[linux-seccomp.git] / Seccomp.xs

#define PERL_NO_GET_CONTEXT
#include "EXTERN.h"
#include "perl.h"
#include "XSUB.h"

#include "ppport.h"

#include <seccomp.h>
#include <stdio.h>

#include "const-c.inc"

#define die_check_errno if(RETVAL < 0) \
		croak("Failed with error %d (%s)\n", RETVAL, strerror(RETVAL))

#define die_if_error if(RETVAL == __NR_SCMP_ERROR) \
		croak("Failed to resolve system call %s", name);

MODULE = Linux::Seccomp		PACKAGE = Linux::Seccomp		PREFIX = seccomp_

INCLUDE: const-xs.inc
PROTOTYPES: ENABLE

struct scmp_arg_cmp
seccomp_make_arg_cmp(arg, op, datum_a, datum_b = (scmp_datum_t) 0)
	unsigned int arg;
	enum scmp_compare op;
	scmp_datum_t datum_a;
	scmp_datum_t datum_b;
PROTOTYPE: DISABLE
CODE:
  RETVAL = SCMP_CMP(arg, op, datum_a, datum_b);
OUTPUT:
  RETVAL

U32 SCMP_ACT_ERRNO(I16 errno1)

U32 SCMP_ACT_TRACE(I16 msg_num)


NO_OUTPUT int
seccomp_arch_add(ctx, arch_token)
	scmp_filter_ctx ctx
	U32             arch_token
POSTCALL:
  die_check_errno;

bool
seccomp_arch_exist(ctx, arch_token)
	scmp_filter_ctx ctx
	U32             arch_token
PREINIT:
  int ret;
CODE:
  ret = seccomp_arch_exist(ctx, arch_token);
  if(ret != -EEXIST)
    die_check_errno;
  RETVAL = (ret != -EEXIST);
OUTPUT:
  RETVAL

U32
seccomp_arch_native()

NO_OUTPUT int
seccomp_arch_remove(ctx, arch_token)
	scmp_filter_ctx ctx
	U32             arch_token
POSTCALL:
  die_check_errno;

U32
seccomp_arch_resolve_name(arch_name)
	const char *arch_name
POSTCALL:
  die_check_errno;

NO_OUTPUT int
seccomp_attr_get(ctx, attr, OUTLIST value)
	scmp_filter_ctx       ctx
	enum scmp_filter_attr attr
	U32                   value
POSTCALL:
  die_check_errno;

NO_OUTPUT int
seccomp_attr_set(ctx, attr, value)
	scmp_filter_ctx       ctx
	enum scmp_filter_attr attr
	U32                   value
POSTCALL:
  die_check_errno;

NO_OUTPUT int
seccomp_export_bpf(ctx, fd)
	scmp_filter_ctx ctx
	FILE           *fd
INTERFACE:
  seccomp_export_bpf seccomp_export_pfc
C_ARGS:
  ctx, fileno(fd)
POSTCALL:
  die_check_errno;

scmp_filter_ctx
seccomp_init(def_action)
	U32      def_action

int
seccomp_load(ctx)
	scmp_filter_ctx ctx

NO_OUTPUT int
seccomp_merge(ctx_dst, ctx_src)
	scmp_filter_ctx ctx_dst
	scmp_filter_ctx ctx_src
POSTCALL:
  die_check_errno;

void
seccomp_release(ctx)
	scmp_filter_ctx  ctx

NO_OUTPUT int
seccomp_reset(ctx, def_action)
	scmp_filter_ctx ctx
	U32             def_action
POSTCALL:
  die_check_errno;

NO_OUTPUT int
seccomp_rule_add_array(ctx, action, syscall, args)
	scmp_filter_ctx ctx
	U32             action
	int             syscall
	AV*             args
PREINIT:
  unsigned int arg_cnt, i;
  struct scmp_arg_cmp *arg_array;
  SV **sv;
  char *intermediate;
INIT:
  arg_cnt = av_len(args) + 1;
  Newx(arg_array, arg_cnt, struct scmp_arg_cmp);
  for(i = 0 ; i < arg_cnt ; i++){
    sv = av_fetch(args, i, 0);
    if(sv == NULL)
      croak("Bad input array (av_fetch returned NULL)");
    arg_array[i] = *((struct scmp_arg_cmp*) SvPV_nolen(*sv));
  }
C_ARGS:
  ctx, action, syscall, arg_cnt, arg_array
INTERFACE:
  seccomp_rule_add_array seccomp_rule_add_exact_array
POSTCALL:
  Safefree(arg_array);
  die_check_errno;


