src/shared/seccomp-util.c

57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering/***
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering  This file is part of systemd.
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering  Copyright 2014 Lennart Poettering
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering  systemd is free software; you can redistribute it and/or modify it
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering  under the terms of the GNU Lesser General Public License as published by
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering  the Free Software Foundation; either version 2.1 of the License, or
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering  (at your option) any later version.
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering  systemd is distributed in the hope that it will be useful, but
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering  WITHOUT ANY WARRANTY; without even the implied warranty of
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering  Lesser General Public License for more details.
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering  You should have received a copy of the GNU Lesser General Public License
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering  along with systemd; If not, see <http://www.gnu.org/licenses/>.
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering***/
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering
a8fbdf5424be099ba1b2b1ec261c02b8759d6b0cThomas Hindoe Paaboel Andersen#include <errno.h>
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering#include <seccomp.h>
a8fbdf5424be099ba1b2b1ec261c02b8759d6b0cThomas Hindoe Paaboel Andersen#include <stddef.h>
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering
a8fbdf5424be099ba1b2b1ec261c02b8759d6b0cThomas Hindoe Paaboel Andersen#include "macro.h"
cf0fbc49e67b55f8d346fc94de28c90113505297Thomas Hindoe Paaboel Andersen#include "seccomp-util.h"
07630cea1f3a845c09309f197ac7c4f11edd3b62Lennart Poettering#include "string-util.h"
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poetteringconst char* seccomp_arch_to_string(uint32_t c) {
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering        if (c == SCMP_ARCH_NATIVE)
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering                return "native";
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering        if (c == SCMP_ARCH_X86)
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering                return "x86";
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering        if (c == SCMP_ARCH_X86_64)
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering                return "x86-64";
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering        if (c == SCMP_ARCH_X32)
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering                return "x32";
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering        if (c == SCMP_ARCH_ARM)
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering                return "arm";
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering        return NULL;
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering}
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poetteringint seccomp_arch_from_string(const char *n, uint32_t *ret) {
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering        if (!n)
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering                return -EINVAL;
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering        assert(ret);
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering        if (streq(n, "native"))
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering                *ret = SCMP_ARCH_NATIVE;
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering        else if (streq(n, "x86"))
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering                *ret = SCMP_ARCH_X86;
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering        else if (streq(n, "x86-64"))
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering                *ret = SCMP_ARCH_X86_64;
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering        else if (streq(n, "x32"))
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering                *ret = SCMP_ARCH_X32;
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering        else if (streq(n, "arm"))
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering                *ret = SCMP_ARCH_ARM;
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering        else
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering                return -EINVAL;
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering        return 0;
57183d117a1d6a96d71ce99d648beb0d2b36228dLennart Poettering}
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poetteringint seccomp_add_secondary_archs(scmp_filter_ctx *c) {
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering#if defined(__i386__) || defined(__x86_64__)
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering        int r;
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering        /* Add in all possible secondary archs we are aware of that
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering         * this kernel might support. */
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering        r = seccomp_arch_add(c, SCMP_ARCH_X86);
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering        if (r < 0 && r != -EEXIST)
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering                return r;
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering        r = seccomp_arch_add(c, SCMP_ARCH_X86_64);
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering        if (r < 0 && r != -EEXIST)
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering                return r;
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering        r = seccomp_arch_add(c, SCMP_ARCH_X32);
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering        if (r < 0 && r != -EEXIST)
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering                return r;
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering#endif
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering        return 0;
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering
e9642be2cce7f5e90406980092a6f71f504a16afLennart Poettering}