github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/seccomp.txt

github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/seccomp.txt (about)

     1  # Copyright 2019 syzkaller project authors. All rights reserved.
     2  # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
     3  
     4  include <uapi/linux/seccomp.h>
     5  include <asm/ioctls.h>
     6  include <asm/fcntl.h>
     7  
     8  resource fd_seccomp[fd]
     9  resource seccomp_id[int64]
    10  
    11  # Only some commands break return values.
    12  # When/if we have stricter enforcement of arguments, we may remove some of breaks_returns attributes.
    13  seccomp$SECCOMP_SET_MODE_STRICT(op const[SECCOMP_SET_MODE_STRICT], flags const[0], arg const[0]) (breaks_returns)
    14  seccomp$SECCOMP_SET_MODE_FILTER(op const[SECCOMP_SET_MODE_FILTER], flags flags[seccomp_flags], arg ptr[in, sock_fprog]) (breaks_returns)
    15  seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(op const[SECCOMP_SET_MODE_FILTER], flags flags[seccomp_flags_listener], arg ptr[in, sock_fprog]) fd_seccomp (breaks_returns)
    16  seccomp$SECCOMP_GET_ACTION_AVAIL(op const[SECCOMP_GET_ACTION_AVAIL], flags const[0], arg ptr[in, int32]) (breaks_returns)
    17  seccomp$SECCOMP_GET_NOTIF_SIZES(op const[SECCOMP_GET_NOTIF_SIZES], flags const[0], arg ptr[out, seccomp_notif_sizes]) (breaks_returns)
    18  
    19  ioctl$SECCOMP_IOCTL_NOTIF_RECV(fd fd_seccomp, cmd const[SECCOMP_IOCTL_NOTIF_RECV], arg ptr[out, seccomp_notif]) (breaks_returns)
    20  ioctl$SECCOMP_IOCTL_NOTIF_SEND(fd fd_seccomp, cmd const[SECCOMP_IOCTL_NOTIF_SEND], arg ptr[in, seccomp_notif_resp]) (breaks_returns)
    21  ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(fd fd_seccomp, cmd const[SECCOMP_IOCTL_NOTIF_ID_VALID], arg ptr[in, seccomp_id]) (breaks_returns)
    22  ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(fd fd_seccomp, cmd const[SECCOMP_IOCTL_NOTIF_ADDFD], arg ptr[in, seccomp_notif_addfd]) (breaks_returns)
    23  
    24  seccomp_notif_sizes {
    25  	seccomp_notif		int16
    26  	seccomp_notif_resp	int16
    27  	seccomp_data		int16
    28  }
    29  
    30  seccomp_notif {
    31  	id	seccomp_id
    32  	pid	pid
    33  	flags	int32
    34  	data	seccomp_data
    35  }
    36  
    37  seccomp_data {
    38  	nr			int32
    39  	arch			int32
    40  	instruction_pointer	int64
    41  	args			array[int64, 6]
    42  }
    43  
    44  seccomp_notif_resp {
    45  	id	seccomp_id
    46  	val	int64
    47  	error	int32
    48  	flags	const[0, int32]
    49  }
    50  
    51  seccomp_notif_addfd {
    52  	id		seccomp_id
    53  	flags		flags[seccomp_addfd_flags, int32]
    54  	srcfd		fd
    55  	newfd		int32
    56  	newfd_flags	flags[seccomp_addfd_newfd_flags, int32]
    57  }
    58  
    59  seccomp_flags = 0, SECCOMP_FILTER_FLAG_TSYNC, SECCOMP_FILTER_FLAG_LOG, SECCOMP_FILTER_FLAG_SPEC_ALLOW
    60  seccomp_flags_listener = SECCOMP_FILTER_FLAG_NEW_LISTENER, SECCOMP_FILTER_FLAG_LOG_LISTENER, SECCOMP_FILTER_FLAG_SPEC_ALLOW_LISTENER
    61  seccomp_addfd_flags = SECCOMP_ADDFD_FLAG_SETFD, SECCOMP_ADDFD_FLAG_SEND
    62  seccomp_addfd_newfd_flags = O_CLOEXEC
    63  
    64  define SECCOMP_FILTER_FLAG_LOG_LISTENER	SECCOMP_FILTER_FLAG_LOG | SECCOMP_FILTER_FLAG_NEW_LISTENER
    65  define SECCOMP_FILTER_FLAG_SPEC_ALLOW_LISTENER	SECCOMP_FILTER_FLAG_SPEC_ALLOW | SECCOMP_FILTER_FLAG_NEW_LISTENER