1 /* 2 * Check verbose decoding of seccomp SECCOMP_SET_MODE_FILTER. 3 * 4 * Copyright (c) 2015-2016 Dmitry V. Levin <ldv (at) altlinux.org> 5 * Copyright (c) 2016-2018 The strace developers. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of the author may not be used to endorse or promote products 17 * derived from this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include "tests.h" 32 33 #include <errno.h> 34 #include <stddef.h> 35 #include <stdio.h> 36 #include <asm/unistd.h> 37 #include <unistd.h> 38 39 #ifdef HAVE_PRCTL 40 # include <sys/prctl.h> 41 #endif 42 #ifdef HAVE_LINUX_SECCOMP_H 43 # include <linux/seccomp.h> 44 #endif 45 #include <linux/filter.h> 46 47 #if defined __NR_seccomp \ 48 && defined PR_SET_NO_NEW_PRIVS \ 49 && defined SECCOMP_SET_MODE_FILTER \ 50 && defined SECCOMP_RET_ERRNO \ 51 && defined BPF_JUMP \ 52 && defined BPF_STMT 53 54 #define SOCK_FILTER_ALLOW_SYSCALL(nr) \ 55 BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, __NR_ ## nr, 0, 1), \ 56 BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW) 57 58 #define SOCK_FILTER_DENY_SYSCALL(nr, err) \ 59 BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, __NR_ ## nr, 0, 1), \ 60 BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO|(SECCOMP_RET_DATA & (err))) 61 62 #define SOCK_FILTER_KILL_PROCESS \ 63 BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_KILL) 64 65 #define PRINT_ALLOW_SYSCALL(nr) \ 66 tprintf("BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, %#x, 0, 0x1), " \ 67 "BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), ", \ 68 __NR_ ## nr) 69 70 #define PRINT_DENY_SYSCALL(nr, err) \ 71 tprintf("BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, %#x, 0, 0x1), " \ 72 "BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO|%#x), ", \ 73 __NR_ ## nr, err) 74 75 static const struct sock_filter filter_c[] = { 76 /* load syscall number */ 77 BPF_STMT(BPF_LD|BPF_W|BPF_ABS, offsetof(struct seccomp_data, nr)), 78 79 /* allow syscalls */ 80 SOCK_FILTER_ALLOW_SYSCALL(close), 81 SOCK_FILTER_ALLOW_SYSCALL(exit), 82 SOCK_FILTER_ALLOW_SYSCALL(exit_group), 83 84 /* deny syscalls */ 85 SOCK_FILTER_DENY_SYSCALL(sync, EBUSY), 86 SOCK_FILTER_DENY_SYSCALL(setsid, EPERM), 87 88 /* kill process */ 89 SOCK_FILTER_KILL_PROCESS 90 }; 91 92 int 93 main(void) 94 { 95 tprintf("%s", ""); 96 97 static const char kill_stmt_txt[] = 98 "BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_KILL_THREAD)"; 99 struct sock_filter *const filter = 100 tail_memdup(filter_c, sizeof(filter_c)); 101 struct sock_filter *const big_filter = 102 tail_alloc(sizeof(*big_filter) * (BPF_MAXINSNS + 1)); 103 TAIL_ALLOC_OBJECT_CONST_PTR(struct sock_fprog, prog); 104 105 int fds[2]; 106 if (pipe(fds)) 107 perror_msg_and_fail("pipe"); 108 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) 109 perror_msg_and_skip("PR_SET_NO_NEW_PRIVS"); 110 111 prog->filter = filter + ARRAY_SIZE(filter_c); 112 prog->len = 1; 113 syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER, 