]>
Commit | Line | Data |
---|---|---|
1 | /** | |
2 | * Enhanced Seccomp Architecture/Machine Specific Code | |
3 | * | |
4 | * Copyright (c) 2012 Red Hat <pmoore@redhat.com> | |
5 | * Author: Paul Moore <paul@paul-moore.com> | |
6 | */ | |
7 | ||
8 | /* | |
9 | * This library is free software; you can redistribute it and/or modify it | |
10 | * under the terms of version 2.1 of the GNU Lesser General Public License as | |
11 | * published by the Free Software Foundation. | |
12 | * | |
13 | * This library is distributed in the hope that it will be useful, but WITHOUT | |
14 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
15 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License | |
16 | * for more details. | |
17 | * | |
18 | * You should have received a copy of the GNU Lesser General Public License | |
19 | * along with this library; if not, see <http://www.gnu.org/licenses>. | |
20 | */ | |
21 | ||
22 | #ifndef _ARCH_H | |
23 | #define _ARCH_H | |
24 | ||
25 | #include <inttypes.h> | |
26 | #include <stddef.h> | |
27 | #include <stdbool.h> | |
28 | ||
29 | #include <seccomp.h> | |
30 | ||
31 | #include "system.h" | |
32 | ||
33 | struct db_filter; | |
34 | struct db_api_arg; | |
35 | struct db_api_rule_list; | |
36 | ||
37 | struct arch_def { | |
38 | /* arch definition */ | |
39 | uint32_t token; | |
40 | uint32_t token_bpf; | |
41 | enum { | |
42 | ARCH_SIZE_UNSPEC = 0, | |
43 | ARCH_SIZE_32 = 32, | |
44 | ARCH_SIZE_64 = 64, | |
45 | } size; | |
46 | enum { | |
47 | ARCH_ENDIAN_UNSPEC = 0, | |
48 | ARCH_ENDIAN_LITTLE, | |
49 | ARCH_ENDIAN_BIG, | |
50 | } endian; | |
51 | ||
52 | /* arch specific functions */ | |
53 | int (*syscall_resolve_name)(const char *name); | |
54 | const char *(*syscall_resolve_num)(int num); | |
55 | int (*syscall_rewrite)(int *syscall); | |
56 | int (*rule_add)(struct db_filter_col *col, struct db_filter *db, | |
57 | bool strict, struct db_api_rule_list *rule); | |
58 | }; | |
59 | ||
60 | /* arch_def for the current architecture */ | |
61 | extern const struct arch_def *arch_def_native; | |
62 | ||
63 | /* NOTE: Syscall mappings can be found by running the following commands | |
64 | * on the specific architecture's include file: | |
65 | * # gcc -E -dM <file> | grep '__NR_' | |
66 | * where <file> in many cases is /usr/include/asm/unistd.h, however, | |
67 | * depending on the architecture you may need to use a different header. | |
68 | * Further, you can automatically format this list for use as a struct | |
69 | * initializer with the following command: | |
70 | * # gcc -E -dM <file> | grep '__NR_' | \ | |
71 | * sed -e 's/#define[ \t]\+__NR_//' | sort | \ | |
72 | * sed -e 's/\([^ \t]\+\)\([ \t]\+\)\([0-9]\+\)/\t{ \"\1\", \3 },/' | |
73 | * Finally, when creating a table/array of this structure, the final | |
74 | * sentinel entry should be "{ NULL, __NR_SCMP_ERROR }"; see the existing | |
75 | * tables as an example. | |
76 | */ | |
77 | struct arch_syscall_def { | |
78 | const char *name; | |
79 | unsigned int num; | |
80 | }; | |
81 | ||
82 | #define DATUM_MAX ((scmp_datum_t)-1) | |
83 | #define D64_LO(x) ((uint32_t)((uint64_t)(x) & 0x00000000ffffffff)) | |
84 | #define D64_HI(x) ((uint32_t)((uint64_t)(x) >> 32)) | |
85 | ||
86 | #define ARG_COUNT_MAX 6 | |
87 | ||
88 | int arch_valid(uint32_t arch); | |
89 | ||
90 | const struct arch_def *arch_def_lookup(uint32_t token); | |
91 | const struct arch_def *arch_def_lookup_name(const char *arch_name); | |
92 | ||
93 | int arch_arg_count_max(const struct arch_def *arch); | |
94 | ||
95 | int arch_arg_offset_lo(const struct arch_def *arch, unsigned int arg); | |
96 | int arch_arg_offset_hi(const struct arch_def *arch, unsigned int arg); | |
97 | int arch_arg_offset(const struct arch_def *arch, unsigned int arg); | |
98 | ||
99 | int arch_syscall_resolve_name(const struct arch_def *arch, const char *name); | |
100 | const char *arch_syscall_resolve_num(const struct arch_def *arch, int num); | |
101 | ||
102 | int arch_syscall_translate(const struct arch_def *arch, int *syscall); | |
103 | int arch_syscall_rewrite(const struct arch_def *arch, int *syscall); | |
104 | ||
105 | int arch_filter_rule_add(struct db_filter_col *col, struct db_filter *db, | |
106 | bool strict, uint32_t action, int syscall, | |
107 | unsigned int chain_len, struct db_api_arg *chain); | |
108 | ||
109 | #endif |