diff options
-rw-r--r-- | doc/man/man3/seccomp_arch_add.3 | 10 | ||||
-rw-r--r-- | include/seccomp.h.in | 10 | ||||
-rw-r--r-- | src/api.c | 15 | ||||
-rw-r--r-- | src/arch.c | 25 | ||||
-rw-r--r-- | src/arch.h | 1 | ||||
-rw-r--r-- | src/python/libseccomp.pxd | 1 | ||||
-rw-r--r-- | src/python/seccomp.pyx | 48 |
7 files changed, 106 insertions, 4 deletions
diff --git a/doc/man/man3/seccomp_arch_add.3 b/doc/man/man3/seccomp_arch_add.3 index f03376d..dd000fc 100644 --- a/doc/man/man3/seccomp_arch_add.3 +++ b/doc/man/man3/seccomp_arch_add.3 @@ -1,4 +1,4 @@ -.TH "seccomp_arch_add" 3 "16 April 2014" "paul@paul-moore.com" "libseccomp Documentation" +.TH "seccomp_arch_add" 3 "7 May 2014" "paul@paul-moore.com" "libseccomp Documentation" .\" ////////////////////////////////////////////////////////////////////////// .SH NAME .\" ////////////////////////////////////////////////////////////////////////// @@ -15,6 +15,7 @@ seccomp_arch_add, seccomp_arch_remove, seccomp_arch_exist, seccomp_arch_native \ .B #define SCMP_ARCH_X86 .B #define SCMP_ARCH_X86_64 .sp +.BI "uint32_t seccomp_arch_resolve_name(const char *" arch_name ");" .BI "uint32_t seccomp_arch_native();" .BI "int seccomp_arch_exist(const scmp_filter_ctx " ctx ", uint32_t " arch_token ");" .BI "int seccomp_arch_add(scmp_filter_ctx " ctx ", uint32_t " arch_token ");" @@ -46,7 +47,12 @@ constant always referring to the native compiled architecture. The .BR seccomp_arch_native () function returns the system's architecture such that it will match one of the .BR SCMP_ARCH_* -constants. +constants. While the +.BR seccomp_arch_resolve_name () +function also returns a +.BR SCMP_ARCH_* +constant, the returned token matches the name of the architecture +passed as an argument to the function. .P When a seccomp filter is initialized with the call to .BR seccomp_init (3) diff --git a/include/seccomp.h.in b/include/seccomp.h.in index 07336e6..e119c8c 100644 --- a/include/seccomp.h.in +++ b/include/seccomp.h.in @@ -254,6 +254,16 @@ void seccomp_release(scmp_filter_ctx ctx); int seccomp_merge(scmp_filter_ctx ctx_dst, scmp_filter_ctx ctx_src); /** + * Resolve the architecture name to a architecture token + * @param arch_name the architecture name + * + * This function resolves the given architecture name to a token suitable for + * use with libseccomp, returns zero on failure. + * + */ +uint32_t seccomp_arch_resolve_name(const char *arch_name); + +/** * Return the native architecture token * * This function returns the native architecture token value, e.g. SCMP_ARCH_*. @@ -142,6 +142,21 @@ API int seccomp_merge(scmp_filter_ctx ctx_dst, } /* NOTE - function header comment in include/seccomp.h */ +API uint32_t seccomp_arch_resolve_name(const char *arch_name) +{ + const struct arch_def *arch; + + if (arch_name == NULL) + return 0; + + arch = arch_def_lookup_name(arch_name); + if (arch == NULL) + return 0; + + return arch->token; +} + +/* NOTE - function header comment in include/seccomp.h */ API uint32_t seccomp_arch_native(void) { return arch_def_native->token; @@ -105,6 +105,31 @@ const struct arch_def *arch_def_lookup(uint32_t token) } /** + * Lookup the architecture definition by name + * @param arch the architecure name + * + * Return the matching architecture definition, returns NULL on failure. + * + */ +const struct arch_def *arch_def_lookup_name(const char *arch_name) +{ + if (strcmp(arch_name, "x86") == 0) + return &arch_def_x86; + else if (strcmp(arch_name, "x86_64") == 