Line data Source code
1 : /* THIS FILE WAS GENERATED BY generate_filters.py. DO NOT EDIT BY HAND! */
2 : #ifndef HEADER_fd_src_discof_restore_generated_fd_snaprd_tile_seccomp_h
3 : #define HEADER_fd_src_discof_restore_generated_fd_snaprd_tile_seccomp_h
4 :
5 : #include "../../../../src/util/fd_util_base.h"
6 : #include <linux/audit.h>
7 : #include <linux/capability.h>
8 : #include <linux/filter.h>
9 : #include <linux/seccomp.h>
10 : #include <linux/bpf.h>
11 : #include <sys/syscall.h>
12 : #include <signal.h>
13 : #include <stddef.h>
14 :
15 : #if defined(__i386__)
16 : # define ARCH_NR AUDIT_ARCH_I386
17 : #elif defined(__x86_64__)
18 : # define ARCH_NR AUDIT_ARCH_X86_64
19 : #elif defined(__aarch64__)
20 : # define ARCH_NR AUDIT_ARCH_AARCH64
21 : #else
22 : # error "Target architecture is unsupported by seccomp."
23 : #endif
24 : static const unsigned int sock_filter_policy_fd_snaprd_tile_instr_cnt = 129;
25 :
26 0 : static void populate_sock_filter_policy_fd_snaprd_tile( ulong out_cnt, struct sock_filter * out, uint logfile_fd, uint dir_fd, uint out_full_fd, uint out_inc_fd, uint in_full_fd, uint in_inc_fd ) {
27 0 : FD_TEST( out_cnt >= 129 );
28 0 : struct sock_filter filter[129] = {
29 : /* Check: Jump to RET_KILL_PROCESS if the script's arch != the runtime arch */
30 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, ( offsetof( struct seccomp_data, arch ) ) ),
31 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, ARCH_NR, 0, /* RET_KILL_PROCESS */ 125 ),
32 : /* loading syscall number in accumulator */
33 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, ( offsetof( struct seccomp_data, nr ) ) ),
34 : /* allow write based on expression */
35 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_write, /* check_write */ 13, 0 ),
36 : /* allow fsync based on expression */
37 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_fsync, /* check_fsync */ 20, 0 ),
38 : /* allow read based on expression */
39 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_read, /* check_read */ 21, 0 ),
40 : /* allow socket based on expression */
41 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_socket, /* check_socket */ 24, 0 ),
42 : /* allow connect based on expression */
43 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_connect, /* check_connect */ 35, 0 ),
44 : /* allow close based on expression */
45 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_close, /* check_close */ 48, 0 ),
46 : /* simply allow ppoll */
47 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_ppoll, /* RET_ALLOW */ 118, 0 ),
48 : /* allow sendto based on expression */
49 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_sendto, /* check_sendto */ 60, 0 ),
50 : /* allow recvfrom based on expression */
51 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_recvfrom, /* check_recvfrom */ 73, 0 ),
52 : /* allow setsockopt based on expression */
53 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_setsockopt, /* check_setsockopt */ 86, 0 ),
54 : /* allow renameat based on expression */
55 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_renameat, /* check_renameat */ 103, 0 ),
56 : /* allow unlinkat based on expression */
57 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_unlinkat, /* check_unlinkat */ 106, 0 ),
58 : /* allow exit based on expression */
59 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SYS_exit, /* check_exit */ 109, 0 ),
60 : /* none of the syscalls matched */
61 0 : { BPF_JMP | BPF_JA, 0, 0, /* RET_KILL_PROCESS */ 110 },
62 : // check_write:
63 : /* load syscall argument 0 in accumulator */
64 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
65 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, 2, /* RET_ALLOW */ 109, /* lbl_1 */ 0 ),
66 : // lbl_1:
67 : /* load syscall argument 0 in accumulator */
68 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
69 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, logfile_fd, /* RET_ALLOW */ 107, /* lbl_2 */ 0 ),
70 : // lbl_2:
71 : /* load syscall argument 0 in accumulator */
72 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
73 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, out_full_fd, /* RET_ALLOW */ 105, /* lbl_3 */ 0 ),
74 : // lbl_3:
75 : /* load syscall argument 0 in accumulator */
