diff options
author | Paul Moore <pmoore@redhat.com> | 2012-07-20 16:22:36 -0400 |
---|---|---|
committer | Paul Moore <pmoore@redhat.com> | 2013-03-26 18:15:10 -0400 |
commit | db440d1e4fb6b620d8e4f4463036fbc89986fb9d (patch) | |
tree | 1ed203335e727cd0d2518a31179a5d9dca00efb7 | |
parent | e9b5a6eb238856bf73f53890119aab559afcb0f0 (diff) | |
download | libseccomp-db440d1e4fb6b620d8e4f4463036fbc89986fb9d.tar.gz |
arch: add basic ARM support
Signed-off-by: Paul Moore <pmoore@redhat.com>
-rw-r--r-- | include/seccomp.h.in | 96 | ||||
-rw-r--r-- | src/Makefile | 1 | ||||
-rw-r--r-- | src/arch-arm-syscalls.c | 432 | ||||
-rw-r--r-- | src/arch-arm.c | 34 | ||||
-rw-r--r-- | src/arch-arm.h | 35 | ||||
-rw-r--r-- | src/arch-i386-syscalls.c | 8 | ||||
-rw-r--r-- | src/arch-x32-syscalls.c | 12 | ||||
-rw-r--r-- | src/arch-x86_64-syscalls.c | 12 | ||||
-rw-r--r-- | src/arch.c | 21 | ||||
-rw-r--r-- | src/gen_pfc.c | 2 | ||||
-rw-r--r-- | src/python/libseccomp.pxd | 1 | ||||
-rw-r--r-- | src/python/seccomp.pyx | 2 | ||||
-rw-r--r-- | tools/bpf_sim.c | 3 | ||||
-rw-r--r-- | tools/sys_resolver.c | 3 |
14 files changed, 650 insertions, 12 deletions
diff --git a/include/seccomp.h.in b/include/seccomp.h.in index eb50b40..7897cbf 100644 --- a/include/seccomp.h.in +++ b/include/seccomp.h.in @@ -22,6 +22,7 @@ #ifndef _SECCOMP_H #define _SECCOMP_H +#include <elf.h> #include <inttypes.h> #include <asm/unistd.h> #include <linux/audit.h> @@ -116,6 +117,11 @@ struct scmp_arg_cmp { #define SCMP_ARCH_X32 (EM_X86_64|__AUDIT_ARCH_LE) /** + * The ARM architecture token + */ +#define SCMP_ARCH_ARM AUDIT_ARCH_ARM + +/** * Convert a syscall name into the associated syscall number * @param x the syscall name */ @@ -1061,6 +1067,96 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd); #define __NR_vserver __PNR_vserver #endif /* __NR_vserver */ +#define __PNR_arm_fadvise64_64 -10083 +#ifndef __NR_arm_fadvise64_64 +#define __NR_arm_fadvise64_64 __PNR_arm_fadvise64_64 +#endif /* __NR_arm_fadvise64_64 */ + +#define __PNR_arm_sync_file_range -10084 +#ifndef __NR_arm_sync_file_range +#define __NR_arm_sync_file_range __PNR_arm_sync_file_range +#endif /* __NR_arm_sync_file_range */ + +#define __PNR_finit_module -10085 +#ifndef __NR_finit_module +#define __NR_finit_module __PNR_finit_module +#endif /* __NR_finit_module */ + +#define __PNR_pciconfig_iobase -10086 +#ifndef __NR_pciconfig_iobase +#define __NR_pciconfig_iobase __PNR_pciconfig_iobase +#endif /* __NR_pciconfig_iobase */ + +#define __PNR_pciconfig_read -10087 +#ifndef __NR_pciconfig_read +#define __NR_pciconfig_read __PNR_pciconfig_read +#endif /* __NR_pciconfig_read */ + +#define __PNR_pciconfig_write -10088 +#ifndef __NR_pciconfig_write +#define __NR_pciconfig_write __PNR_pciconfig_write +#endif /* __NR_pciconfig_write */ + +#define __PNR_sync_file_range2 -10089 +#ifndef __NR_sync_file_range2 +#define __NR_sync_file_range2 __PNR_sync_file_range2 +#endif /* __NR_sync_file_range2 */ + +#define __PNR_syscall -10090 +#ifndef __NR_syscall +#define __NR_syscall __PNR_syscall +#endif /* __NR_syscall */ + +#define __PNR_afs_syscall -10091 +#ifndef __NR_afs_syscall +#define __NR_afs_syscall __PNR_afs_syscall +#endif /* __NR_afs_syscall */ + +#define __PNR_fadvise64 -10092 +#ifndef __NR_fadvise64 +#define __NR_fadvise64 __PNR_fadvise64 +#endif /* __NR_fadvise64 */ + +#define __PNR_getpmsg -10093 +#ifndef __NR_getpmsg +#define __NR_getpmsg __PNR_getpmsg +#endif /* __NR_getpmsg */ + +#define __PNR_ioperm -10094 +#ifndef __NR_ioperm +#define __NR_ioperm __PNR_ioperm +#endif /* __NR_ioperm */ + +#define __PNR_iopl -10095 +#ifndef __NR_iopl +#define __NR_iopl __PNR_iopl +#endif /* __NR_iopl */ + +#define __PNR_kcmp -10096 +#ifndef __NR_kcmp +#define __NR_kcmp __PNR_kcmp +#endif /* __NR_kcmp */ + +#define __PNR_migrate_pages -10097 +#ifndef __NR_migrate_pages +#define __NR_migrate_pages __PNR_migrate_pages +#endif /* __NR_migrate_pages */ + +#define __PNR_modify_ldt -10098 +#ifndef __NR_modify_ldt +#define __NR_modify_ldt __PNR_modify_ldt +#endif /* __NR_modify_ldt */ + +#define __PNR_putpmsg -10099 +#ifndef __NR_putpmsg +#define __NR_putpmsg __PNR_putpmsg +#endif /* __NR_putpmsg */ + +#define __PNR_sync_file_range -10100 +#ifndef __NR_sync_file_range +#define __NR_sync_file_range __PNR_sync_file_range +#endif /* __NR_sync_file_range */ + #ifdef __cplusplus } #endif diff --git a/src/Makefile b/src/Makefile index bc186b7..e7c2304 100644 --- a/src/Makefile +++ b/src/Makefile @@ -41,6 +41,7 @@ OBJS = \ arch-i386.o arch-i386-syscalls.o \ arch-x86_64.o arch-x86_64-syscalls.o \ arch-x32.o arch-x32-syscalls.o \ + arch-arm.o arch-arm-syscalls.o \ hash.o \ gen_pfc.o gen_bpf.o diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c new file mode 100644 index 0000000..8814537 --- /dev/null +++ b/src/arch-arm-syscalls.c @@ -0,0 +1,432 @@ +/** + * Enhanced Seccomp ARM Syscall Table + * + * Copyright (c) 2013 Red Hat <pmoore@redhat.com> + * Author: Paul Moore <pmoore@redhat.com> + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see <http://www.gnu.org/licenses>. + */ + +#include <seccomp.h> + +#include "arch.h" +#include "arch-arm.h" + +#define __NR_OABI_SYSCALL_BASE 0x900000 + +/* NOTE: we currently only support the ARM EABI, more info at the URL below: + * -> http://wiki.embeddedarm.com/wiki/EABI_vs_OABI */ +#if 1 +#define __NR_SYSCALL_BASE 0 +#else +#define __NR_SYSCALL_BASE __NR_OABI_SYSCALL_BASE +#endif + +/* NOTE: based on Linux 3.8.0-rc5 */ +const struct arch_syscall_def arm_syscall_table[] = \ +{ + /* NOTE: arm_sync_file_range() and sync_file_range2() share values */ + { "accept", (__NR_SYSCALL_BASE + 285) }, + { "accept4", (__NR_SYSCALL_BASE + 366) }, + { "access", (__NR_SYSCALL_BASE + 33) }, + { "acct", (__NR_SYSCALL_BASE + 51) }, + { "add_key", (__NR_SYSCALL_BASE + 309) }, + { "adjtimex", (__NR_SYSCALL_BASE + 124) }, + { "afs_syscall", __PNR_afs_syscall }, + { "alarm", (__NR_SYSCALL_BASE + 27) }, + { "arm_fadvise64_64", (__NR_SYSCALL_BASE + 270) }, + { "arm_sync_file_range", (__NR_SYSCALL_BASE + 341) }, + { "arch_prctl", __PNR_arch_prctl }, + { "bdflush", (__NR_SYSCALL_BASE + 134) }, + { "bind", (__NR_SYSCALL_BASE + 282) }, + { "break", __PNR_break }, + { "brk", (__NR_SYSCALL_BASE + 45) }, + { "capget", (__NR_SYSCALL_BASE + 184) }, + { "capset", (__NR_SYSCALL_BASE + 185) }, + { "chdir", (__NR_SYSCALL_BASE + 12) }, + { "chmod", (__NR_SYSCALL_BASE + 15) }, + { "chown", (__NR_SYSCALL_BASE + 182) }, + { "chown32", (__NR_SYSCALL_BASE + 212) }, + { "chroot", (__NR_SYSCALL_BASE + 61) }, + { "clock_adjtime", (__NR_SYSCALL_BASE + 372) }, + { "clock_getres", (__NR_SYSCALL_BASE + 264) }, + { "clock_gettime", (__NR_SYSCALL_BASE + 263) }, + { "clock_nanosleep", (__NR_SYSCALL_BASE + 265) }, + { "clock_settime", (__NR_SYSCALL_BASE + 262) }, + { "clone", (__NR_SYSCALL_BASE + 120) }, + { "close", (__NR_SYSCALL_BASE + 6) }, + { "connect", (__NR_SYSCALL_BASE + 283) }, + { "creat", (__NR_SYSCALL_BASE + 8) }, + { "create_module", __PNR_create_module }, + { "delete_module", (__NR_SYSCALL_BASE + 129) }, + { "dup", (__NR_SYSCALL_BASE + 41) }, + { "dup2", (__NR_SYSCALL_BASE + 63) }, + { "dup3", (__NR_SYSCALL_BASE + 358) }, + { "epoll_create", (__NR_SYSCALL_BASE + 250) }, + { "epoll_create1", (__NR_SYSCALL_BASE + 357) }, + { "epoll_ctl", (__NR_SYSCALL_BASE + 251) }, + { "epoll_ctl_old", __PNR_epoll_ctl_old }, + { "epoll_pwait", (__NR_SYSCALL_BASE + 346) }, + { "epoll_wait", (__NR_SYSCALL_BASE + 252) }, + { "epoll_wait_old", __PNR_epoll_wait_old }, + { "eventfd", (__NR_SYSCALL_BASE + 351) }, + { "eventfd2", (__NR_SYSCALL_BASE + 356) }, + { "execve", (__NR_SYSCALL_BASE + 11) }, + { "exit", (__NR_SYSCALL_BASE + 1) }, + { "exit_group", (__NR_SYSCALL_BASE + 248) }, + { "faccessat", (__NR_SYSCALL_BASE + 334) }, + { "fadvise64", __PNR_fadvise64 }, + { "fadvise64_64", __PNR_fadvise64_64 }, + { "fallocate", (__NR_SYSCALL_BASE + 352) }, + { "fanotify_init", (__NR_SYSCALL_BASE + 367) }, + { "fanotify_mark", (__NR_SYSCALL_BASE + 368) }, + { "fchdir", (__NR_SYSCALL_BASE + 133) }, + { "fchmod", (__NR_SYSCALL_BASE + 94) }, + { "fchmodat", (__NR_SYSCALL_BASE + 333) }, + { "fchown", (__NR_SYSCALL_BASE + 95) }, + { "fchown32", (__NR_SYSCALL_BASE + 207) }, + { "fchownat", (__NR_SYSCALL_BASE + 325) }, + { "fcntl", (__NR_SYSCALL_BASE + 55) }, + { "fcntl64", (__NR_SYSCALL_BASE + 221) }, + { "fdatasync", (__NR_SYSCALL_BASE + 148) }, + { "fgetxattr", (__NR_SYSCALL_BASE + 231) }, + { "finit_module", (__NR_SYSCALL_BASE + 379) }, + { "flistxattr", (__NR_SYSCALL_BASE + 234) }, + { "flock", (__NR_SYSCALL_BASE + 143) }, + { "fork", (__NR_SYSCALL_BASE + 