Home | History | Annotate | Download | only in seccomp-bpf 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__
      6 #define SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__
      7 
      8 // The Seccomp2 kernel ABI is not part of older versions of glibc.
      9 // As we can't break compilation with these versions of the library,
     10 // we explicitly define all missing symbols.
     11 // If we ever decide that we can now rely on system headers, the following
     12 // include files should be enabled:
     13 // #include <linux/audit.h>
     14 // #include <linux/seccomp.h>
     15 
     16 #include <asm/unistd.h>
     17 #include <linux/filter.h>
     18 
     19 #include <sys/cdefs.h>
     20 // Old Bionic versions do not have sys/user.h.  The if can be removed once we no
     21 // longer need to support these old Bionic versions.
     22 // All x86_64 builds use a new enough bionic to have sys/user.h.
     23 #if !defined(__BIONIC__) || defined(__x86_64__)
     24 #include <sys/user.h>
     25 #endif
     26 
     27 // For audit.h
     28 #ifndef EM_ARM
     29 #define EM_ARM    40
     30 #endif
     31 #ifndef EM_386
     32 #define EM_386    3
     33 #endif
     34 #ifndef EM_X86_64
     35 #define EM_X86_64 62
     36 #endif
     37 
     38 #ifndef __AUDIT_ARCH_64BIT
     39 #define __AUDIT_ARCH_64BIT 0x80000000
     40 #endif
     41 #ifndef __AUDIT_ARCH_LE
     42 #define __AUDIT_ARCH_LE    0x40000000
     43 #endif
     44 #ifndef AUDIT_ARCH_ARM
     45 #define AUDIT_ARCH_ARM    (EM_ARM|__AUDIT_ARCH_LE)
     46 #endif
     47 #ifndef AUDIT_ARCH_I386
     48 #define AUDIT_ARCH_I386   (EM_386|__AUDIT_ARCH_LE)
     49 #endif
     50 #ifndef AUDIT_ARCH_X86_64
     51 #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
     52 #endif
     53 
     54 // For prctl.h
     55 #ifndef PR_SET_SECCOMP
     56 #define PR_SET_SECCOMP               22
     57 #define PR_GET_SECCOMP               21
     58 #endif
     59 #ifndef PR_SET_NO_NEW_PRIVS
     60 #define PR_SET_NO_NEW_PRIVS          38
     61 #define PR_GET_NO_NEW_PRIVS          39
     62 #endif
     63 #ifndef IPC_64
     64 #define IPC_64                   0x0100
     65 #endif
     66 
     67 #ifndef BPF_MOD
     68 #define BPF_MOD                    0x90
     69 #endif
     70 #ifndef BPF_XOR
     71 #define BPF_XOR                    0xA0
     72 #endif
     73 
     74 // In order to build will older tool chains, we currently have to avoid
     75 // including <linux/seccomp.h>. Until that can be fixed (if ever). Rely on
     76 // our own definitions of the seccomp kernel ABI.
     77 #ifndef SECCOMP_MODE_FILTER
     78 #define SECCOMP_MODE_DISABLED         0
     79 #define SECCOMP_MODE_STRICT           1
     80 #define SECCOMP_MODE_FILTER           2  // User user-supplied filter
     81 #endif
     82 
     83 #ifndef SECCOMP_RET_KILL
     84 // Return values supported for BPF filter programs. Please note that the
     85 // "illegal" SECCOMP_RET_INVALID is not supported by the kernel, should only
     86 // ever be used internally, and would result in the kernel killing our process.
     87 #define SECCOMP_RET_KILL    0x00000000U  // Kill the task immediately
     88 #define SECCOMP_RET_INVALID 0x00010000U  // Illegal return value
     89 #define SECCOMP_RET_TRAP    0x00030000U  // Disallow and force a SIGSYS
     90 #define SECCOMP_RET_ERRNO   0x00050000U  // Returns an errno
     91 #define SECCOMP_RET_TRACE   0x7ff00000U  // Pass to a tracer or disallow
     92 #define SECCOMP_RET_ALLOW   0x7fff0000U  // Allow
     93 #define SECCOMP_RET_ACTION  0xffff0000U  // Masks for the return value
     94 #define SECCOMP_RET_DATA    0x0000ffffU  //   sections
     95 #else
     96 #define SECCOMP_RET_INVALID 0x00010000U  // Illegal return value
     97 #endif
     98 
     99 #ifndef SYS_SECCOMP
    100 #define SYS_SECCOMP                   1
    101 #endif
    102 
    103 // Impose some reasonable maximum BPF program size. Realistically, the
    104 // kernel probably has much lower limits. But by limiting to less than
    105 // 30 bits, we can ease requirements on some of our data types.
