Jorge Lucangeli Obes | fc8ab53 | 2012-03-20 10:14:31 -0700 | [diff] [blame] | 1 | /* syscall_filter.h |
| 2 | * Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| 3 | * Use of this source code is governed by a BSD-style license that can be |
| 4 | * found in the LICENSE file. |
| 5 | * |
| 6 | * Syscall filter functions. |
| 7 | */ |
| 8 | |
| 9 | #ifndef SYSCALL_FILTER_H |
| 10 | #define SYSCALL_FILTER_H |
| 11 | |
| 12 | #include "bpf.h" |
| 13 | |
Jorge Lucangeli Obes | a67bd6a | 2016-08-19 15:33:48 -0400 | [diff] [blame] | 14 | #ifdef __cplusplus |
| 15 | extern "C" { |
| 16 | #endif |
| 17 | |
Jorge Lucangeli Obes | fc8ab53 | 2012-03-20 10:14:31 -0700 | [diff] [blame] | 18 | struct filter_block { |
| 19 | struct sock_filter *instrs; |
| 20 | size_t len; |
| 21 | |
| 22 | struct filter_block *next; |
| 23 | struct filter_block *last; |
| 24 | size_t total_len; |
| 25 | }; |
| 26 | |
Luis Hector Chavez | 7624e71 | 2017-08-28 19:30:59 -0700 | [diff] [blame] | 27 | struct parser_state { |
| 28 | const char *filename; |
| 29 | size_t line_number; |
| 30 | }; |
| 31 | |
Jorge Lucangeli Obes | 524c040 | 2012-01-17 11:30:23 -0800 | [diff] [blame] | 32 | struct bpf_labels; |
| 33 | |
Luis Hector Chavez | 7624e71 | 2017-08-28 19:30:59 -0700 | [diff] [blame] | 34 | struct filter_block *compile_policy_line(struct parser_state *state, int nr, |
| 35 | const char *policy_line, |
Jorge Lucangeli Obes | 45932a5 | 2017-03-15 17:02:58 -0400 | [diff] [blame] | 36 | unsigned int label_id, |
| 37 | struct bpf_labels *labels, |
| 38 | int do_ret_trap); |
Luis Hector Chavez | 7624e71 | 2017-08-28 19:30:59 -0700 | [diff] [blame] | 39 | int compile_file(const char *filename, FILE *policy_file, |
| 40 | struct filter_block *head, struct filter_block **arg_blocks, |
| 41 | struct bpf_labels *labels, int use_ret_trap, int allow_logging, |
Jorge Lucangeli Obes | bce4ccb | 2017-03-20 13:38:43 -0400 | [diff] [blame] | 42 | unsigned int include_level); |
Luis Hector Chavez | 7624e71 | 2017-08-28 19:30:59 -0700 | [diff] [blame] | 43 | int compile_filter(const char *filename, FILE *policy_file, |
| 44 | struct sock_fprog *prog, int do_ret_trap, |
Jorge Lucangeli Obes | 713f6fb | 2016-10-03 13:03:25 -0400 | [diff] [blame] | 45 | int add_logging_syscalls); |
Jorge Lucangeli Obes | d446726 | 2012-03-23 16:19:59 -0700 | [diff] [blame] | 46 | |
Jorge Lucangeli Obes | 45932a5 | 2017-03-15 17:02:58 -0400 | [diff] [blame] | 47 | struct filter_block *new_filter_block(void); |
Jorge Lucangeli Obes | d446726 | 2012-03-23 16:19:59 -0700 | [diff] [blame] | 48 | int flatten_block_list(struct filter_block *head, struct sock_filter *filter, |
Jorge Lucangeli Obes | 565e978 | 2016-08-05 11:03:19 -0400 | [diff] [blame] | 49 | size_t index, size_t cap); |
Jorge Lucangeli Obes | fc8ab53 | 2012-03-20 10:14:31 -0700 | [diff] [blame] | 50 | void free_block_list(struct filter_block *head); |
| 51 | |
Jorge Lucangeli Obes | 45932a5 | 2017-03-15 17:02:58 -0400 | [diff] [blame] | 52 | int seccomp_can_softfail(void); |
Jorge Lucangeli Obes | 7b2e29c | 2016-08-04 12:21:03 -0400 | [diff] [blame] | 53 | |
Jorge Lucangeli Obes | a67bd6a | 2016-08-19 15:33:48 -0400 | [diff] [blame] | 54 | #ifdef __cplusplus |
| 55 | }; /* extern "C" */ |
| 56 | #endif |
| 57 | |
Jorge Lucangeli Obes | fc8ab53 | 2012-03-20 10:14:31 -0700 | [diff] [blame] | 58 | #endif /* SYSCALL_FILTER_H */ |