2) }, + { "fremovexattr", (__NR_SYSCALL_BASE + 237) }, + { "fsetxattr", (__NR_SYSCALL_BASE + 228) }, + { "fstat", (__NR_SYSCALL_BASE + 108) }, + { "fstat64", (__NR_SYSCALL_BASE + 197) }, + { "fstatat64", (__NR_SYSCALL_BASE + 327) }, + { "fstatfs", (__NR_SYSCALL_BASE + 100) }, + { "fstatfs64", (__NR_SYSCALL_BASE + 267) }, + { "fsync", (__NR_SYSCALL_BASE + 118) }, + { "ftime", __PNR_ftime }, + { "ftruncate", (__NR_SYSCALL_BASE + 93) }, + { "ftruncate64", (__NR_SYSCALL_BASE + 194) }, + { "futex", (__NR_SYSCALL_BASE + 240) }, + { "futimesat", (__NR_SYSCALL_BASE + 326) }, + { "get_kernel_syms", __PNR_get_kernel_syms }, + { "get_mempolicy", (__NR_SYSCALL_BASE + 320) }, + { "get_robust_list", (__NR_SYSCALL_BASE + 339) }, + { "get_thread_area", __PNR_get_thread_area }, + { "getcpu", (__NR_SYSCALL_BASE + 345) }, + { "getcwd", (__NR_SYSCALL_BASE + 183) }, + { "getdents", (__NR_SYSCALL_BASE + 141) }, + { "getdents64", (__NR_SYSCALL_BASE + 217) }, + { "getegid", (__NR_SYSCALL_BASE + 50) }, + { "getegid32", (__NR_SYSCALL_BASE + 202) }, + { "geteuid", (__NR_SYSCALL_BASE + 49) }, + { "geteuid32", (__NR_SYSCALL_BASE + 201) }, + { "getgid", (__NR_SYSCALL_BASE + 47) }, + { "getgid32", (__NR_SYSCALL_BASE + 200) }, + { "getgroups", (__NR_SYSCALL_BASE + 80) }, + { "getgroups32", (__NR_SYSCALL_BASE + 205) }, + { "getitimer", (__NR_SYSCALL_BASE + 105) }, + { "getpeername", (__NR_SYSCALL_BASE + 287) }, + { "getpgid", (__NR_SYSCALL_BASE + 132) }, + { "getpgrp", (__NR_SYSCALL_BASE + 65) }, + { "getpid", (__NR_SYSCALL_BASE + 20) }, + { "getpmsg", __PNR_getpmsg }, + { "getppid", (__NR_SYSCALL_BASE + 64) }, + { "getpriority", (__NR_SYSCALL_BASE + 96) }, + { "getresgid", (__NR_SYSCALL_BASE + 171) }, + { "getresgid32", (__NR_SYSCALL_BASE + 211) }, + { "getresuid", (__NR_SYSCALL_BASE + 165) }, + { "getresuid32", (__NR_SYSCALL_BASE + 209) }, + { "getrlimit", (__NR_SYSCALL_BASE + 76) }, + { "getrusage", (__NR_SYSCALL_BASE + 77) }, + { "getsid", (__NR_SYSCALL_BASE + 147) }, + { "getsockname", (__NR_SYSCALL_BASE + 286) }, + { "getsockopt", (__NR_SYSCALL_BASE + 295) }, + { "gettid", (__NR_SYSCALL_BASE + 224) }, + { "gettimeofday", (__NR_SYSCALL_BASE + 78) }, + { "getuid", (__NR_SYSCALL_BASE + 24) }, + { "getuid32", (__NR_SYSCALL_BASE + 199) }, + { "getxattr", (__NR_SYSCALL_BASE + 229) }, + { "gtty", __PNR_gtty }, + { "idle", __PNR_idle }, + { "init_module", (__NR_SYSCALL_BASE + 128) }, + { "inotify_add_watch", (__NR_SYSCALL_BASE + 317) }, + { "inotify_init", (__NR_SYSCALL_BASE + 316) }, + { "inotify_init1", (__NR_SYSCALL_BASE + 360) }, + { "inotify_rm_watch", (__NR_SYSCALL_BASE + 318) }, + { "io_cancel", (__NR_SYSCALL_BASE + 247) }, + { "io_destroy", (__NR_SYSCALL_BASE + 244) }, + { "io_getevents", (__NR_SYSCALL_BASE + 245) }, + { "io_setup", (__NR_SYSCALL_BASE + 243) }, + { "io_submit", (__NR_SYSCALL_BASE + 246) }, + { "ioctl", (__NR_SYSCALL_BASE + 54) }, + { "ioperm", __PNR_ioperm }, + { "iopl", __PNR_iopl }, + { "ioprio_get", (__NR_SYSCALL_BASE + 315) }, + { "ioprio_set", (__NR_SYSCALL_BASE + 314) }, + { "ipc", (__NR_SYSCALL_BASE + 117) }, + { "kcmp", __PNR_kcmp }, + { "kexec_load", (__NR_SYSCALL_BASE + 347) }, + { "keyctl", (__NR_SYSCALL_BASE + 311) }, + { "kill", (__NR_SYSCALL_BASE + 37) }, + { "lchown", (__NR_SYSCALL_BASE + 16) }, + { "lchown32", (__NR_SYSCALL_BASE + 198) }, + { "lgetxattr", (__NR_SYSCALL_BASE + 230) }, + { "link", (__NR_SYSCALL_BASE + 9) }, + { "linkat", (__NR_SYSCALL_BASE + 330) }, + { "listen", (__NR_SYSCALL_BASE + 284) }, + { "listxattr", (__NR_SYSCALL_BASE + 232) }, + { "llistxattr", (__NR_SYSCALL_BASE + 233) }, + { "_llseek", (__NR_SYSCALL_BASE + 140) }, + { "lock", __PNR_lock }, + { "lookup_dcookie", (__NR_SYSCALL_BASE + 249) }, + { "lremovexattr", (__NR_SYSCALL_BASE + 236) }, + { "lseek", (__NR_SYSCALL_BASE + 19) }, + { "lsetxattr", (__NR_SYSCALL_BASE + 227) }, + { "lstat", (__NR_SYSCALL_BASE + 107) }, + { "lstat64", (__NR_SYSCALL_BASE + 196) }, + { "madvise", (__NR_SYSCALL_BASE + 220) }, + { "mbind", (__NR_SYSCALL_BASE + 319) }, + { "migrate_pages", __PNR_migrate_pages }, + { "mincore", (__NR_SYSCALL_BASE + 219) }, + { "mkdir", (__NR_SYSCALL_BASE + 39) }, + { "mkdirat", (__NR_SYSCALL_BASE + 323) }, + { "mknod", (__NR_SYSCALL_BASE + 14) }, + { "mknodat", (__NR_SYSCALL_BASE + 324) }, + { "mlock", (__NR_SYSCALL_BASE + 