    106 #define SECCOMP_MAX_PROGRAM_SIZE (1<<30)
    107 
    108 #if defined(__i386__)
    109 #define MIN_SYSCALL         0u
    110 #define MAX_PUBLIC_SYSCALL  1024u
    111 #define MAX_SYSCALL         MAX_PUBLIC_SYSCALL
    112 #define SECCOMP_ARCH        AUDIT_ARCH_I386
    113 
    114 #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[(_reg)])
    115 #define SECCOMP_RESULT(_ctx)    SECCOMP_REG(_ctx, REG_EAX)
    116 #define SECCOMP_SYSCALL(_ctx)   SECCOMP_REG(_ctx, REG_EAX)
    117 #define SECCOMP_IP(_ctx)        SECCOMP_REG(_ctx, REG_EIP)
    118 #define SECCOMP_PARM1(_ctx)     SECCOMP_REG(_ctx, REG_EBX)
    119 #define SECCOMP_PARM2(_ctx)     SECCOMP_REG(_ctx, REG_ECX)
    120 #define SECCOMP_PARM3(_ctx)     SECCOMP_REG(_ctx, REG_EDX)
    121 #define SECCOMP_PARM4(_ctx)     SECCOMP_REG(_ctx, REG_ESI)
    122 #define SECCOMP_PARM5(_ctx)     SECCOMP_REG(_ctx, REG_EDI)
    123 #define SECCOMP_PARM6(_ctx)     SECCOMP_REG(_ctx, REG_EBP)
    124 #define SECCOMP_NR_IDX          (offsetof(struct arch_seccomp_data, nr))
    125 #define SECCOMP_ARCH_IDX        (offsetof(struct arch_seccomp_data, arch))
    126 #define SECCOMP_IP_MSB_IDX      (offsetof(struct arch_seccomp_data,           \
    127                                           instruction_pointer) + 4)
    128 #define SECCOMP_IP_LSB_IDX      (offsetof(struct arch_seccomp_data,           \
    129                                           instruction_pointer) + 0)
    130 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) +   \
    131                                  8*(nr) + 4)
    132 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) +   \
    133                                  8*(nr) + 0)
    134 
    135 
    136 #if defined(__BIONIC__)
    137 // Old Bionic versions don't have sys/user.h, so we just define regs_struct
    138 // directly.  This can be removed once we no longer need to support these old
    139 // Bionic versions.