76 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
77 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, out_inc_fd, /* RET_ALLOW */ 103, /* RET_KILL_PROCESS */ 102 ),
78 : // check_fsync:
79 : /* load syscall argument 0 in accumulator */
80 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
81 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, logfile_fd, /* RET_ALLOW */ 101, /* RET_KILL_PROCESS */ 100 ),
82 : // check_read:
83 : /* load syscall argument 0 in accumulator */
84 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
85 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, in_full_fd, /* RET_ALLOW */ 99, /* lbl_4 */ 0 ),
86 : // lbl_4:
87 : /* load syscall argument 0 in accumulator */
88 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
89 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, in_inc_fd, /* RET_ALLOW */ 97, /* RET_KILL_PROCESS */ 96 ),
90 : // check_socket:
91 : /* load syscall argument 0 in accumulator */
92 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
93 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, PF_INET, /* lbl_6 */ 0, /* lbl_5 */ 4 ),
94 : // lbl_6:
95 : /* load syscall argument 1 in accumulator */
96 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[1])),
97 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SOCK_DGRAM|SOCK_NONBLOCK, /* lbl_7 */ 0, /* lbl_5 */ 2 ),
98 : // lbl_7:
99 : /* load syscall argument 2 in accumulator */
100 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[2])),
101 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, IPPROTO_ICMP, /* RET_ALLOW */ 91, /* lbl_5 */ 0 ),
102 : // lbl_5:
103 : /* load syscall argument 0 in accumulator */
104 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
105 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, AF_INET, /* lbl_8 */ 0, /* RET_KILL_PROCESS */ 88 ),
106 : // lbl_8:
107 : /* load syscall argument 1 in accumulator */
108 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[1])),
109 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SOCK_STREAM|SOCK_NONBLOCK, /* lbl_9 */ 0, /* RET_KILL_PROCESS */ 86 ),
110 : // lbl_9:
111 : /* load syscall argument 2 in accumulator */
112 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[2])),
113 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, 0, /* RET_ALLOW */ 85, /* RET_KILL_PROCESS */ 84 ),
114 : // check_connect:
115 : /* load syscall argument 0 in accumulator */
116 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
117 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, 2, /* RET_KILL_PROCESS */ 82, /* lbl_10 */ 0 ),
118 : // lbl_10:
119 : /* load syscall argument 0 in accumulator */
120 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
121 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, logfile_fd, /* RET_KILL_PROCESS */ 80, /* lbl_11 */ 0 ),
122 : // lbl_11:
123 : /* load syscall argument 0 in accumulator */
124 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
125 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, dir_fd, /* RET_KILL_PROCESS */ 78, /* lbl_12 */ 0 ),
126 : // lbl_12:
127 : /* load syscall argument 0 in accumulator */
128 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
129 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, out_full_fd, /* RET_KILL_PROCESS */ 76, /* lbl_13 */ 0 ),
130 : // lbl_13:
131 : /* load syscall argument 0 in accumulator */
132 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
133 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, out_inc_fd, /* RET_KILL_PROCESS */ 74, /* lbl_14 */ 0 ),
134 : // lbl_14:
135 : /* load syscall argument 0 in accumulator */
136 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
137 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, in_full_fd, /* RET_KILL_PROCESS */ 72, /* lbl_15 */ 0 ),
138 : // lbl_15:
139 : /* load syscall argument 0 in accumulator */
140 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
141 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, in_inc_fd, /* RET_KILL_PROCESS */ 70, /* RET_ALLOW */ 71 ),
142 : // check_close:
143 : /* load syscall argument 0 in accumulator */
144 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
145 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, 2, /* RET_KILL_PROCESS */ 68, /* lbl_16 */ 0 ),
146 : // lbl_16:
147 : /* load syscall argument 0 in accumulator */
