mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-01-31 03:27:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
cosmopolitan/libc/calls/seccomp.c
Justine Tunney bb06230f1e
Avoid linker conflicts on DescribeFoo symbols 
These symbols belong to the user. It caused a confusing error for Blink.
2024-08-24 18:10:22 -07:00

88 lines
3.9 KiB
C
Raw Blame History

/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
│ vi: set et ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Copyright 2022 Justine Alexandra Roberts Tunney │
│ │
│ Permission to use, copy, modify, and/or distribute this software for │
│ any purpose with or without fee is hereby granted, provided that the │
│ above copyright notice and this permission notice appear in all copies. │
│ │
│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │
│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │
│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │
│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │
│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │
│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │
│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │
│ PERFORMANCE OF THIS SOFTWARE. │
╚─────────────────────────────────────────────────────────────────────────────*/
#include "libc/calls/calls.h"
#include "libc/calls/struct/seccomp.internal.h"
#include "libc/calls/syscall-sysv.internal.h"
#include "libc/dce.h"
#include "libc/errno.h"
#include "libc/intrin/describeflags.h"
#include "libc/intrin/strace.h"
#include "libc/sysv/consts/pr.h"
#include "libc/sysv/errfuns.h"
/**
* Tunes Linux security policy.
*
* This system call was first introduced in Linux 3.17. We polyfill
* automatically features like SECCOMP_SET_MODE_STRICT, for kernels
* dating back to 2.6.23, whenever possible.
*
* @raise ENOSYS on non-Linux.
*/
int seccomp(unsigned operation, unsigned flags, void *args) {
int rc;
if (IsLinux()) {
#ifdef __x86_64__
asm volatile("syscall"
: "=a"(rc)
: "0"(317), "D"(operation), "S"(flags), "d"(args)
: "rcx", "r11", "memory");
if (rc == -ENOSYS) {
if (operation == SECCOMP_SET_MODE_STRICT) {
asm volatile("syscall"
: "=a"(rc)
: "0"(157), "D"(PR_SET_SECCOMP), "S"(SECCOMP_MODE_STRICT)
: "rcx", "r11", "memory");
} else if (operation == SECCOMP_SET_MODE_FILTER && !flags) {
asm volatile("syscall"
: "=a"(rc)
: "0"(157), "D"(PR_SET_SECCOMP), "S"(SECCOMP_MODE_FILTER),
"d"(args)
: "rcx", "r11", "memory");
}
}
if (rc > -4096u) {
errno = -rc;
rc = -1;
}
#elif defined(__aarch64__)
if (IsLinux()) {
register long r0 asm("x0") = (long)operation;
register long r1 asm("x1") = (long)flags;
register long r2 asm("x2") = (long)args;
register long res_x0 asm("x0");
asm volatile("mov\tx8,%1\n\t"
"svc\t0"
: "=r"(res_x0)
: "i"(211), "r"(r0), "r"(r1), "r"(r2)
: "x8", "memory");
rc = _sysret(res_x0);
} else {
rc = enosys();
}
#else
#error "arch unsupported"
#endif
} else {
rc = enosys();
}
STRACE("seccomp(%s, %#x, %p) → %d% m", _DescribeSeccompOperation(operation),
flags, args, rc);
return rc;
}
Reference in a new issue View git blame Copy permalink