150) }, + { "mlockall", (__NR_SYSCALL_BASE + 152) }, + { "mmap", (__NR_SYSCALL_BASE + 90) }, + { "mmap2", (__NR_SYSCALL_BASE + 192) }, + { "modify_ldt", __PNR_modify_ldt }, + { "mount", (__NR_SYSCALL_BASE + 21) }, + { "move_pages", (__NR_SYSCALL_BASE + 344) }, + { "mprotect", (__NR_SYSCALL_BASE + 125) }, + { "mpx", __PNR_mpx }, + { "mq_getsetattr", (__NR_SYSCALL_BASE + 279) }, + { "mq_notify", (__NR_SYSCALL_BASE + 278) }, + { "mq_open", (__NR_SYSCALL_BASE + 274) }, + { "mq_timedreceive", (__NR_SYSCALL_BASE + 277) }, + { "mq_timedsend", (__NR_SYSCALL_BASE + 276) }, + { "mq_unlink", (__NR_SYSCALL_BASE + 275) }, + { "mremap", (__NR_SYSCALL_BASE + 163) }, + { "msgctl", (__NR_SYSCALL_BASE + 304) }, + { "msgget", (__NR_SYSCALL_BASE + 303) }, + { "msgrcv", (__NR_SYSCALL_BASE + 302) }, + { "msgsnd", (__NR_SYSCALL_BASE + 301) }, + { "msync", (__NR_SYSCALL_BASE + 144) }, + { "munlock", (__NR_SYSCALL_BASE + 151) }, + { "munlockall", (__NR_SYSCALL_BASE + 153) }, + { "munmap", (__NR_SYSCALL_BASE + 91) }, + { "name_to_handle_at", (__NR_SYSCALL_BASE + 370) }, + { "nanosleep", (__NR_SYSCALL_BASE + 162) }, + { "_newselect", (__NR_SYSCALL_BASE + 142) }, + { "newfstatat", __PNR_newfstatat }, + { "nfsservctl", (__NR_SYSCALL_BASE + 169) }, + { "nice", (__NR_SYSCALL_BASE + 34) }, + { "oldfstat", __PNR_oldfstat }, + { "oldlstat", __PNR_oldlstat }, + { "oldolduname", __PNR_oldolduname }, + { "oldstat", __PNR_oldstat }, + { "olduname", __PNR_olduname }, + { "open", (__NR_SYSCALL_BASE + 5) }, + { "open_by_handle_at", (__NR_SYSCALL_BASE + 371) }, + { "openat", (__NR_SYSCALL_BASE + 322) }, + { "pause", (__NR_SYSCALL_BASE + 29) }, + { "pciconfig_iobase", (__NR_SYSCALL_BASE + 271) }, + { "pciconfig_read", (__NR_SYSCALL_BASE + 272) }, + { "pciconfig_write", (__NR_SYSCALL_BASE + 273) }, + { "perf_event_open", (__NR_SYSCALL_BASE + 364) }, + { "personality", (__NR_SYSCALL_BASE + 136) }, + { "pipe", (__NR_SYSCALL_BASE + 42) }, + { "pipe2", (__NR_SYSCALL_BASE + 359) }, + { "pivot_root", (__NR_SYSCALL_BASE + 218) }, + { "poll", (__NR_SYSCALL_BASE + 168) }, + { "ppoll", (__NR_SYSCALL_BASE + 336) }, + { "prctl", (__NR_SYSCALL_BASE + 172) }, + { "pread64", (__NR_SYSCALL_BASE + 180) }, + { "preadv", (__NR_SYSCALL_BASE + 361) }, + { "prlimit64", (__NR_SYSCALL_BASE + 369) }, + { "process_vm_readv", (__NR_SYSCALL_BASE + 376) }, + { "process_vm_writev", (__NR_SYSCALL_BASE + 377) }, + { "prof", __PNR_prof }, + { "profil", __PNR_profil }, + { "pselect6", (__NR_SYSCALL_BASE + 335) }, + { "ptrace", (__NR_SYSCALL_BASE + 26) }, + { "putpmsg", __PNR_putpmsg }, + { "pwrite64", (__NR_SYSCALL_BASE + 181) }, + { "pwritev", (__NR_SYSCALL_BASE + 362) }, + { "query_module", __PNR_query_module }, + { "quotactl", (__NR_SYSCALL_BASE + 131) }, + { "read", (__NR_SYSCALL_BASE + 3) }, + { "readahead", (__NR_SYSCALL_BASE + 225) }, + { "readdir", (__NR_SYSCALL_BASE + 89) }, + { "readlink", (__NR_SYSCALL_BASE + 85) }, + { "readlinkat", (__NR_SYSCALL_BASE + 332) }, + { "readv", (__NR_SYSCALL_BASE + 145) }, + { "reboot", (__NR_SYSCALL_BASE + 88) }, + { "recv", (__NR_SYSCALL_BASE + 291) }, + { "recvfrom", (__NR_SYSCALL_BASE + 292) }, + { "recvmmsg", (__NR_SYSCALL_BASE + 365) }, + { "recvmsg", (__NR_SYSCALL_BASE + 297) }, + { "remap_file_pages", (__NR_SYSCALL_BASE + 253) }, + { "removexattr", (__NR_SYSCALL_BASE + 235) }, + { "rename", (__NR_SYSCALL_BASE + 38) }, + { "renameat", (__NR_SYSCALL_BASE + 329) }, + { "request_key", (__NR_SYSCALL_BASE + 310) }, + { "restart_syscall", (__NR_SYSCALL_BASE + 0) }, + { "rmdir", (__NR_SYSCALL_BASE + 40) }, + { "rt_sigaction", (__NR_SYSCALL_BASE + 174) }, + { "rt_sigpending", (__NR_SYSCALL_BASE + 176) }, + { "rt_sigprocmask", (__NR_SYSCALL_BASE + 175) }, + { "rt_sigqueueinfo", (__NR_SYSCALL_BASE + 178) }, + { "rt_sigreturn", (__NR_SYSCALL_BASE + 173) }, + { "rt_sigsuspend", (__NR_SYSCALL_BASE + 179) }, + { "rt_sigtimedwait", (__NR_SYSCALL_BASE + 177) }, + { "rt_tgsigqueueinfo", (__NR_SYSCALL_BASE + 363) }, + { "sched_get_priority_max", (__NR_SYSCALL_BASE + 159) }, + { "sched_get_priority_min", (__NR_SYSCALL_BASE + 160) }, + { "sched_getaffinity", (__NR_SYSCALL_BASE + 242) }, + { "sched_getparam", (__NR_SYSCALL_BASE + 155) }, + { "sched_getscheduler", (__NR_SYSCALL_BASE + 157) }, + { "sched_rr_get_interval", (__NR_SYSCALL_BASE + 