0, prog); 114 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=1, filter=%p})" 115 " = -1 EFAULT (%m)\n", prog->filter); 116 117 prog->filter = filter + ARRAY_SIZE(filter_c) - 1; 118 prog->len = 3; 119 syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER, 0, prog); 120 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=%u" 121 ", filter=[%s, ... /* %p */]}) = -1 EFAULT (%m)\n", 122 prog->len, kill_stmt_txt, filter + ARRAY_SIZE(filter_c)); 123 124 prog->len = 0; 125 syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER, 0, prog); 126 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=0, filter=[]})" 127 " = -1 EINVAL (%m)\n"); 128 129 unsigned int i; 130 for (i = 0; i <= BPF_MAXINSNS; ++i) { 131 const struct sock_filter stmt = 132 BPF_STMT(BPF_CLASS(i), i << 16); 133 big_filter[i] = stmt; 134 } 135 136 prog->filter = big_filter; 137 prog->len = BPF_MAXINSNS + 1; 138 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, %s, {len=%u, filter=[", 139 "SECCOMP_FILTER_FLAG_TSYNC|SECCOMP_FILTER_FLAG_LOG|" 140 "SECCOMP_FILTER_FLAG_SPEC_ALLOW|0xfffffff8", 141 prog->len); 142 for (i = 0; i < BPF_MAXINSNS; ++i) { 143 if (i) 144 tprintf(", "); 145 switch (BPF_CLASS(i)) { 146 case BPF_LD: 147 tprintf("BPF_STMT(BPF_LD|BPF_W|BPF_IMM, %#x)", i << 16); 148 break; 149 case BPF_LDX: 150 tprintf("BPF_STMT(BPF_LDX|BPF_W|BPF_IMM, %#x)", i << 16); 151 break; 152 case BPF_ST: 153 tprintf("BPF_STMT(BPF_ST, %#x)", i << 16); 154 break; 155 case BPF_STX: 156 tprintf("BPF_STMT(BPF_STX, %#x)", i << 16); 157 break; 158 case BPF_ALU: 159 tprintf("BPF_STMT(BPF_ALU|BPF_K|BPF_ADD, %#x)", i << 16); 160 break; 161 case BPF_JMP: 162 tprintf("BPF_STMT(BPF_JMP|BPF_K|BPF_JA, %#x)", i << 16); 163 break; 164 case BPF_RET: 165 tprintf("BPF_STMT(BPF_RET|BPF_K, %#x" 166 " /* SECCOMP_RET_??? */)", i << 16); 167 break; 168 case BPF_MISC: 169 tprintf("BPF_STMT(BPF_MISC|BPF_TAX, %#x)", i << 16); 170 break; 171 } 172 } 173 tprintf(", ...]})"); 174 syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER, -1, prog); 175 tprintf(" = -1 EINVAL (%m)\n"); 176 177 prog->filter = filter; 178 prog->len = ARRAY_SIZE(filter_c); 179 180 tprintf("seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=%u, filter=[", 181 prog->len); 182 183 tprintf("BPF_STMT(BPF_LD|BPF_W|BPF_ABS, %#x), ", 184 (unsigned) offsetof(struct seccomp_data, nr)); 185 186 PRINT_ALLOW_SYSCALL(close); 187 PRINT_ALLOW_SYSCALL(exit); 188 PRINT_ALLOW_SYSCALL(exit_group); 189 190 PRINT_DENY_SYSCALL(sync, EBUSY), 191 PRINT_DENY_SYSCALL(setsid, EPERM), 192 193 tprintf("%s]}) = 0\n+++ exited with 0 +++\n", kill_stmt_txt); 194 195 if (syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER, 0, prog)) 196 perror_msg_and_skip("SECCOMP_SET_MODE_FILTER"); 197 198 if (close(0) || close(1)) 199 _exit(77); 200 201 _exit(0); 202 } 203 204 #else 205 206 SKIP_MAIN_UNDEFINED("__NR_seccomp && PR_SET_NO_NEW_PRIVS" 207 " && SECCOMP_SET_MODE_FILTER && SECCOMP_RET_ERRNO" 208 " && BPF_JUMP && BPF_STMT") 209 210 #endif 211