NO_OUTPUT int
seccomp_syscall_priority(ctx, syscall, priority)
	scmp_filter_ctx ctx
	int             syscall
	I8              priority
POSTCALL:
  die_check_errno;

int
seccomp_syscall_resolve_name(name)
	const char *name
POSTCALL:
  die_if_error;

int
seccomp_syscall_resolve_name_arch(arch_token, name)
	U32         arch_token
	const char *name
POSTCALL:
  die_if_error;

int
seccomp_syscall_resolve_name_rewrite(arch_token, name)
	U32         arch_token
	const char *name
POSTCALL:
  die_if_error;

char *
seccomp_syscall_resolve_num_arch(arch_token, num)
	U32      arch_token
	int      num

AV*
seccomp_version()
  PREINIT:
    const struct scmp_version* ver;
  CODE:
    ver = seccomp_version();
    if(ver == NULL)
        croak("seccomp_version() returned NULL");
    RETVAL = newAV();
    av_push(RETVAL, newSViv(ver->major));
    av_push(RETVAL, newSViv(ver->minor));
    av_push(RETVAL, newSViv(ver->micro));
  OUTPUT:
    RETVAL
Commit	Line	Data
bcf524c1 MG	1	#define PERL_NO_GET_CONTEXT
	2	#include "EXTERN.h"
	3	#include "perl.h"
	4	#include "XSUB.h"
	5
	6	#include "ppport.h"
	7
	8	#include <seccomp.h>
	9	#include <stdio.h>
	10
	11	#include "const-c.inc"
	12
	13	#define die_check_errno if(RETVAL < 0) \
	14	croak("Failed with error %d (%s)\n", RETVAL, strerror(RETVAL))
	15
	16	#define die_if_error if(RETVAL == __NR_SCMP_ERROR) \
	17	croak("Failed to resolve system call %s", name);
	18
	19	MODULE = Linux::Seccomp PACKAGE = Linux::Seccomp PREFIX = seccomp_
	20
	21	INCLUDE: const-xs.inc
	22	PROTOTYPES: ENABLE
	23
	24	struct scmp_arg_cmp
	25	seccomp_make_arg_cmp(arg, op, datum_a, datum_b = (scmp_datum_t) 0)
	26	unsigned int arg;
	27	enum scmp_compare op;
	28	scmp_datum_t datum_a;
	29	scmp_datum_t datum_b;
	30	PROTOTYPE: DISABLE
	31	CODE:
	32	RETVAL = SCMP_CMP(arg, op, datum_a, datum_b);
	33	OUTPUT:
	34	RETVAL
	35
	36	U32 SCMP_ACT_ERRNO(I16 errno1)
	37
	38	U32 SCMP_ACT_TRACE(I16 msg_num)
	39
	40
	41	NO_OUTPUT int
	42	seccomp_arch_add(ctx, arch_token)
	43	scmp_filter_ctx ctx
	44	U32 arch_token
	45	POSTCALL:
	46	die_check_errno;
	47
	48	bool
	49	seccomp_arch_exist(ctx, arch_token)
	50	scmp_filter_ctx ctx
	51	U32 arch_token
	52	PREINIT:
	53	int ret;
	54	CODE:
	55	ret = seccomp_arch_exist(ctx, arch_token);
	56	if(ret != -EEXIST)
	57	die_check_errno;
	58	RETVAL = (ret != -EEXIST);
	59	OUTPUT:
	60	RETVAL
	61
	62	U32
	63	seccomp_arch_native()
	64
65	NO_OUTPUT int
66	seccomp_arch_remove(ctx, arch_token)
67	scmp_filter_ctx ctx
68	U32 arch_token
69	POSTCALL:
70	die_check_errno;
71
72	U32
73	seccomp_arch_resolve_name(arch_name)
74	const char *arch_name
75	POSTCALL:
76	die_check_errno;
77
78	NO_OUTPUT int
79	seccomp_attr_get(ctx, attr, OUTLIST value)
80	scmp_filter_ctx ctx
