bdf2sfd

BDF to SFD converter, allowing to vectorize bitmap fonts
Log | Files | Refs | README | LICENSE

seccomp.h (2014B)

      1 /*
      2  * bdf2sfd 1.1.5
      3  * Copyright (c) 2019-2020, Frederic Cambus
      4  * https://github.com/fcambus/bdf2sfd
      5  *
      6  * Created:      2019-11-21
      7  * Last Updated: 2020-09-17
      8  *
      9  * bdf2sfd is released under the BSD 2-Clause license
     10  * See LICENSE file for details
     11  */
     12 
     13 #ifndef SECCOMP_H
     14 #define SECCOMP_H
     15 
     16 #include <stddef.h>
     17 #include <sys/prctl.h>
     18 #include <sys/socket.h>
     19 #include <sys/syscall.h>
     20 #include <linux/audit.h>
     21 #include <linux/filter.h>
     22 #include <linux/seccomp.h>
     23 
     24 #if defined(__i386__)
     25 #define SECCOMP_AUDIT_ARCH AUDIT_ARCH_I386
     26 #elif defined(__x86_64__)
     27 #define SECCOMP_AUDIT_ARCH AUDIT_ARCH_X86_64
     28 #elif defined(__arm__)
     29 #define SECCOMP_AUDIT_ARCH AUDIT_ARCH_ARM
     30 #elif defined(__aarch64__)
     31 #define SECCOMP_AUDIT_ARCH AUDIT_ARCH_AARCH64
     32 #else
     33 #error "Seccomp is only supported on i386, x86_64, arm, and aarch64 architectures."
     34 #endif
     35 
     36 #define BDF2SFD_SYSCALL_ALLOW(syscall) \
     37 	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_##syscall, 0, 1), \
     38 	BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
     39 
     40 static struct sock_filter filter[] = {
     41 	/* Validate architecture */
     42 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct seccomp_data, arch)),
     43 	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SECCOMP_AUDIT_ARCH, 1, 0),
     44 	BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL),
     45 
     46 	/* Load syscall */
     47 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct seccomp_data, nr)),
     48 
     49 	BDF2SFD_SYSCALL_ALLOW(brk),
     50 	BDF2SFD_SYSCALL_ALLOW(clock_gettime),	/* i386 glibc */
     51 	BDF2SFD_SYSCALL_ALLOW(close),
     52 	BDF2SFD_SYSCALL_ALLOW(exit_group),
     53 	BDF2SFD_SYSCALL_ALLOW(fstat),
     54 #if defined(__NR_fstat64)
     55 	BDF2SFD_SYSCALL_ALLOW(fstat64),		/* i386 glibc */
     56 #endif
     57 	BDF2SFD_SYSCALL_ALLOW(gettimeofday),	/* i386 glibc */
     58 	BDF2SFD_SYSCALL_ALLOW(ioctl),
     59 #if defined(__NR_open)
     60 	BDF2SFD_SYSCALL_ALLOW(open),
     61 #endif
     62 	BDF2SFD_SYSCALL_ALLOW(openat),
     63 	BDF2SFD_SYSCALL_ALLOW(read),
     64 	BDF2SFD_SYSCALL_ALLOW(write),
     65 	BDF2SFD_SYSCALL_ALLOW(writev),
     66 
     67 	BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)
     68 };
     69 
     70 struct sock_fprog bdf2sfd = {
     71 	.len = sizeof(filter)/sizeof(filter[0]),
     72 	.filter = filter
     73 };
     74 
     75 #endif /* SECCOMP_H */