commit fc8ab53c3ee4697b907a35ac54f26fb9477f6e7c
author Jorge Lucangeli Obes <jorgelo@chromium.org> Tue Mar 20 10:14:31 2012 -0700
committer Gerrit <chrome-bot@google.com> Wed Apr 25 23:20:48 2012 -0700
tree c8ef6d31859a8ea76cfb007c3620425bbccf5cac
parent 9807d034da0258d58eed33156c04187f58fd0ce5

Add syscall filter BPF program generator.

BUG=chromium-os:25429
BUG=chromium-os:27878
TEST=syscall_filter_unittest

Change-Id: I3a4334a3c568178e19b18e7f3ed97517b03afd1b
Reviewed-on: https://gerrit.chromium.org/gerrit/18914
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>

syscall_filter.h

diff --git a/syscall_filter.h b/syscall_filter.h
new file mode 100644
index 0000000..d829464
--- /dev/null
+++ b/syscall_filter.h
@@ -0,0 +1,29 @@
+/* syscall_filter.h
+ * Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Syscall filter functions.
+ */
+
+#ifndef SYSCALL_FILTER_H
+#define SYSCALL_FILTER_H
+
+#include "bpf.h"
+
+#define MAX_POLICY_LINE_LEN 1024
+
+struct filter_block {
+	struct sock_filter *instrs;
+	size_t len;
+
+	struct filter_block *next;
+	struct filter_block *last;
+	size_t total_len;
+};
+
+struct filter_block *compile_section(int syscall_nr, const char *policy_line,
+		unsigned int label_id, struct bpf_labels *labels);
+void free_block_list(struct filter_block *head);
+
+#endif /* SYSCALL_FILTER_H */