    140 struct regs_struct {
    141   long int ebx;
    142   long int ecx;
    143   long int edx;
    144   long int esi;
    145   long int edi;
    146   long int ebp;
    147   long int eax;
    148   long int xds;
    149   long int xes;
    150   long int xfs;
    151   long int xgs;
    152   long int orig_eax;
    153   long int eip;
    154   long int xcs;
    155   long int eflags;
    156   long int esp;
    157   long int xss;
    158 };
    159 #else
    160 typedef user_regs_struct regs_struct;
    161 #endif
    162 
    163 #define SECCOMP_PT_RESULT(_regs)  (_regs).eax
    164 #define SECCOMP_PT_SYSCALL(_regs) (_regs).orig_eax
    165 #define SECCOMP_PT_IP(_regs)      (_regs).eip
    166 #define SECCOMP_PT_PARM1(_regs)   (_regs).ebx
    167 #define SECCOMP_PT_PARM2(_regs)   (_regs).ecx
    168 #define SECCOMP_PT_PARM3(_regs)   (_regs).edx
    169 #define SECCOMP_PT_PARM4(_regs)   (_regs).esi
    170 #define SECCOMP_PT_PARM5(_regs)   (_regs).edi
    171 #define SECCOMP_PT_PARM6(_regs)   (_regs).ebp
    172 
    173 #elif defined(__x86_64__)
    174 #define MIN_SYSCALL         0u
    175 #define MAX_PUBLIC_SYSCALL  1024u
    176 #define MAX_SYSCALL         MAX_PUBLIC_SYSCALL
    177 #define SECCOMP_ARCH        AUDIT_ARCH_X86_64
    178 
    179 #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.gregs[(_reg)])
    180 #define SECCOMP_RESULT(_ctx)    SECCOMP_REG(_ctx, REG_RAX)
    181 #define SECCOMP_SYSCALL(_ctx)   SECCOMP_REG(_ctx, REG_RAX)
    182 #define SECCOMP_IP(_ctx)        SECCOMP_REG(_ctx, REG_RIP)
    183 #define SECCOMP_PARM1(_ctx)     SECCOMP_REG(_ctx, REG_RDI)
    184 #define SECCOMP_PARM2(_ctx)     SECCOMP_REG(_ctx, REG_RSI)
    185 #define SECCOMP_PARM3(_ctx)     SECCOMP_REG(_ctx, REG_RDX)
    186 #define SECCOMP_PARM4(_ctx)     SECCOMP_REG(_ctx, REG_R10)
    187 #define SECCOMP_PARM5(_ctx)     SECCOMP_REG(_ctx, REG_R8)
    188 #define SECCOMP_PARM6(_ctx)     SECCOMP_REG(_ctx, REG_R9)
    189 #define SECCOMP_NR_IDX          (offsetof(struct arch_seccomp_data, nr))
    190 #define SECCOMP_ARCH_IDX        (offsetof(struct arch_seccomp_data, arch))
    191 #define SECCOMP_IP_MSB_IDX      (offsetof(struct arch_seccomp_data,           \
    192                                           instruction_pointer) + 4)
    193 #define SECCOMP_IP_LSB_IDX      (offsetof(struct arch_seccomp_data,           \
    194                                           instruction_pointer) + 0)
    195 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) +   \
    196                                  8*(nr) + 4)
    197 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) +   \
    198                                  8*(nr) + 0)
    199 
    200 typedef user_regs_struct regs_struct;
    201 #define SECCOMP_PT_RESULT(_regs)  (_regs).rax
    202 #define SECCOMP_PT_SYSCALL(_regs) (_regs).orig_rax
    203 #define SECCOMP_PT_IP(_regs)      (_regs).rip
    204 #define SECCOMP_PT_PARM1(_regs)   (_regs).rdi
    205 #define SECCOMP_PT_PARM2(_regs)   (_regs).rsi
    206 #define SECCOMP_PT_PARM3(_regs)   (_regs).rdx
    207 #define SECCOMP_PT_PARM4(_regs)   (_regs).r10
    208 #define SECCOMP_PT_PARM5(_regs)   (_regs).r8
    209 #define SECCOMP_PT_PARM6(_regs)   (_regs).r9
    210 
    211 #elif defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__))
    212 // ARM EABI includes "ARM private" system calls starting at |__ARM_NR_BASE|,
    213 // and a "ghost syscall private to the kernel", cmpxchg,
    214 // at |__ARM_NR_BASE+0x00fff0|.
    215 // See </arch/arm/include/asm/unistd.h> in the Linux kernel.
    216 #define MIN_SYSCALL         ((unsigned int)__NR_SYSCALL_BASE)
    217 #define MAX_PUBLIC_SYSCALL  (MIN_SYSCALL + 1024u)
    218 #define MIN_PRIVATE_SYSCALL ((unsigned int)__ARM_NR_BASE)
    219 #define MAX_PRIVATE_SYSCALL (MIN_PRIVATE_SYSCALL + 16u)
    220 #define MIN_GHOST_SYSCALL   ((unsigned int)__ARM_NR_BASE + 0xfff0u)
    221 #define MAX_SYSCALL         (MIN_GHOST_SYSCALL + 4u)
    222 
    223 #define SECCOMP_ARCH AUDIT_ARCH_ARM
    224 
    225 // ARM sigcontext_t is different from i386/x86_64.