161) }, + { "sched_setaffinity", (__NR_SYSCALL_BASE + 241) }, + { "sched_setparam", (__NR_SYSCALL_BASE + 154) }, + { "sched_setscheduler", (__NR_SYSCALL_BASE + 156) }, + { "sched_yield", (__NR_SYSCALL_BASE + 158) }, + { "security", __PNR_security }, + { "select", (__NR_SYSCALL_BASE + 82) }, + { "semctl", (__NR_SYSCALL_BASE + 300) }, + { "semget", (__NR_SYSCALL_BASE + 299) }, + { "semop", (__NR_SYSCALL_BASE + 298) }, + { "semtimedop", (__NR_SYSCALL_BASE + 312) }, + { "send", (__NR_SYSCALL_BASE + 289) }, + { "sendfile", (__NR_SYSCALL_BASE + 187) }, + { "sendfile64", (__NR_SYSCALL_BASE + 239) }, + { "sendmmsg", (__NR_SYSCALL_BASE + 374) }, + { "sendmsg", (__NR_SYSCALL_BASE + 296) }, + { "sendto", (__NR_SYSCALL_BASE + 290) }, + { "set_mempolicy", (__NR_SYSCALL_BASE + 321) }, + { "set_robust_list", (__NR_SYSCALL_BASE + 338) }, + { "set_thread_area", __PNR_set_thread_area }, + { "set_tid_address", (__NR_SYSCALL_BASE + 256) }, + { "setdomainname", (__NR_SYSCALL_BASE + 121) }, + { "setfsgid", (__NR_SYSCALL_BASE + 139) }, + { "setfsgid32", (__NR_SYSCALL_BASE + 216) }, + { "setfsuid", (__NR_SYSCALL_BASE + 138) }, + { "setfsuid32", (__NR_SYSCALL_BASE + 215) }, + { "setgid", (__NR_SYSCALL_BASE + 46) }, + { "setgid32", (__NR_SYSCALL_BASE + 214) }, + { "setgroups", (__NR_SYSCALL_BASE + 81) }, + { "setgroups32", (__NR_SYSCALL_BASE + 206) }, + { "sethostname", (__NR_SYSCALL_BASE + 74) }, + { "setitimer", (__NR_SYSCALL_BASE + 104) }, + { "setns", (__NR_SYSCALL_BASE + 375) }, + { "setpgid", (__NR_SYSCALL_BASE + 57) }, + { "setpriority", (__NR_SYSCALL_BASE + 97) }, + { "setregid", (__NR_SYSCALL_BASE + 71) }, + { "setregid32", (__NR_SYSCALL_BASE + 204) }, + { "setresgid", (__NR_SYSCALL_BASE + 170) }, + { "setresgid32", (__NR_SYSCALL_BASE + 210) }, + { "setresuid", (__NR_SYSCALL_BASE + 164) }, + { "setresuid32", (__NR_SYSCALL_BASE + 208) }, + { "setreuid", (__NR_SYSCALL_BASE + 70) }, + { "setreuid32", (__NR_SYSCALL_BASE + 203) }, + { "setrlimit", (__NR_SYSCALL_BASE + 75) }, + { "setsid", (__NR_SYSCALL_BASE + 66) }, + { "setsockopt", (__NR_SYSCALL_BASE + 294) }, + { "settimeofday", (__NR_SYSCALL_BASE + 79) }, + { "setuid", (__NR_SYSCALL_BASE + 23) }, + { "setuid32", (__NR_SYSCALL_BASE + 213) }, + { "setxattr", (__NR_SYSCALL_BASE + 226) }, + { "sgetmask", __PNR_sgetmask }, + { "shmat", (__NR_SYSCALL_BASE + 305) }, + { "shmctl", (__NR_SYSCALL_BASE + 308) }, + { "shmdt", (__NR_SYSCALL_BASE + 306) }, + { "shmget", (__NR_SYSCALL_BASE + 307) }, + { "shutdown", (__NR_SYSCALL_BASE + 293) }, + { "sigaction", (__NR_SYSCALL_BASE + 67) }, + { "sigaltstack", (__NR_SYSCALL_BASE + 186) }, + { "signal", __PNR_signal }, + { "signalfd", (__NR_SYSCALL_BASE + 349) }, + { "signalfd4", (__NR_SYSCALL_BASE + 355) }, + { "sigpending", (__NR_SYSCALL_BASE + 73) }, + { "sigprocmask", (__NR_SYSCALL_BASE + 126) }, + { "sigreturn", (__NR_SYSCALL_BASE + 119) }, + { "sigsuspend", (__NR_SYSCALL_BASE + 72) }, + { "socket", (__NR_SYSCALL_BASE + 281) }, + { "socketcall", (__NR_SYSCALL_BASE + 102) }, + { "socketpair", (__NR_SYSCALL_BASE + 288) }, + { "splice", (__NR_SYSCALL_BASE + 340) }, + { "ssetmask", __PNR_ssetmask }, + { "stat", (__NR_SYSCALL_BASE + 106) }, + { "stat64", (__NR_SYSCALL_BASE + 195) }, + { "statfs", (__NR_SYSCALL_BASE + 99) }, + { "statfs64", (__NR_SYSCALL_BASE + 266) }, + { "stime", (__NR_SYSCALL_BASE + 25) }, + { "stty", __PNR_stty }, + { "swapoff", (__NR_SYSCALL_BASE + 115) }, + { "swapon", (__NR_SYSCALL_BASE + 87) }, + { "symlink", (__NR_SYSCALL_BASE + 83) }, + { "symlinkat", (__NR_SYSCALL_BASE + 331) }, + { "sync", (__NR_SYSCALL_BASE + 36) }, + { "sync_file_range", __PNR_sync_file_range }, + { "sync_file_range2", (__NR_SYSCALL_BASE + 341) }, + { "syncfs", (__NR_SYSCALL_BASE + 373) }, + { "syscall", (__NR_SYSCALL_BASE + 113) }, + { "_sysctl", (__NR_SYSCALL_BASE + 149) }, + { "sysfs", (__NR_SYSCALL_BASE + 135) }, + { "sysinfo", (__NR_SYSCALL_BASE + 116) }, + { "syslog", (__NR_SYSCALL_BASE + 103) }, + { "tee", (__NR_SYSCALL_BASE + 342) }, + { "tgkill", (__NR_SYSCALL_BASE + 268) }, + { "time", (__NR_SYSCALL_BASE + 13) }, + { "timer_create", (__NR_SYSCALL_BASE + 257) }, + { "timer_delete", (__NR_SYSCALL_BASE + 261) }, + { "timer_getoverrun", (__NR_SYSCALL_BASE + 260) }, + { "timer_gettime", (__NR_SYSCALL_BASE + 259) }, + { "timer_settime", (__NR_SYSCALL_BASE + 