_read, JUMP(&l, read)),
42 DENY, /* Don't passthrough into a label */
43
44 LABEL(&l, read),
45 ARG(0),
46 JNE(STDIN_FILENO, DENY),
47 ARG(1),
48 JNE((unsigned long)buf, DENY),
49 ARG(2),
50 JGE(sizeof(buf), DENY),
51 ALLOW,
52
53 LABEL(&l, write_fd),
54 ARG(0),
55 JEQ(STDOUT_FILENO, JUMP(&l, write_buf)),
56 JEQ(STDERR_FILENO, JUMP(&l, write_buf)),
57 DENY,
58
59 LABEL(&l, write_buf),
60 ARG(1),
61 JEQ((unsigned long)msg1, JUMP(&l, msg1_len)),
62 JEQ((unsigned long)msg2, JUMP(&l, msg2_len)),
63 JEQ((unsigned long)buf, JUMP(&l, buf_len)),
64 DENY,
65
66 LABEL(&l, msg1_len),
67 ARG(2),
68 JLT(sizeof(msg1), ALLOW),
69 DENY,
70
71 LABEL(&l, msg2_len),
72 ARG(2),
73 JLT(sizeof(msg2), ALLOW),
74 DENY,
75
76 LABEL(&l, buf_len),
77 ARG(2),
78 JLT(sizeof(buf), ALLOW),
79 DENY,
80 };
81 struct sock_fprog prog = {
82 .filter = filter,
83 .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),
84 };
85 ssize_t bytes;
86 bpf_resolve_jumps(&l, filter, sizeof(filter)/sizeof(*filter));
87
88 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
89 perror("prctl(NO_NEW_PRIVS)");
90 return 1;
91 }
92
93 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) {
94 perror("prctl(SECCOMP)");
95 return 1;
96 }
97 syscall(__NR_write, STDOUT_FILENO, msg1, strlen(msg1));
98 bytes = syscall(__NR_read, STDIN_FILENO, buf, sizeof(buf)-1);
99 bytes = (bytes > 0 ? bytes : 0);
100 syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2));
101 syscall(__NR_write, STDERR_FILENO, buf, bytes);
102 /* Now get killed */
103 syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2)+2);
104 return 0;
105 }
106