1// SPDX-License-Identifier: GPL-2.0
  2/*
  3 * Seccomp BPF example using a macro-based generator.
  4 *
  5 * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org>
  6 * Author: Will Drewry <wad@chromium.org>
  7 *
  8 * The code may be used by anyone for any purpose,
  9 * and can serve as a starting point for developing
 10 * applications using prctl(PR_ATTACH_SECCOMP_FILTER).
 11 */
 12
 13#include <linux/filter.h>
 14#include <linux/seccomp.h>
 15#include <linux/unistd.h>
 16#include <stdio.h>
 17#include <string.h>
 18#include <sys/prctl.h>
 19#include <unistd.h>
 20
 21#include "bpf-helper.h"
 22
 23#ifndef PR_SET_NO_NEW_PRIVS
 24#define PR_SET_NO_NEW_PRIVS 38
 25#endif
 26
 27int main(int argc, char **argv)
 28{
 29	struct bpf_labels l = {
 30		.count = 0,
 31	};
 32	static const char msg1[] = "Please type something: ";
 33	static const char msg2[] = "You typed: ";
 34	char buf[256];
 35	struct sock_filter filter[] = {
 36		/* TODO: LOAD_SYSCALL_NR(arch) and enforce an arch */
 37		LOAD_SYSCALL_NR,
 38		SYSCALL(__NR_exit, ALLOW),
 39		SYSCALL(__NR_exit_group, ALLOW),
 40		SYSCALL(__NR_write, JUMP(&l, write_fd)),
 41		SYSCALL(__NR_read, JUMP(&l, read)),
 42		DENY,  /* Don't passthrough into a label */
 43
 44		LABEL(&l, read),
 45		ARG(0),
 46		JNE(STDIN_FILENO, DENY),
 47		ARG(1),
 48		JNE((unsigned long)buf, DENY),
 49		ARG(2),
 50		JGE(sizeof(buf), DENY),
 51		ALLOW,
 52
 53		LABEL(&l, write_fd),
 54		ARG(0),
 55		JEQ(STDOUT_FILENO, JUMP(&l, write_buf)),
 56		JEQ(STDERR_FILENO, JUMP(&l, write_buf)),
 57		DENY,
 58
 59		LABEL(&l, write_buf),
 60		ARG(1),
 61		JEQ((unsigned long)msg1, JUMP(&l, msg1_len)),
 62		JEQ((unsigned long)msg2, JUMP(&l, msg2_len)),
 63		JEQ((unsigned long)buf, JUMP(&l, buf_len)),
 64		DENY,
 65
 66		LABEL(&l, msg1_len),
 67		ARG(2),
 68		JLT(sizeof(msg1), ALLOW),
 69		DENY,
 70
 71		LABEL(&l, msg2_len),
 72		ARG(2),
 73		JLT(sizeof(msg2), ALLOW),
 74		DENY,
 75
 76		LABEL(&l, buf_len),
 77		ARG(2),
 78		JLT(sizeof(buf), ALLOW),
 79		DENY,
 80	};
 81	struct sock_fprog prog = {
 82		.filter = filter,
 83		.len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),
 84	};
 85	ssize_t bytes;
 86	bpf_resolve_jumps(&l, filter, sizeof(filter)/sizeof(*filter));
 87
 88	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
 89		perror("prctl(NO_NEW_PRIVS)");
 90		return 1;
 91	}
 92
 93	if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) {
 94		perror("prctl(SECCOMP)");
 95		return 1;
 96	}
 97	syscall(__NR_write, STDOUT_FILENO, msg1, strlen(msg1));
 98	bytes = syscall(__NR_read, STDIN_FILENO, buf, sizeof(buf)-1);
 99	bytes = (bytes > 0 ? bytes : 0);
100	syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2));
101	syscall(__NR_write, STDERR_FILENO, buf, bytes);
102	/* Now get killed */
103	syscall(__NR_write, STDERR_FILENO, msg2, strlen(msg2)+2);
104	return 0;
105}