code-intelligence.com/cifuzz@v0.40.0/third-party/minijail/syscall_filter.h

code-intelligence.com/cifuzz@v0.40.0/third-party/minijail/syscall_filter.h (about)

     1  /* syscall_filter.h
     2   * Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
     3   * Use of this source code is governed by a BSD-style license that can be
     4   * found in the LICENSE file.
     5   *
     6   * Syscall filter functions.
     7   */
     8  
     9  #ifndef SYSCALL_FILTER_H
    10  #define SYSCALL_FILTER_H
    11  
    12  #include <stdbool.h>
    13  
    14  #include "bpf.h"
    15  
    16  #ifdef __cplusplus
    17  extern "C" {
    18  #endif
    19  
    20  struct filter_block {
    21  	struct sock_filter *instrs;
    22  	size_t len;
    23  
    24  	struct filter_block *next;
    25  	struct filter_block *last;
    26  	size_t total_len;
    27  };
    28  
    29  struct parser_state {
    30  	const char *filename;
    31  	size_t line_number;
    32  };
    33  
    34  enum block_action {
    35  	ACTION_RET_KILL = 0,
    36  	ACTION_RET_TRAP,
    37  	ACTION_RET_LOG,
    38  	ACTION_RET_KILL_PROCESS,
    39  };
    40  
    41  struct filter_options {
    42  	enum block_action action;
    43  	int allow_logging;
    44  	int allow_syscalls_for_logging;
    45  	bool allow_duplicate_syscalls;
    46  };
    47  
    48  struct bpf_labels;
    49  
    50  struct filter_block *compile_policy_line(struct parser_state *state, int nr,
    51  					 const char *policy_line,
    52  					 unsigned int label_id,
    53  					 struct bpf_labels *labels,
    54  					 enum block_action action);
    55  
    56  int compile_file(const char *filename, FILE *policy_file,
    57  		 struct filter_block *head, struct filter_block **arg_blocks,
    58  		 struct bpf_labels *labels,
    59  		 const struct filter_options *filteropts,
    60  		 struct parser_state **previous_syscalls,
    61  		 unsigned int include_level);
    62  
    63  int compile_filter(const char *filename, FILE *policy_file,
    64  		   struct sock_fprog *prog,
    65  		   const struct filter_options *filteropts);
    66  
    67  struct filter_block *new_filter_block(void);
    68  int flatten_block_list(struct filter_block *head, struct sock_filter *filter,
    69  		       size_t index, size_t cap);
    70  void free_block_list(struct filter_block *head);
    71  void free_previous_syscalls(struct parser_state **previous_syscalls);
    72  
    73  int seccomp_can_softfail(void);
    74  static inline bool allow_duplicate_syscalls(void)
    75  {
    76  #if defined(ALLOW_DUPLICATE_SYSCALLS)
    77  	return true;
    78  #endif
    79  	return false;
    80  }
    81  
    82  #ifdef __cplusplus
    83  }; /* extern "C" */
    84  #endif
    85  
    86  #endif /* SYSCALL_FILTER_H */