Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / minijail / 4c07d39cb6fc4c721e200dbfc786f660a6a469ac / . / syscall_filter.h
blob: 019f3f09485a404dfb1ec75a86995304f0b3d215 [file] [log] [blame]
Jorge Lucangeli Obesfc8ab532012-03-20 10:14:31 -0700[diff] [blame]1/* syscall_filter.h
2 * Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
3 * Use of this source code is governed by a BSD-style license that can be
4 * found in the LICENSE file.
5 *
6 * Syscall filter functions.
7 */
8
9#ifndef SYSCALL_FILTER_H
10#define SYSCALL_FILTER_H
11
12#include "bpf.h"
13
Jorge Lucangeli Obesa67bd6a2016-08-19 15:33:48 -0400[diff] [blame]14#ifdef __cplusplus
15extern "C" {
16#endif
17
Jorge Lucangeli Obesfc8ab532012-03-20 10:14:31 -0700[diff] [blame]18struct filter_block {
19 struct sock_filter *instrs;
20 size_t len;
21
22 struct filter_block *next;
23 struct filter_block *last;
24 size_t total_len;
25};
26
Luis Hector Chavez7624e712017-08-28 19:30:59 -0700[diff] [blame]27struct parser_state {
28 const char *filename;
29 size_t line_number;
30};
31
Jorge Lucangeli Obese1a86892019-06-10 16:17:03 -0400[diff] [blame]32enum block_action { ACTION_RET_KILL = 0, ACTION_RET_TRAP, ACTION_RET_LOG };
33
34struct filter_options {
35 enum block_action action;
36 int allow_logging;
37 int allow_syscalls_for_logging;
38};
39
Jorge Lucangeli Obes524c0402012-01-17 11:30:23 -0800[diff] [blame]40struct bpf_labels;
41
Luis Hector Chavez7624e712017-08-28 19:30:59 -0700[diff] [blame]42struct filter_block *compile_policy_line(struct parser_state *state, int nr,
43 const char *policy_line,
Jorge Lucangeli Obes45932a52017-03-15 17:02:58 -0400[diff] [blame]44 unsigned int label_id,
45 struct bpf_labels *labels,
Jorge Lucangeli Obese1a86892019-06-10 16:17:03 -0400[diff] [blame]46 enum block_action action);
47
Luis Hector Chavez7624e712017-08-28 19:30:59 -0700[diff] [blame]48int compile_file(const char *filename, FILE *policy_file,
49 struct filter_block *head, struct filter_block **arg_blocks,
Jorge Lucangeli Obese1a86892019-06-10 16:17:03 -0400[diff] [blame]50 struct bpf_labels *labels,
51 const struct filter_options *filteropts,
Jorge Lucangeli Obesbce4ccb2017-03-20 13:38:43 -0400[diff] [blame]52 unsigned int include_level);
Jorge Lucangeli Obese1a86892019-06-10 16:17:03 -0400[diff] [blame]53
Luis Hector Chavez7624e712017-08-28 19:30:59 -0700[diff] [blame]54int compile_filter(const char *filename, FILE *policy_file,
Jorge Lucangeli Obese1a86892019-06-10 16:17:03 -0400[diff] [blame]55 struct sock_fprog *prog,
56 const struct filter_options *filteropts);
Jorge Lucangeli Obesd4467262012-03-23 16:19:59 -0700[diff] [blame]57
Jorge Lucangeli Obes45932a52017-03-15 17:02:58 -0400[diff] [blame]58struct filter_block *new_filter_block(void);
Jorge Lucangeli Obesd4467262012-03-23 16:19:59 -0700[diff] [blame]59int flatten_block_list(struct filter_block *head, struct sock_filter *filter,
Jorge Lucangeli Obes565e9782016-08-05 11:03:19 -0400[diff] [blame]60 size_t index, size_t cap);
Jorge Lucangeli Obesfc8ab532012-03-20 10:14:31 -0700[diff] [blame]61void free_block_list(struct filter_block *head);
62
Jorge Lucangeli Obes45932a52017-03-15 17:02:58 -0400[diff] [blame]63int seccomp_can_softfail(void);
Jorge Lucangeli Obes7b2e29c2016-08-04 12:21:03 -0400[diff] [blame]64
Jorge Lucangeli Obesa67bd6a2016-08-19 15:33:48 -0400[diff] [blame]65#ifdef __cplusplus
66}; /* extern "C" */
67#endif
68
Jorge Lucangeli Obesfc8ab532012-03-20 10:14:31 -0700[diff] [blame]69#endif /* SYSCALL_FILTER_H */