258) }, + { "timerfd_create", (__NR_SYSCALL_BASE + 350) }, + { "timerfd_gettime", (__NR_SYSCALL_BASE + 354) }, + { "timerfd_settime", (__NR_SYSCALL_BASE + 353) }, + { "times", (__NR_SYSCALL_BASE + 43) }, + { "tkill", (__NR_SYSCALL_BASE + 238) }, + { "truncate", (__NR_SYSCALL_BASE + 92) }, + { "truncate64", (__NR_SYSCALL_BASE + 193) }, + { "tuxcall", __PNR_tuxcall }, + { "ugetrlimit", (__NR_SYSCALL_BASE + 191) }, + { "ulimit", __PNR_ulimit }, + { "umask", (__NR_SYSCALL_BASE + 60) }, + { "umount", (__NR_SYSCALL_BASE + 22) }, + { "umount2", (__NR_SYSCALL_BASE + 52) }, + { "uname", (__NR_SYSCALL_BASE + 122) }, + { "unlink", (__NR_SYSCALL_BASE + 10) }, + { "unlinkat", (__NR_SYSCALL_BASE + 328) }, + { "unshare", (__NR_SYSCALL_BASE + 337) }, + { "uselib", (__NR_SYSCALL_BASE + 86) }, + { "ustat", (__NR_SYSCALL_BASE + 62) }, + { "utime", (__NR_SYSCALL_BASE + 30) }, + { "utimensat", (__NR_SYSCALL_BASE + 348) }, + { "utimes", (__NR_SYSCALL_BASE + 269) }, + { "vfork", (__NR_SYSCALL_BASE + 190) }, + { "vhangup", (__NR_SYSCALL_BASE + 111) }, + { "vm86", __PNR_vm86 }, + { "vm86old", __PNR_vm86old }, + { "vmsplice", (__NR_SYSCALL_BASE + 343) }, + { "vserver", (__NR_SYSCALL_BASE + 313) }, + { "wait4", (__NR_SYSCALL_BASE + 114) }, + { "waitid", (__NR_SYSCALL_BASE + 280) }, + { "waitpid", __PNR_waitpid }, + { "write", (__NR_SYSCALL_BASE + 4) }, + { "writev", (__NR_SYSCALL_BASE + 146) }, + { NULL, __NR_SCMP_ERROR }, +}; diff --git a/src/arch-arm.c b/src/arch-arm.c new file mode 100644 index 0000000..d2f0834 --- /dev/null +++ b/src/arch-arm.c @@ -0,0 +1,34 @@ +/** + * Enhanced Seccomp ARM Specific Code + * + * Copyright (c) 2013 Red Hat <pmoore@redhat.com> + * Author: Paul Moore <pmoore@redhat.com> + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see <http://www.gnu.org/licenses>. + */ + +#include <stdlib.h> +#include <errno.h> +#include <linux/audit.h> + +#include "arch.h" +#include "arch-arm.h" + +const struct arch_def arch_def_arm = { + .token = SCMP_ARCH_ARM, + .token_bpf = AUDIT_ARCH_ARM, + .size = ARCH_SIZE_32, + .endian = ARCH_ENDIAN_LITTLE, +}; diff --git a/src/arch-arm.h b/src/arch-arm.h new file mode 100644 index 0000000..415eccb --- /dev/null +++ b/src/arch-arm.h @@ -0,0 +1,35 @@ +/** + * Enhanced Seccomp ARM Specific Code + * + * Copyright (c) 2013 Red Hat <pmoore@redhat.com> + * Author: Paul Moore <pmoore@redhat.com> + */ + +/* + * This library is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License as + * published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, see <http://www.gnu.org/licenses>. + */ + +#ifndef _ARCH_ARM_H +#define _ARCH_ARM_H + +#include <inttypes.h> + +#include "arch.h" +#include "system.h" + +#define arm_arg_count_max 6 + +extern const struct arch_def arch_def_arm; +extern const struct arch_syscall_def arm_syscall_table[]; + +#endif diff --git a/src/arch-i386-syscalls.c b/src/arch-i386-syscalls.c index d08d129..803b0e7 100644 --- a/src/arch-i386-syscalls.c +++ b/src/arch-i386-syscalls.c @@ -35,6 +35,8 @@ const struct arch_syscall_def i386_syscall_table[] = \ { "adjtimex", 124 }, { "afs_syscall", 137 }, { "alarm", 27 }, + { "arm_fadvise64_64", __PNR_arm_fadvise64_64 }, + { "arm_sync_file_range", __PNR_arm_sync_file_range }, { "arch_prctl", __PNR_arch_prctl }, { "bdflush", 134 }, { "bind", __PNR_bind }, @@ -89,6 +91,7 @@ const struct arch_syscall_def i386_syscall_table[] = \ { "fcntl64", 221 }, { "fdatasync", 148 }, { "fgetxattr", 231 }, + { "finit_module", __PNR_finit_module }, { "flistxattr", 234 }, { "flock", 143 }, { "fork", 2 }, @@ -228,6 +231,9 @@ const struct arch_syscall_def i386_syscall_table[] = \ { "open_by_handle_at", 342 }, { "openat", 295 }, { "pause", 29 }, + { "pciconfig_iobase", __PNR_pciconfig_iobase }, + { "pciconfig_read", __PNR_pciconfig_read }, + { "pciconfig_write", __PNR_pciconfig_write }, { "perf_event_open", 336 }, { "personality", 136 }, { "pipe", 42 }, @@ -363,7 +369,9 @@ const struct arch_syscall_def i386_syscall_table[] = \ { "symlinkat", 304 }, { "sync", 36 }, { "sync_file_range", 314 }, + { "sync_file_range2", __PNR_sync_file_range2 }, { "syncfs", 344 }, + { "syscall", __PNR_syscall }, { "_sysctl", 149 }, { "sysfs", 135 }, { "sysinfo", 116 }, diff --git a/src/arch-x32-syscalls.c b/src/arch-x32-syscalls.c index 0985f2a..31d915d 100644 --- a/src/arch-x32-syscalls.c +++ b/src/arch-x32-syscalls.c @@ -37,6 +37,8 @@ const struct arch_syscall_def x32_syscall_table[] = \ { "adjtimex", (__X32_SYSCALL_BIT + 159) }, { "afs_syscall", (__X32_SYSCALL_BIT + 183) }, { "alarm", (__X32_SYSCALL_BIT + 37) }, + { "arm_fadvise64_64", __PNR_arm_fadvise64_64 }, + { "arm_sync_file_range", __PNR_arm_sync_file_range }, { "arch_prctl", (__X32_SYSCALL_BIT + 158) }, { "bdflush", __PNR_bdflush }, { "bind", (__X32_SYSCALL_BIT + 49) }, @@ -91,6 +93,7 @@ const struct arch_syscall_def x32_syscall_table[] = \ { "fcntl64", __PNR_fcntl64 }, { "fdatasync", (__X32_SYSCALL_BIT + 75) }, { "fgetxattr", (__X32_SYSCALL_BIT + 193) }, + { "finit_module", __PNR_finit_module }, { "flistxattr", (__X32_SYSCALL_BIT + 196) }, { "flock", (__X32_SYSCALL_BIT + 73) }, { "fork", (__X32_SYSCALL_BIT + 57) }, @@ -99,8 +102,8 @@ const struct arch_syscall_def x32_syscall_table[] = \ { "fstat", (__X32_SYSCALL_BIT + 5) }, { "fstat64", __PNR_fstat64 }, { "fstatat64", __PNR_fstatat64 }, - { "fstatfs64", __PNR_fstatfs64 }, { "fstatfs", (__X32_SYSCALL_BIT + 138) }, + { "fstatfs64", __PNR_fstatfs64 }, { "fsync", (__X32_SYSCALL_BIT + 74) }, { "ftime", __PNR_ftime }, { "ftruncate", (__X32_SYSCALL_BIT + 77) }, @@ -219,8 +222,8 @@ const struct arch_syscall_def x32_syscall_table[] = \ { "nanosleep", (__X32_SYSCALL_BIT + 35) }, { "_newselect", __PNR__newselect }, { "newfstatat", (__X32_SYSCALL_BIT + 262) }, - { "nice", __PNR_nice }, { "nfsservctl", __PNR_nfsservctl }, + { "nice", __PNR_nice }, { "oldfstat", __PNR_oldfstat }, { "oldlstat", __PNR_oldlstat }, { "oldolduname", __PNR_oldolduname }, @@ -230,6 +233,9 @@ const struct arch_syscall_def x32_syscall_table[] = \ { "open_by_handle_at", (__X32_SYSCALL_BIT + 304) }, { "openat", (__X32_SYSCALL_BIT + 257) }, { "pause", (__X32_SYSCALL_BIT + 34) }, + { "pciconfig_iobase", __PNR_pciconfig_iobase }, + { "pciconfig_read", __PNR_pciconfig_read }, + { "pciconfig_write", __PNR_pciconfig_write }, { "perf_event_open", (__X32_SYSCALL_BIT + 298) }, { "personality", (__X32_SYSCALL_BIT + 135) }, { "pipe", (__X32_SYSCALL_BIT + 22) }, @@ -365,7 +371,9 @@ const struct arch_syscall_def x32_syscall_table[] = \ { "symlinkat", (__X32_SYSCALL_BIT + 266) }, { "sync", (__X32_SYSCALL_BIT + 162) }, { "sync_file_range", (__X32_SYSCALL_BIT + 277) }, + { "sync_file_range2", __PNR_sync_file_range2 }, { "syncfs", (__X32_SYSCALL_BIT + 306) }, + { "syscall", __PNR_syscall }, { "_sysctl", __PNR__sysctl }, { "sysfs", (__X32_SYSCALL_BIT + 139) }, { "sysinfo", (__X32_SYSCALL_BIT + 99) }, diff --git a/src/arch-x86_64-syscalls.c b/src/arch-x86_64-syscalls.c index 9684be3..10f6273 100644 --- a/src/arch-x86_64-syscalls.c +++ b/src/arch-x86_64-syscalls.c @@ -35,6 +35,8 @@ const struct arch_syscall_def x86_64_syscall_table[] = \ { "adjtimex", 159 }, { "afs_syscall", 183 }, { "alarm", 37 }, + { "arm_fadvise64_64", __PNR_arm_fadvise64_64 }, + { "arm_sync_file_range", __PNR_arm_sync_file_range }, { "arch_prctl", 158 }, { "bdflush", __PNR_bdflush }, { "bind", 49 }, @@ -89,6 +91,7 @@ const struct arch_syscall_def x86_64_syscall_table[] = \ { "fcntl64", __PNR_fcntl64 }, { "fdatasync", 75 }, { "fgetxattr", 193 }, + { "finit_module", __PNR_finit_module }, { "flistxattr", 196 }, { "flock", 73 }, { "fork", 57 }, @@ -97,8 +100,8 @@ const struct arch_syscall_def x86_64_syscall_table[] = \ { "fstat", 5 }, { "fstat64", __PNR_fstat64 }, { "fstatat64", __PNR_fstatat64 }, - { "fstatfs64", __PNR_fstatfs64 }, { "fstatfs", 138 }, + { "fstatfs64", __PNR_fstatfs64 }, { "fsync", 74 }, { "ftime", __PNR_ftime }, { "ftruncate", 77 }, @@ -217,8 +220,8 @@ const struct arch_syscall_def x86_64_syscall_table[] = \ { "nanosleep", 35 }, { "_newselect", __PNR__newselect }, { "newfstatat", 262 }, - { "nice", __PNR_nice }, { "nfsservctl", 180 }, + { "nice", __PNR_nice }, { "oldfstat", __PNR_oldfstat }, { "oldlstat", __PNR_oldlstat }, { "oldolduname", __PNR_oldolduname }, @@ -228,6 +231,9 @@ const struct arch_syscall_def x86_64_syscall_table[] = \ { "open_by_handle_at", 304 }, { "openat", 257 }, { "pause", 34 }, + { "pciconfig_iobase", __PNR_pciconfig_iobase }, + { "pciconfig_read", __PNR_pciconfig_read }, + { "pciconfig_write", __PNR_pciconfig_write }, { "perf_event_open", 298 }, { "personality", 135 }, { "pipe", 22 }, @@ -363,7 +369,9 @@ const struct arch_syscall_def