148 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
149 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, logfile_fd, /* RET_KILL_PROCESS */ 66, /* lbl_17 */ 0 ),
150 : // lbl_17:
151 : /* load syscall argument 0 in accumulator */
152 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
153 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, dir_fd, /* RET_KILL_PROCESS */ 64, /* lbl_18 */ 0 ),
154 : // lbl_18:
155 : /* load syscall argument 0 in accumulator */
156 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
157 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, out_full_fd, /* RET_KILL_PROCESS */ 62, /* lbl_19 */ 0 ),
158 : // lbl_19:
159 : /* load syscall argument 0 in accumulator */
160 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
161 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, out_inc_fd, /* RET_KILL_PROCESS */ 60, /* lbl_20 */ 0 ),
162 : // lbl_20:
163 : /* load syscall argument 0 in accumulator */
164 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
165 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, in_full_fd, /* RET_KILL_PROCESS */ 58, /* lbl_21 */ 0 ),
166 : // lbl_21:
167 : /* load syscall argument 0 in accumulator */
168 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
169 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, in_inc_fd, /* RET_KILL_PROCESS */ 56, /* RET_ALLOW */ 57 ),
170 : // check_sendto:
171 : /* load syscall argument 0 in accumulator */
172 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
173 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, 2, /* RET_KILL_PROCESS */ 54, /* lbl_22 */ 0 ),
174 : // lbl_22:
175 : /* load syscall argument 0 in accumulator */
176 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
177 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, logfile_fd, /* RET_KILL_PROCESS */ 52, /* lbl_23 */ 0 ),
178 : // lbl_23:
179 : /* load syscall argument 0 in accumulator */
180 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
181 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, dir_fd, /* RET_KILL_PROCESS */ 50, /* lbl_24 */ 0 ),
182 : // lbl_24:
183 : /* load syscall argument 0 in accumulator */
184 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
185 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, out_full_fd, /* RET_KILL_PROCESS */ 48, /* lbl_25 */ 0 ),
186 : // lbl_25:
187 : /* load syscall argument 0 in accumulator */
188 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
189 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, out_inc_fd, /* RET_KILL_PROCESS */ 46, /* lbl_26 */ 0 ),
190 : // lbl_26:
191 : /* load syscall argument 0 in accumulator */
192 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
193 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, in_full_fd, /* RET_KILL_PROCESS */ 44, /* lbl_27 */ 0 ),
194 : // lbl_27:
195 : /* load syscall argument 0 in accumulator */
196 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
197 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, in_inc_fd, /* RET_KILL_PROCESS */ 42, /* RET_ALLOW */ 43 ),
198 : // check_recvfrom:
199 : /* load syscall argument 0 in accumulator */
200 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
201 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, 2, /* RET_KILL_PROCESS */ 40, /* lbl_28 */ 0 ),
202 : // lbl_28:
203 : /* load syscall argument 0 in accumulator */
204 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
205 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, logfile_fd, /* RET_KILL_PROCESS */ 38, /* lbl_29 */ 0 ),
206 : // lbl_29:
207 : /* load syscall argument 0 in accumulator */
208 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
209 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, dir_fd, /* RET_KILL_PROCESS */ 36, /* lbl_30 */ 0 ),
210 : // lbl_30:
211 : /* load syscall argument 0 in accumulator */
212 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
213 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, out_full_fd, /* RET_KILL_PROCESS */ 34, /* lbl_31 */ 0 ),
214 : // lbl_31:
215 : /* load syscall argument 0 in accumulator */
216 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
217 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, out_inc_fd, /* RET_KILL_PROCESS */ 32, /* lbl_32 */ 0 ),
218 : // lbl_32:
