diff options
author | Paul Moore <pmoore@redhat.com> | 2013-01-06 16:34:21 -0500 |
---|---|---|
committer | Paul Moore <pmoore@redhat.com> | 2013-01-15 16:49:32 -0500 |
commit | 6220c8c0fc479d97b6d3e3166a4e46fbfe25a3c0 (patch) | |
tree | 049f2fb2a261e3b28893e911a2eaef903b0dbc48 | |
parent | aeac2736f600f887b42e4aca83ae6b466725aec2 (diff) | |
download | libseccomp-6220c8c0fc479d97b6d3e3166a4e46fbfe25a3c0.tar.gz |
api: add syscall resolution functions that take an architecture argument
Similar to the existing seccomp_syscall_resolve_name() function, but
they work for arbitrary architectures (assuming libseccomp support of
course) and not just the native architecture.
Signed-off-by: Paul Moore <pmoore@redhat.com>
-rw-r--r-- | include/seccomp.h | 26 | ||||
-rw-r--r-- | src/api.c | 43 | ||||
-rw-r--r-- | src/python/libseccomp.pxd | 4 | ||||
-rw-r--r-- | src/python/seccomp.pyx | 30 |
4 files changed, 92 insertions, 11 deletions
diff --git a/include/seccomp.h b/include/seccomp.h index b09f3d3..136643e 100644 --- a/include/seccomp.h +++ b/include/seccomp.h @@ -1,7 +1,7 @@ /** * Seccomp Library * - * Copyright (c) 2012 Red Hat <pmoore@redhat.com> + * Copyright (c) 2012,2013 Red Hat <pmoore@redhat.com> * Author: Paul Moore <pmoore@redhat.com> */ @@ -313,6 +313,30 @@ int seccomp_attr_set(scmp_filter_ctx ctx, enum scmp_filter_attr attr, uint32_t value); /** + * Resolve a syscall number to a name + * @param arch_token the architecture token, e.g. SCMP_ARCH_* + * @param num the syscall number + * + * Resolve the given syscall number to the syscall name for the given + * architecture; it is up to the caller to free the returned string. Returns + * the syscall name on success, NULL on failure. + * + */ +char *seccomp_syscall_resolve_num_arch(uint32_t arch_token, int num); + +/** + * Resolve a syscall name to a number + * @param arch_token the architecture token, e.g. SCMP_ARCH_* + * @param name the syscall name + * + * Resolve the given syscall name to the syscall number for the given + * architecture. Returns the syscall number on success, including negative + * pseudo syscall numbers (e.g. __PNR_*); returns __NR_SCMP_ERROR on failure. + * + */ +int seccomp_syscall_resolve_name_arch(uint32_t arch_token, const char *name); + +/** * Resolve a syscall name to a number * @param name the syscall name * @@ -1,7 +1,7 @@ /** * Seccomp Library API * - * Copyright (c) 2012 Red Hat <pmoore@redhat.com> + * Copyright (c) 2012,2013 Red Hat <pmoore@redhat.com> * Author: Paul Moore <pmoore@redhat.com> */ @@ -255,12 +255,49 @@ int seccomp_attr_set(scmp_filter_ctx ctx, } /* NOTE - function header comment in include/seccomp.h */ -int seccomp_syscall_resolve_name(const char *name) +char *seccomp_syscall_resolve_num_arch(uint32_t arch_token, int num) { + const struct arch_def *arch; + const char *name; + + if (arch_token == 0) + arch_token = arch_def_native.token; + if (arch_valid(arch_token)) + return NULL; + arch = arch_def_lookup(arch_token); + if (arch == NULL) + return NULL; + + name = arch_syscall_resolve_num(arch, num); if (name == NULL) + return NULL; + + return strdup(name); +} + +/* NOTE - function header comment in include/seccomp.h */ +int seccomp_syscall_resolve_name_arch(uint32_t arch_token, const char *name) +{ + const struct arch_def *arch; + + if (name == NULL) + return -EINVAL; + + if (arch_token == 0) + arch_token = arch_def_native.token; + if (arch_valid(arch_token)) return -EINVAL; + arch = arch_def_lookup(arch_token); + if (arch == NULL) + return -EFAULT; + + return arch_syscall_resolve_name(arch, name); +} - return arch_syscall_resolve_name(&arch_def_native, name); +/* NOTE - function header comment in include/seccomp.h */ +int seccomp_syscall_resolve_name(const char *name) +{ + return seccomp_syscall_resolve_name_arch(SCMP_ARCH_NATIVE, name); } /* NOTE - function header comment in include/seccomp.h */ diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd index b5ca659..1af4a30 100644 --- a/src/python/libseccomp.pxd +++ b/src/python/libseccomp.pxd @@ -1,7 +1,7 @@ # # Seccomp Library Python Bindings # -# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Copyright (c) 2012,2013 Red Hat <pmoore@redhat.com> # Author: Paul Moore <pmoore@redhat.com> # @@ -77,6 +77,8 @@ cdef extern from "seccomp.h": int seccomp_attr_set(scmp_filter_ctx ctx, scmp_filter_attr attr, uint32_t value) + char *seccomp_syscall_resolve_num_arch(uint32_t arch_token, int num) + int seccomp_syscall_resolve_name_arch(uint32_t arch_token, char *name) int seccomp_syscall_resolve_name(char *name) int seccomp_syscall_priority(scmp_filter_ctx ctx, int syscall, uint8_t priority) diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx index 1b6f368..9ceee14 100644 --- a/src/python/seccomp.pyx +++ b/src/python/seccomp.pyx @@ -1,7 +1,7 @@ # # Seccomp Library Python Bindings # -# Copyright (c) 2012 Red Hat <pmoore@redhat.com> +# Copyright (c) 2012,2013 Red Hat <pmoore@redhat.com> # Author: Paul Moore <pmoore@redhat.com> # @@ -68,7 +68,7 @@ Example: f.load() """ __author__ = 'Paul Moore <paul@paul-moore.com>' -__date__ = "31 October 2012" +__date__ = "7 January 2013" from libc.stdint cimport uint32_t import errno @@ -99,6 +99,24 @@ def system_arch(): """ return libseccomp.seccomp_arch_native() +def resolve_syscall(arch, syscall): + """ Resolve the syscall. + + Arguments: + arch - the architecture value, e.g. Arch.* + syscall - the syscall name or number + + Description: + Resolve an architecture's syscall name to the correct number or the + syscall number to the correct name. + """ + if (isinstance(syscall, basestring)): + return libseccomp.seccomp_syscall_resolve_name_arch(arch, syscall) + elif (isinstance(syscall, int)): + return libseccomp.seccomp_syscall_resolve_num_arch(arch, syscall) + else: + raise TypeError("Syscall must either be an int or str type") + cdef class Arch: """ Python object representing the SyscallFilter architecture values. @@ -349,14 +367,14 @@ cdef class SyscallFilter: from 0 to 255 inclusive. """ if priority < 0 or priority > 255: - raise ValueError("Syscall priority must be between 0 and 255"); + raise ValueError("Syscall priority must be between 0 and 255") if isinstance(syscall, str): syscall_str = syscall.encode() syscall_num = libseccomp.seccomp_syscall_resolve_name(syscall_str) elif isinstance(syscall, int): syscall_num = syscall else: - raise TypeError("Syscall must either be an int or str type"); + raise TypeError("Syscall must either be an int or str type") rc = libseccomp.seccomp_syscall_priority(self._ctx, syscall_num, priority) if rc != 0: @@ -389,7 +407,7 @@ cdef class SyscallFilter: elif isinstance(syscall, int): syscall_num = syscall else: - raise TypeError("Syscall must either be an int or str type"); + raise TypeError("Syscall must either be an int or str type") """ NOTE: the code below exists solely to deal with the varadic nature of seccomp_rule_add() function and the inability of Cython to handle this automatically """ @@ -468,7 +486,7 @@ cdef class SyscallFilter: elif isinstance(syscall, int): syscall_num = syscall else: - raise TypeError("Syscall must either be an int or str type"); + raise TypeError("Syscall must either be an int or str type") """ NOTE: the code below exists solely to deal with the varadic nature of seccomp_rule_add_exact() function and the inability of Cython to handle this automatically """ |