1 files changed, 68 insertions, 0 deletions
diff --git a/samples/seccomp/dropper.c b/samples/seccomp/dropper.c
new file mode 100644
index 000000000000..c69c347c7011
--- /dev/null
+++ b/samples/seccomp/dropper.c
@@ -0,0 +1,68 @@
+/*
+ * Naive system call dropper built on seccomp_filter.
+ *
+ * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org>
+ * Author: Will Drewry <wad@chromium.org>
+ *
+ * The code may be used by anyone for any purpose,
+ * and can serve as a starting point for developing
+ * applications using prctl(PR_SET_SECCOMP, 2, ...).
+ *
+ * When run, returns the specified errno for the specified
+ * system call number against the given architecture.
+ *
+ * Run this one as root as PR_SET_NO_NEW_PRIVS is not called.
+ */
+#include <errno.h>
+#include <linux/audit.h>
+#include <linux/filter.h>
+#include <linux/seccomp.h>
+#include <linux/unistd.h>
+#include <stdio.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <sys/prctl.h>
+#include <unistd.h>
+static int install_filter(int nr, int arch, int error)
+{
+        struct sock_filter filter[] = {
+                BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
+                         (offsetof(struct seccomp_data, arch))),
+                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, arch, 0, 3),
+                BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
+                         (offsetof(struct seccomp_data, nr))),
+                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, nr, 0, 1),
+                BPF_STMT(BPF_RET+BPF_K,
+                         SECCOMP_RET_ERRNO|(error & SECCOMP_RET_DATA)),
+                BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
+        };
+        struct sock_fprog prog = {
+                .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),
+                .filter = filter,
+        };
+        if (prctl(PR_SET_SECCOMP, 2, &prog)) {
+                perror("prctl");
+                return 1;
+        }
+        return 0;
+}
+int main(int argc, char **argv)
+{
+        if (argc < 5) {
+                fprintf(stderr, "Usage:\n"
+                        "dropper <syscall_nr> <arch> <errno> <prog> [<args>]\n"
+                        "Hint:  AUDIT_ARCH_I386: 0x%X\n"
+                        "       AUDIT_ARCH_X86_64: 0x%X\n"
+                        "\n", AUDIT_ARCH_I386, AUDIT_ARCH_X86_64);
+                return 1;
+        }
+        if (install_filter(strtol(argv[1], NULL, 0), strtol(argv[2], NULL, 0),
+                           strtol(argv[3], NULL, 0)))
+                return 1;
+        execv(argv[4], &argv[4]);
+        printf("Failed to execv\n");
+        return 255;
+}

diff --git a/samples/seccomp/dropper.c b/samples/seccomp/dropper.c new file mode 100644 index 000000000000..c69c347c7011 --- /dev/null +++ b/samples/seccomp/dropper.c
@@ -0,0 +1,68 @@
	1	/*
	2	* Naive system call dropper built on seccomp_filter.
	3	*
	4	* Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org>
	5	* Author: Will Drewry <wad@chromium.org>
	6	*
	7	* The code may be used by anyone for any purpose,
	8	* and can serve as a starting point for developing
	9	* applications using prctl(PR_SET_SECCOMP, 2, ...).
	10	*
	11	* When run, returns the specified errno for the specified
	12	* system call number against the given architecture.
	13	*
	14	* Run this one as root as PR_SET_NO_NEW_PRIVS is not called.
	15	*/
	16
	17	#include <errno.h>
	18	#include <linux/audit.h>
	19	#include <linux/filter.h>
	20	#include <linux/seccomp.h>
	21	#include <linux/unistd.h>
	22	#include <stdio.h>
	23	#include <stddef.h>
	24	#include <stdlib.h>
	25	#include <sys/prctl.h>
	26	#include <unistd.h>
	27
	28	static int install_filter(int nr, int arch, int error)
	29	{
	30	struct sock_filter filter[] = {
	31	BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
	32	(offsetof(struct seccomp_data, arch))),
	33	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, arch, 0, 3),
	34	BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
	35	(offsetof(struct seccomp_data, nr))),
	36	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, nr, 0, 1),
	37	BPF_STMT(BPF_RET+BPF_K,
	38	SECCOMP_RET_ERRNO\|(error & SECCOMP_RET_DATA)),
	39	BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
	40	};
	41	struct sock_fprog prog = {
	42	.len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),
	43	.filter = filter,
	44	};
	45	if (prctl(PR_SET_SECCOMP, 2, &prog)) {
	46	perror("prctl");
	47	return 1;
	48	}
	49	return 0;
	50	}
	51
	52	int main(int argc, char **argv)
	53	{
	54	if (argc < 5) {
	55	fprintf(stderr, "Usage:\n"
	56	"dropper <syscall_nr> <arch> <errno> <prog> [<args>]\n"
	57	"Hint: AUDIT_ARCH_I386: 0x%X\n"
	58	" AUDIT_ARCH_X86_64: 0x%X\n"
	59	"\n", AUDIT_ARCH_I386, AUDIT_ARCH_X86_64);
	60	return 1;
	61	}
	62	if (install_filter(strtol(argv[1], NULL, 0), strtol(argv[2], NULL, 0),
	63	strtol(argv[3], NULL, 0)))
	64	return 1;
	65	execv(argv[4], &argv[4]);
	66	printf("Failed to execv\n");
	67	return 255;
	68	}