81	enum scmp_filter_attr attr
82	U32 value
83	POSTCALL:
84	die_check_errno;
85
86	NO_OUTPUT int
87	seccomp_attr_set(ctx, attr, value)
88	scmp_filter_ctx ctx
89	enum scmp_filter_attr attr
90	U32 value
91	POSTCALL:
92	die_check_errno;
93
94	NO_OUTPUT int
95	seccomp_export_bpf(ctx, fd)
96	scmp_filter_ctx ctx
97	FILE *fd
98	INTERFACE:
99	seccomp_export_bpf seccomp_export_pfc
100	C_ARGS:
101	ctx, fileno(fd)
102	POSTCALL:
103	die_check_errno;
104
105	scmp_filter_ctx
106	seccomp_init(def_action)
107	U32 def_action
108
109	int
110	seccomp_load(ctx)
111	scmp_filter_ctx ctx
112
113	NO_OUTPUT int
114	seccomp_merge(ctx_dst, ctx_src)
115	scmp_filter_ctx ctx_dst
116	scmp_filter_ctx ctx_src
117	POSTCALL:
118	die_check_errno;
119
120	void
121	seccomp_release(ctx)
122	scmp_filter_ctx ctx
123
124	NO_OUTPUT int
125	seccomp_reset(ctx, def_action)
126	scmp_filter_ctx ctx
127	U32 def_action
128	POSTCALL:
129	die_check_errno;
130
131	NO_OUTPUT int
132	seccomp_rule_add_array(ctx, action, syscall, args)
133	scmp_filter_ctx ctx
134	U32 action
135	int syscall
136	AV* args
137	PREINIT:
138	unsigned int arg_cnt, i;
139	struct scmp_arg_cmp *arg_array;
140	SV **sv;
141	char *intermediate;
142	INIT:
143	arg_cnt = av_len(args) + 1;
144	Newx(arg_array, arg_cnt, struct scmp_arg_cmp);
145	for(i = 0 ; i < arg_cnt ; i++){
146	sv = av_fetch(args, i, 0);
147	if(sv == NULL)
148	croak("Bad input array (av_fetch returned NULL)");
149	arg_array[i] = ((struct scmp_arg_cmp) SvPV_nolen(*sv));
150	}
151	C_ARGS:
152	ctx, action, syscall, arg_cnt, arg_array
153	INTERFACE:
154	seccomp_rule_add_array seccomp_rule_add_exact_array
155	POSTCALL:
156	Safefree(arg_array);
157	die_check_errno;
158
159
160	NO_OUTPUT int
161	seccomp_syscall_priority(ctx, syscall, priority)
162	scmp_filter_ctx ctx
163	int syscall
164	I8 priority
165	POSTCALL:
166	die_check_errno;
167
168	int
169	seccomp_syscall_resolve_name(name)
170	const char *name
171	POSTCALL:
172	die_if_error;
173
174	int
175	seccomp_syscall_resolve_name_arch(arch_token, name)
176	U32 arch_token
177	const char *name
178	POSTCALL:
179	die_if_error;
180
181	int
182	seccomp_syscall_resolve_name_rewrite(arch_token, name)
183	U32 arch_token
184	const char *name
185	POSTCALL:
186	die_if_error;
187
188	char *
189	seccomp_syscall_resolve_num_arch(arch_token, num)
190	U32 arch_token
191	int num
192
193	AV*
194	seccomp_version()
195	PREINIT:
196	const struct scmp_version* ver;
197	CODE:
198	ver = seccomp_version();
199	if(ver == NULL)
200	croak("seccomp_version() returned NULL");
201	RETVAL = newAV();
202	av_push(RETVAL, newSViv(ver->major));
203	av_push(RETVAL, newSViv(ver->minor));
204	av_push(RETVAL, newSViv(ver->micro));
205	OUTPUT:
206	RETVAL