0) + return &arch_def_x86_64; + else if (strcmp(arch_name, "x32") == 0) + return &arch_def_x32; + else if (strcmp(arch_name, "arm") == 0) + return &arch_def_arm; + else if (strcmp(arch_name, "mips") == 0) + return &arch_def_mips; + else if (strcmp(arch_name, "mipsel") == 0) + return &arch_def_mipsel; + + return NULL; +} + +/** * Determine the maximum number of syscall arguments * @param arch the architecture definition * @@ -78,6 +78,7 @@ struct arch_syscall_def { int arch_valid(uint32_t arch); const struct arch_def *arch_def_lookup(uint32_t token); +const struct arch_def *arch_def_lookup_name(const char *arch_name); int arch_arg_count_max(const struct arch_def *arch); diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd index 1c3921c..5fea471 100644 --- a/src/python/libseccomp.pxd +++ b/src/python/libseccomp.pxd @@ -69,6 +69,7 @@ cdef extern from "seccomp.h": int seccomp_merge(scmp_filter_ctx ctx_dst, scmp_filter_ctx ctx_src) + uint32_t seccomp_arch_resolve_name(char *arch_name) uint32_t seccomp_arch_native() int seccomp_arch_exist(scmp_filter_ctx ctx, int arch_token) int seccomp_arch_add(scmp_filter_ctx ctx, int arch_token) diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx index 702a520..f1848dc 100644 --- a/src/python/seccomp.pyx +++ b/src/python/seccomp.pyx @@ -120,9 +120,9 @@ def resolve_syscall(arch, syscall): """ cdef char *ret_str - if (isinstance(syscall, basestring)): + if isinstance(syscall, basestring): return libseccomp.seccomp_syscall_resolve_name_arch(arch, syscall) - elif (isinstance(syscall, int)): + elif isinstance(syscall, int): ret_str = libseccomp.seccomp_syscall_resolve_num_arch(arch, syscall) if ret_str is NULL: raise ValueError('Unknown syscall %d on arch %d' % (syscall, arch)) @@ -144,6 +144,8 @@ cdef class Arch: MIPSEL - MIPS little endian """ + cdef int _token + NATIVE = libseccomp.SCMP_ARCH_NATIVE X86 = libseccomp.SCMP_ARCH_X86 X86_64 = libseccomp.SCMP_ARCH_X86_64 @@ -152,6 +154,48 @@ cdef class Arch: MIPS = libseccomp.SCMP_ARCH_MIPS MIPSEL = libseccomp.SCMP_ARCH_MIPSEL + def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE): + """ Initialize the architecture object. + + Arguments: + arch - the architecture name or token value + + Description: + Create an architecture object using the given name or token value. + """ + if isinstance(arch, int): + if arch == libseccomp.SCMP_ARCH_NATIVE: + self._token = libseccomp.seccomp_arch_native() + elif arch == libseccomp.SCMP_ARCH_X86: + self._token = libseccomp.SCMP_ARCH_X86 + elif arch == libseccomp.SCMP_ARCH_X86_64: + self._token = libseccomp.SCMP_ARCH_X86_64 + elif arch == libseccomp.SCMP_ARCH_X32: + self._token = libseccomp.SCMP_ARCH_X32 + elif arch == libseccomp.SCMP_ARCH_ARM: + self._token = libseccomp.SCMP_ARCH_ARM + elif arch == libseccomp.SCMP_ARCH_MIPS: + self._token = libseccomp.SCMP_ARCH_MIPS + elif arch == libseccomp.SCMP_ARCH_MIPSEL: + self._token = libseccomp.SCMP_ARCH_MIPSEL + else: + self._token = 0; + elif isinstance(arch, basestring): + self._token = libseccomp.seccomp_arch_resolve_name(arch) + else: + raise TypeError("Architecture must be an int or str type") + if self._token == 0: + raise ValueError("Invalid architecture") + + def __int__(self): + """ Convert the architecture object to a token value. + + Description: + Convert the architecture object to an integer representing the + architecture's token value. + """ + return self._token + cdef class Attr: """ Python object representing the SyscallFilter attributes. |