diff options
author | Paul Moore <paul@paul-moore.com> | 2017-09-21 10:27:38 -0400 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2017-09-21 10:27:38 -0400 |
commit | 355953c00ae34083f8acd89eac3360707e02dfaf (patch) | |
tree | 3804deb8e5a9817f19eab5ae7315eec41921b38b /src/api.c | |
parent | 9e61fd704dbaaa49b3ede59b99f80f39f123075f (diff) | |
download | libseccomp-355953c00ae34083f8acd89eac3360707e02dfaf.tar.gz |
api: create an API level construct as part of the supported APIworking-api_level
WORK IN PROGRESS, DO NOT SHIP
XXX - manpage needed
XXX - tests needed
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'src/api.c')
-rw-r--r-- | src/api.c | 55 |
1 files changed, 55 insertions, 0 deletions
@@ -44,6 +44,8 @@ const struct scmp_version library_version = { .micro = SCMP_VER_MICRO, }; +unsigned int seccomp_api_level = 0; + /** * Validate a filter context * @param ctx the filter context @@ -75,6 +77,30 @@ static int _syscall_valid(const struct db_filter_col *col, int syscall) return 0; } +/** + * Update the API level + * + * XXX + */ +static void _seccomp_api_update(void) +{ + unsigned int level = 1; + + /* if seccomp_api_level > 0 then it's already been set, we're done */ + if (seccomp_api_level >= 1) + return; + + /* NOTE: level 1 is the base level, start checking at 2 */ + + /* level 2 */ + if (sys_chk_seccomp_syscall() && + sys_chk_seccomp_flag(SECCOMP_FILTER_FLAG_TSYNC)) + level = 2; + + /* update the stored api level */ + seccomp_api_level = level; +} + /* NOTE - function header comment in include/seccomp.h */ API const struct scmp_version *seccomp_version(void) { @@ -82,6 +108,35 @@ API const struct scmp_version *seccomp_version(void) } /* NOTE - function header comment in include/seccomp.h */ +API const unsigned int seccomp_api_get(void) +{ + /* update the api level, if needed */ + _seccomp_api_update(); + + return seccomp_api_level; +} + +/* NOTE - function header comment in include/seccomp.h */ +API int seccomp_api_set(unsigned int level) +{ + switch (level) { + case 1: + sys_set_seccomp_syscall(false); + sys_set_seccomp_flag(SECCOMP_FILTER_FLAG_TSYNC, false); + break; + case 2: + sys_set_seccomp_syscall(true); + sys_set_seccomp_flag(SECCOMP_FILTER_FLAG_TSYNC, true); + break; + default: + return -EINVAL; + } + + seccomp_api_level = level; + return 0; +} + +/* NOTE - function header comment in include/seccomp.h */ API scmp_filter_ctx seccomp_init(uint32_t def_action) { if (db_action_valid(def_action) < 0) |