// debug filter
void filter_debug(void) {
// start filter
struct sock_filter filter[] = {
VALIDATE_ARCHITECTURE,
EXAMINE_SYSCALL
};
// print sizes
printf("SECCOMP Filter:\n");
if (sfilter == NULL) {
printf("SECCOMP filter not allocated\n");
return;
}
if (sfilter_index < 4)
return;
// test the start of the filter
if (memcmp(sfilter, filter, sizeof(filter)) == 0) {
printf(" VALIDATE_ARCHITECTURE\n");
printf(" EXAMINE_SYSCAL\n");
}
// loop trough blacklists
int i = 4;
while (i < sfilter_index) {
// minimal parsing!
unsigned char *ptr = (unsigned char *) &sfilter[i];
int *nr = (int *) (ptr + 4);
if (*ptr == 0x15 && *(ptr +14) == 0xff && *(ptr + 15) == 0x7f ) {
printf(" WHITELIST %d %s\n", *nr, syscall_find_nr(*nr));
i += 2;
}
else if (*ptr == 0x15 && *(ptr +14) == 0 && *(ptr + 15) == 0) {
printf(" BLACKLIST %d %s\n", *nr, syscall_find_nr(*nr));
i += 2;
}
else if (*ptr == 0x15 && *(ptr +14) == 0x5 && *(ptr + 15) == 0) {
int err = *(ptr + 13) << 8 | *(ptr + 12);
printf(" ERRNO %d %s %d %s\n", *nr, syscall_find_nr(*nr), err, errno_find_nr(err));
i += 2;
}
else if (*ptr == 0x06 && *(ptr +6) == 0 && *(ptr + 7) == 0 ) {
printf(" KILL_PROCESS\n");
i++;
}
else if (*ptr == 0x06 && *(ptr +6) == 0xff && *(ptr + 7) == 0x7f ) {
printf(" RETURN_ALLOW\n");
i++;
}
else {
printf(" UNKNOWN ENTRY!!!\n");
i++;
}
}
}
static void filter_add_blacklist(int syscall) {
assert(sfilter);
assert(sfilter_alloc_size);
assert(sfilter_index);
if (arg_debug)
printf("Blacklisting syscall %d %s\n", syscall, syscall_find_nr(syscall));
if ((sfilter_index + 2) > sfilter_alloc_size)
filter_realloc();
struct sock_filter filter[] = {
BLACKLIST(syscall)
};
#if 0
{
int i;
unsigned char *ptr = (unsigned char *) &filter[0];
for (i = 0; i < sizeof(filter); i++, ptr++)
printf("%x, ", (*ptr) & 0xff);
printf("\n");
}
#endif
memcpy(&sfilter[sfilter_index], filter, sizeof(filter));
sfilter_index += sizeof(filter) / sizeof(struct sock_filter);
}