219 : /* load syscall argument 0 in accumulator */
220 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
221 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, in_full_fd, /* RET_KILL_PROCESS */ 30, /* lbl_33 */ 0 ),
222 : // lbl_33:
223 : /* load syscall argument 0 in accumulator */
224 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
225 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, in_inc_fd, /* RET_KILL_PROCESS */ 28, /* RET_ALLOW */ 29 ),
226 : // check_setsockopt:
227 : /* load syscall argument 0 in accumulator */
228 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
229 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, 2, /* RET_KILL_PROCESS */ 26, /* lbl_35 */ 0 ),
230 : // lbl_35:
231 : /* load syscall argument 0 in accumulator */
232 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
233 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, logfile_fd, /* RET_KILL_PROCESS */ 24, /* lbl_36 */ 0 ),
234 : // lbl_36:
235 : /* load syscall argument 0 in accumulator */
236 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
237 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, dir_fd, /* RET_KILL_PROCESS */ 22, /* lbl_37 */ 0 ),
238 : // lbl_37:
239 : /* load syscall argument 0 in accumulator */
240 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
241 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, out_full_fd, /* RET_KILL_PROCESS */ 20, /* lbl_38 */ 0 ),
242 : // lbl_38:
243 : /* load syscall argument 0 in accumulator */
244 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
245 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, out_inc_fd, /* RET_KILL_PROCESS */ 18, /* lbl_39 */ 0 ),
246 : // lbl_39:
247 : /* load syscall argument 0 in accumulator */
248 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
249 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, in_full_fd, /* RET_KILL_PROCESS */ 16, /* lbl_40 */ 0 ),
250 : // lbl_40:
251 : /* load syscall argument 0 in accumulator */
252 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
253 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, in_inc_fd, /* RET_KILL_PROCESS */ 14, /* lbl_34 */ 0 ),
254 : // lbl_34:
255 : /* load syscall argument 1 in accumulator */
256 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[1])),
257 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, SOL_TCP, /* lbl_41 */ 0, /* RET_KILL_PROCESS */ 12 ),
258 : // lbl_41:
259 : /* load syscall argument 2 in accumulator */
260 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[2])),
261 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, TCP_NODELAY, /* RET_ALLOW */ 11, /* RET_KILL_PROCESS */ 10 ),
262 : // check_renameat:
263 : /* load syscall argument 0 in accumulator */
264 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
265 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, dir_fd, /* lbl_42 */ 0, /* RET_KILL_PROCESS */ 8 ),
266 : // lbl_42:
267 : /* load syscall argument 2 in accumulator */
268 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[2])),
269 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, dir_fd, /* RET_ALLOW */ 7, /* RET_KILL_PROCESS */ 6 ),
270 : // check_unlinkat:
271 : /* load syscall argument 0 in accumulator */
272 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
273 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, dir_fd, /* lbl_43 */ 0, /* RET_KILL_PROCESS */ 4 ),
274 : // lbl_43:
275 : /* load syscall argument 2 in accumulator */
276 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[2])),
277 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, 0, /* RET_ALLOW */ 3, /* RET_KILL_PROCESS */ 2 ),
278 : // check_exit:
279 : /* load syscall argument 0 in accumulator */
280 0 : BPF_STMT( BPF_LD | BPF_W | BPF_ABS, offsetof(struct seccomp_data, args[0])),
281 0 : BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, 0, /* RET_ALLOW */ 1, /* RET_KILL_PROCESS */ 0 ),
282 : // RET_KILL_PROCESS:
283 : /* KILL_PROCESS is placed before ALLOW since it's the fallthrough case. */
284 0 : BPF_STMT( BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS ),
285 : // RET_ALLOW:
286 : /* ALLOW has to be reached by jumping */
287 : BPF_STMT( BPF_RET | BPF_K, SECCOMP_RET_ALLOW ),
288 0 : };
289 0 : fd_memcpy( out, filter, sizeof( filter ) );
290 0 : }
291 :
292 : #endif
|