x86_64_syscall_table[] = \ { "symlinkat", 266 }, { "sync", 162 }, { "sync_file_range", 277 }, + { "sync_file_range2", __PNR_sync_file_range2 }, { "syncfs", 306 }, + { "syscall", __PNR_syscall }, { "_sysctl", 156 }, { "sysfs", 139 }, { "sysinfo", 99 }, @@ -19,6 +19,7 @@ * along with this library; if not, see <http://www.gnu.org/licenses>. */ +#include <elf.h> #include <errno.h> #include <stdlib.h> #include <string.h> @@ -31,6 +32,7 @@ #include "arch-i386.h" #include "arch-x86_64.h" #include "arch-x32.h" +#include "arch-arm.h" #include "system.h" #if __i386__ @@ -41,6 +43,8 @@ const struct arch_def *arch_def_native = &arch_def_x32; #else const struct arch_def *arch_def_native = &arch_def_x86_64; #endif /* __ILP32__ */ +#elif __arm__ +const struct arch_def *arch_def_native = &arch_def_arm; #else #error the arch code needs to know about your machine type #endif /* machine type guess */ @@ -58,6 +62,7 @@ int arch_valid(uint32_t arch) case SCMP_ARCH_X86: case SCMP_ARCH_X86_64: case SCMP_ARCH_X32: + case SCMP_ARCH_ARM: return 0; } @@ -76,13 +81,12 @@ static const struct arch_syscall_def *_arch_syscall_lookup(uint32_t token) switch (token) { case SCMP_ARCH_X86: return i386_syscall_table; - break; case SCMP_ARCH_X86_64: return x86_64_syscall_table; - break; case SCMP_ARCH_X32: return x32_syscall_table; - break; + case SCMP_ARCH_ARM: + return arm_syscall_table; } return NULL; @@ -100,13 +104,12 @@ const struct arch_def *arch_def_lookup(uint32_t token) switch (token) { case SCMP_ARCH_X86: return &arch_def_i386; - break; case SCMP_ARCH_X86_64: return &arch_def_x86_64; - break; case SCMP_ARCH_X32: return &arch_def_x32; - break; + case SCMP_ARCH_ARM: + return &arch_def_arm; } return NULL; @@ -129,9 +132,11 @@ int arch_arg_count_max(const struct arch_def *arch) return x86_64_arg_count_max; case SCMP_ARCH_X32: return x32_arg_count_max; - default: - return -EDOM; + case SCMP_ARCH_ARM: + return arm_arg_count_max; } + + return -EDOM; } /** diff --git a/src/gen_pfc.c b/src/gen_pfc.c index 37460a9..4f962e4 100644 --- a/src/gen_pfc.c +++ b/src/gen_pfc.c @@ -55,6 +55,8 @@ static const char *_pfc_arch(const struct arch_def *arch) return "x86_64"; case SCMP_ARCH_X32: return "x32"; + case SCMP_ARCH_ARM: + return "arm"; default: return "UNKNOWN"; } diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd index 85be924..411b08e 100644 --- a/src/python/libseccomp.pxd +++ b/src/python/libseccomp.pxd @@ -30,6 +30,7 @@ cdef extern from "seccomp.h": SCMP_ARCH_X86 SCMP_ARCH_X86_64 SCMP_ARCH_X32 + SCMP_ARCH_ARM cdef enum scmp_filter_attr: SCMP_FLTATR_ACT_DEFAULT diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx index 22d6e4e..a87e1a4 100644 --- a/src/python/seccomp.pyx +++ b/src/python/seccomp.pyx @@ -125,12 +125,14 @@ cdef class Arch: X86 - 32-bit x86 X86_64 - 64-bit x86 X32 - 64-bit x86 using the x32 ABI + ARM - ARM """ NATIVE = libseccomp.SCMP_ARCH_NATIVE X86 = libseccomp.SCMP_ARCH_X86 X86_64 = libseccomp.SCMP_ARCH_X86_64 X32 = libseccomp.SCMP_ARCH_X32 + ARM = libseccomp.SCMP_ARCH_ARM cdef class Attr: """ Python object representing the SyscallFilter attributes. diff --git a/tools/bpf_sim.c b/tools/bpf_sim.c index 476a00e..0e11d6e 100644 --- a/tools/bpf_sim.c +++ b/tools/bpf_sim.c @@ -19,6 +19,7 @@ * along with this library; if not, see <http://www.gnu.org/licenses>. */ +#include <elf.h> #include <errno.h> #include <fcntl.h> #include <inttypes.h> @@ -235,6 +236,8 @@ int main(int argc, char *argv[]) sys_data.arch = AUDIT_ARCH_X86_64; else if (strcmp(optarg, "x32") == 0) sys_data.arch = AUDIT_ARCH_X86_64; + else if (strcmp(optarg, "arm") == 0) + sys_data.arch = AUDIT_ARCH_ARM; else if (strcmp(optarg, "ia64") == 0) sys_data.arch = AUDIT_ARCH_IA64; else if (strcmp(optarg, "ppc") == 0) diff --git a/tools/sys_resolver.c b/tools/sys_resolver.c index 595cea0..dd1d0c0 100644 --- a/tools/sys_resolver.c +++ b/tools/sys_resolver.c @@ -29,6 +29,7 @@ #include "../src/arch-i386.h" #include "../src/arch-x86_64.h" #include "../src/arch-x32.h" +#include "../src/arch-arm.h" /** * Print the usage information to stderr and exit @@ -65,6 +66,8 @@ int main(int argc, char *argv[]) arch = &arch_def_x86_64; else if (strcmp(optarg, "x32") == 0) arch = &arch_def_x32; + else if (strcmp(optarg, "arm") == 0) + arch = &arch_def_arm; else exit_usage(argv[0]); break; |