X-Git-Url: http://git.ieval.ro/?p=linux-seccomp.git;a=blobdiff_plain;f=libseccomp%2Fsrc%2Farch.h;fp=libseccomp%2Fsrc%2Farch.h;h=7f15cf5a3b0109713202320438c6c014d1ca74a5;hp=0000000000000000000000000000000000000000;hb=8befd5cc4d2b478c697d81a5ac191083c203d081;hpb=bcf524c10c0ad85fcef711acffc3251bb8472352 diff --git a/libseccomp/src/arch.h b/libseccomp/src/arch.h new file mode 100644 index 0000000..7f15cf5 --- /dev/null +++ b/libseccomp/src/arch.h @@ -0,0 +1,109 @@ +/** + * Enhanced Seccomp Architecture/Machine Specific Code + * + * Copyright (c) 2012 Red Hat + * Author: Paul Moore + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see . + */ + +#ifndef _ARCH_H +#define _ARCH_H + +#include +#include +#include + +#include + +#include "system.h" + +struct db_filter; +struct db_api_arg; +struct db_api_rule_list; + +struct arch_def { + /* arch definition */ + uint32_t token; + uint32_t token_bpf; + enum { + ARCH_SIZE_UNSPEC = 0, + ARCH_SIZE_32 = 32, + ARCH_SIZE_64 = 64, + } size; + enum { + ARCH_ENDIAN_UNSPEC = 0, + ARCH_ENDIAN_LITTLE, + ARCH_ENDIAN_BIG, + } endian; + + /* arch specific functions */ + int (*syscall_resolve_name)(const char *name); + const char *(*syscall_resolve_num)(int num); + int (*syscall_rewrite)(int *syscall); + int (*rule_add)(struct db_filter_col *col, struct db_filter *db, + bool strict, struct db_api_rule_list *rule); +}; + +/* arch_def for the current architecture */ +extern const struct arch_def *arch_def_native; + +/* NOTE: Syscall mappings can be found by running the following commands + * on the specific architecture's include file: + * # gcc -E -dM | grep '__NR_' + * where in many cases is /usr/include/asm/unistd.h, however, + * depending on the architecture you may need to use a different header. + * Further, you can automatically format this list for use as a struct + * initializer with the following command: + * # gcc -E -dM | grep '__NR_' | \ + * sed -e 's/#define[ \t]\+__NR_//' | sort | \ + * sed -e 's/\([^ \t]\+\)\([ \t]\+\)\([0-9]\+\)/\t{ \"\1\", \3 },/' + * Finally, when creating a table/array of this structure, the final + * sentinel entry should be "{ NULL, __NR_SCMP_ERROR }"; see the existing + * tables as an example. + */ +struct arch_syscall_def { + const char *name; + unsigned int num; +}; + +#define DATUM_MAX ((scmp_datum_t)-1) +#define D64_LO(x) ((uint32_t)((uint64_t)(x) & 0x00000000ffffffff)) +#define D64_HI(x) ((uint32_t)((uint64_t)(x) >> 32)) + +#define ARG_COUNT_MAX 6 + +int arch_valid(uint32_t arch); + +const struct arch_def *arch_def_lookup(uint32_t token); +const struct arch_def *arch_def_lookup_name(const char *arch_name); + +int arch_arg_count_max(const struct arch_def *arch); + +int arch_arg_offset_lo(const struct arch_def *arch, unsigned int arg); +int arch_arg_offset_hi(const struct arch_def *arch, unsigned int arg); +int arch_arg_offset(const struct arch_def *arch, unsigned int arg); + +int arch_syscall_resolve_name(const struct arch_def *arch, const char *name); +const char *arch_syscall_resolve_num(const struct arch_def *arch, int num); + +int arch_syscall_translate(const struct arch_def *arch, int *syscall); +int arch_syscall_rewrite(const struct arch_def *arch, int *syscall); + +int arch_filter_rule_add(struct db_filter_col *col, struct db_filter *db, + bool strict, uint32_t action, int syscall, + unsigned int chain_len, struct db_api_arg *chain); + +#endif