xref: /linux/samples/seccomp/bpf-fancy.c (revision 95298d63c67673c654c08952672d016212b26054)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Seccomp BPF example using a macro-based generator.
4  *
5  * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org>
6  * Author: Will Drewry <wad@chromium.org>
7  *
8  * The code may be used by anyone for any purpose,
9  * and can serve as a starting point for developing
10  * applications using prctl(PR_ATTACH_SECCOMP_FILTER).
11  */
12 
13 #include <linux/filter.h>
14 #include <linux/seccomp.h>
15 #include <linux/unistd.h>
16 #include <stdio.h>
17 #include <string.h>
18 #include <sys/prctl.h>
19 #include <unistd.h>
20 
21 #include "bpf-helper.h"
22 
23 #ifndef PR_SET_NO_NEW_PRIVS
24 #define PR_SET_NO_NEW_PRIVS 38
25 #endif
26 
27 int main(int argc, char **argv)
28 {
29 	struct bpf_labels l = {
30 		.count = 0,
31 	};
32 	static const char msg1[] = "Please type something: ";
33 	static const char msg2[] = "You typed: ";
34 	char buf[256];
35 	struct sock_filter filter[] = {
36 		/* TODO: LOAD_SYSCALL_NR(arch) and enforce an arch */
37 		LOAD_SYSCALL_NR,
38 		SYSCALL(__NR_exit, ALLOW),
39 		SYSCALL(__NR_exit_group, ALLOW),
40 		SYSCALL(__NR_write, JUMP(&l, write_fd)),
41 		SYSCALL(__NR_read, JUMP(&l, read)),
42 		DENY,  /* Don't passthrough into a label */
43 
44 		LABEL(&l, read),
45 		ARG(0),
46 		JNE(STDIN_FILENO, DENY),
47 		ARG(1),
48 		JNE((unsigned long)buf, DENY),
49 		ARG(2),
50 		JGE(sizeof(buf), DENY),
51 		ALLOW,
52 
53 		LABEL(&l, write_fd),
54 		ARG(0),
55 		JEQ(STDOUT_FILENO, JUMP(&l, write_buf)),
56 		JEQ(STDERR_FILENO, JUMP(&l, write_buf)),
57 		DENY,
58 
59 		LABEL(&l, write_buf),
60 		ARG(1),
61 		JEQ((unsigned long)msg1, JUMP(&l, msg1_len)),
62 		JEQ((unsigned long)msg2, JUMP(&l, msg2_len)),
63 		JEQ((unsigned long)buf, JUMP(&l, buf_len)),
64 		DENY,
65 
66 		LABEL(&l, msg1_len),
67 		ARG(2),
68 		JLT(sizeof(msg1), ALLOW),
69 		DENY,
70 
71 		LABEL(&l, msg2_len),
72 		ARG(2),
73 		JLT(sizeof(msg2), ALLOW),
74 		DENY,
75 
76 		LABEL(&l, buf_len),
77 		ARG(2),
78 		JLT(sizeof(buf), ALLOW),
79 		DENY,
80 	};
81 	struct sock_fprog prog = {
82 		.filter = filter,
83 		.len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),
84 	};
85 	ssize_t bytes;
86 	bpf_resolve_jumps(&l, filter, sizeof(filter)/sizeof(*filter));
87 
88 	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
89 		perror("prctl(NO_NEW_PRIVS)");
90 		return 1;
91 	}
92 
93 	if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) {
94 		perror("prctl(SECCOMP)");
95 		return 1;
96 	}
97 	syscall(__NR_write, STDOUT_FILENO, msg1, strlen(msg1));
98 	bytes = syscall(__NR_read, STDIN_FILENO, buf, sizeof(buf)-1);
99 	bytes = (bytes > 0 ? bytes : 0);
100 	syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2));
101 	syscall(__NR_write, STDERR_FILENO, buf, bytes);
102 	/* Now get killed */
103 	syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2)+2);
104 	return 0;
105 }
106