    226 // See </arch/arm/include/asm/sigcontext.h> in the Linux kernel.
    227 #define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.arm_##_reg)
    228 // ARM EABI syscall convention.
    229 #define SECCOMP_RESULT(_ctx)    SECCOMP_REG(_ctx, r0)
    230 #define SECCOMP_SYSCALL(_ctx)   SECCOMP_REG(_ctx, r7)
    231 #define SECCOMP_IP(_ctx)        SECCOMP_REG(_ctx, pc)
    232 #define SECCOMP_PARM1(_ctx)     SECCOMP_REG(_ctx, r0)
    233 #define SECCOMP_PARM2(_ctx)     SECCOMP_REG(_ctx, r1)
    234 #define SECCOMP_PARM3(_ctx)     SECCOMP_REG(_ctx, r2)
    235 #define SECCOMP_PARM4(_ctx)     SECCOMP_REG(_ctx, r3)
    236 #define SECCOMP_PARM5(_ctx)     SECCOMP_REG(_ctx, r4)
    237 #define SECCOMP_PARM6(_ctx)     SECCOMP_REG(_ctx, r5)
    238 #define SECCOMP_NR_IDX          (offsetof(struct arch_seccomp_data, nr))
    239 #define SECCOMP_ARCH_IDX        (offsetof(struct arch_seccomp_data, arch))
    240 #define SECCOMP_IP_MSB_IDX      (offsetof(struct arch_seccomp_data,           \
    241                                           instruction_pointer) + 4)
    242 #define SECCOMP_IP_LSB_IDX      (offsetof(struct arch_seccomp_data,           \
    243                                           instruction_pointer) + 0)
    244 #define SECCOMP_ARG_MSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) +   \
    245                                  8*(nr) + 4)
    246 #define SECCOMP_ARG_LSB_IDX(nr) (offsetof(struct arch_seccomp_data, args) +   \
    247                                  8*(nr) + 0)
    248 
    249 #if defined(__BIONIC__)
    250 // Old Bionic versions don't have sys/user.h, so we just define regs_struct
    251 // directly.  This can be removed once we no longer need to support these old
    252 // Bionic versions.
    253 struct regs_struct {
    254   unsigned long uregs[18];
    255 };
    256 #else
    257 typedef user_regs regs_struct;
    258 #endif
    259 
    260 #define REG_cpsr    uregs[16]
    261 #define REG_pc      uregs[15]
    262 #define REG_lr      uregs[14]
    263 #define REG_sp      uregs[13]
    264 #define REG_ip      uregs[12]
    265 #define REG_fp      uregs[11]
    266 #define REG_r10     uregs[10]
    267 #define REG_r9      uregs[9]
    268 #define REG_r8      uregs[8]
    269 #define REG_r7      uregs[7]
    270 #define REG_r6      uregs[6]
    271 #define REG_r5      uregs[5]
    272 #define REG_r4      uregs[4]
    273 #define REG_r3      uregs[3]
    274 #define REG_r2      uregs[2]
    275 #define REG_r1      uregs[1]
    276 #define REG_r0      uregs[0]
    277 #define REG_ORIG_r0 uregs[17]
    278 
    279 #define SECCOMP_PT_RESULT(_regs)  (_regs).REG_r0
    280 #define SECCOMP_PT_SYSCALL(_regs) (_regs).REG_r7
    281 #define SECCOMP_PT_IP(_regs)      (_regs).REG_pc
    282 #define SECCOMP_PT_PARM1(_regs)   (_regs).REG_r0
    283 #define SECCOMP_PT_PARM2(_regs)   (_regs).REG_r1
    284 #define SECCOMP_PT_PARM3(_regs)   (_regs).REG_r2
    285 #define SECCOMP_PT_PARM4(_regs)   (_regs).REG_r3
    286 #define SECCOMP_PT_PARM5(_regs)   (_regs).REG_r4
    287 #define SECCOMP_PT_PARM6(_regs)   (_regs).REG_r5
    288 
    289 #else
    290 #error Unsupported target platform
    291 
    292 #endif
    293 
    294 #endif  // SANDBOX_LINUX_SECCOMP_BPF_LINUX_SECCOMP_H__
    295