This patch also converts the seccomp.resolve_syscall() method to use the new resolution API.
Signed-off-by: Paul Moore <[email protected]> --- doc/Makefile.am | 1 + doc/man/man3/seccomp_syscall_resolve_name.3 | 18 +++++++++---- .../seccomp_syscall_resolve_name_rewrite_arch.3 | 1 + include/seccomp.h.in | 14 ++++++++++ src/api.c | 27 ++++++++++++++++++++ src/python/libseccomp.pxd | 1 + src/python/seccomp.pyx | 3 +- 7 files changed, 58 insertions(+), 7 deletions(-) create mode 100644 doc/man/man3/seccomp_syscall_resolve_name_rewrite_arch.3 diff --git a/doc/Makefile.am b/doc/Makefile.am index fd9169e..d62cdc1 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -41,4 +41,5 @@ man3_MANS = \ man/man3/seccomp_syscall_priority.3 \ man/man3/seccomp_syscall_resolve_name.3 \ man/man3/seccomp_syscall_resolve_name_arch.3 \ + man/man3/seccomp_syscall_resolve_name_rewrite_arch.3 \ man/man3/seccomp_syscall_resolve_num_arch.3 diff --git a/doc/man/man3/seccomp_syscall_resolve_name.3 b/doc/man/man3/seccomp_syscall_resolve_name.3 index 1f501a5..0e86e01 100644 --- a/doc/man/man3/seccomp_syscall_resolve_name.3 +++ b/doc/man/man3/seccomp_syscall_resolve_name.3 @@ -1,4 +1,4 @@ -.TH "seccomp_syscall_resolve_name" 3 "7 January 2013" "[email protected]" "libseccomp Documentation" +.TH "seccomp_syscall_resolve_name" 3 "8 May 2014" "[email protected]" "libseccomp Documentation" .\" ////////////////////////////////////////////////////////////////////////// .SH NAME .\" ////////////////////////////////////////////////////////////////////////// @@ -12,6 +12,8 @@ seccomp_syscall_resolve_name \- Resolve a syscall name .BI "int seccomp_syscall_resolve_name(const char *" name ");" .BI "int seccomp_syscall_resolve_name_arch(uint32_t " arch_token "," .BI " const char *" name ");" +.BI "int seccomp_syscall_resolve_name_rewrite_arch(uint32_t " arch_token "," +.BI " const char *" name ");" .BI "char *seccomp_syscall_resolve_num_arch(uint32_t " arch_token ", int " num ");" .sp Link with \fI\-lseccomp\fP. @@ -21,11 +23,14 @@ Link with \fI\-lseccomp\fP. .\" ////////////////////////////////////////////////////////////////////////// .P The -.BR seccomp_syscall_resolve_name () +.BR seccomp_syscall_resolve_name() , +.BR seccomp_syscall_resolve_name_arch() , and -.BR seccomp_syscall_resolve_name_arch() +.BR seccomp_syscall_resolve_name_rewrite_arch() functions resolve the commonly used syscall name to the syscall number used by -the kernel and the rest of the libseccomp API. The +the kernel and the rest of the libseccomp API, with +.BR seccomp_syscall_resolve_name_rewrite_arch() +rewriting the syscall number for architectures that modify the syscall. The .BR seccomp_syscall_resolve_num_arch() function resolves the syscall number used by the kernel to the commonly used syscall name. @@ -37,9 +42,10 @@ The caller is responsible for freeing the returned string from .\" ////////////////////////////////////////////////////////////////////////// .P In the case of -.BR seccomp_syscall_resolve_name () +.BR seccomp_syscall_resolve_name() , +.BR seccomp_syscall_resolve_name_arch() , and -.BR seccomp_syscall_resolve_name_arch() +.BR seccomp_syscall_resolve_name_rewrite_arch() the associated syscall number is returned, with the negative pseudo syscall number being returned in cases where the given syscall does not exist for the architecture. The value diff --git a/doc/man/man3/seccomp_syscall_resolve_name_rewrite_arch.3 b/doc/man/man3/seccomp_syscall_resolve_name_rewrite_arch.3 new file mode 100644 index 0000000..f6d4472 --- /dev/null +++ b/doc/man/man3/seccomp_syscall_resolve_name_rewrite_arch.3 @@ -0,0 +1 @@ +.so man3/seccomp_syscall_resolve_name.3 diff --git a/include/seccomp.h.in b/include/seccomp.h.in index e119c8c..76a56fe 100644 --- a/include/seccomp.h.in +++ b/include/seccomp.h.in @@ -375,6 +375,20 @@ char *seccomp_syscall_resolve_num_arch(uint32_t arch_token, int num); int seccomp_syscall_resolve_name_arch(uint32_t arch_token, const char *name); /** + * Resolve a syscall name to a number and perform any rewriting necessary + * @param arch_token the architecture token, e.g. SCMP_ARCH_* + * @param name the syscall name + * + * Resolve the given syscall name to the syscall number for the given + * architecture and do any necessary syscall rewriting needed by the + * architecture. Returns the syscall number on success, including negative + * pseudo syscall numbers (e.g. __PNR_*); returns __NR_SCMP_ERROR on failure. + * + */ +int seccomp_syscall_resolve_name_rewrite_arch(uint32_t arch_token, + const char *name); + +/** * Resolve a syscall name to a number * @param name the syscall name * diff --git a/src/api.c b/src/api.c index 7d4843f..962d6a8 100644 --- a/src/api.c +++ b/src/api.c @@ -312,6 +312,33 @@ API int seccomp_syscall_resolve_name_arch(uint32_t arch_token, const char *name) } /* NOTE - function header comment in include/seccomp.h */ +API int seccomp_syscall_resolve_name_rewrite_arch(uint32_t arch_token, + const char *name) +{ + int syscall; + const struct arch_def *arch; + + if (name == NULL) + return __NR_SCMP_ERROR; + + if (arch_token == 0) + arch_token = arch_def_native->token; + if (arch_valid(arch_token)) + return __NR_SCMP_ERROR; + arch = arch_def_lookup(arch_token); + if (arch == NULL) + return __NR_SCMP_ERROR; + + syscall = arch_syscall_resolve_name(arch, name); + if (syscall == __NR_SCMP_ERROR) + return __NR_SCMP_ERROR; + if (arch_syscall_rewrite(arch, 0, &syscall) < 0) + return __NR_SCMP_ERROR; + + return syscall; +} + +/* NOTE - function header comment in include/seccomp.h */ API int seccomp_syscall_resolve_name(const char *name) { return seccomp_syscall_resolve_name_arch(SCMP_ARCH_NATIVE, name); diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd index 5fea471..13c50d0 100644 --- a/src/python/libseccomp.pxd +++ b/src/python/libseccomp.pxd @@ -84,6 +84,7 @@ cdef extern from "seccomp.h": char *seccomp_syscall_resolve_num_arch(int arch_token, int num) int seccomp_syscall_resolve_name_arch(int arch_token, char *name) + int seccomp_syscall_resolve_name_rewrite_arch(int arch_token, char *name) int seccomp_syscall_resolve_name(char *name) int seccomp_syscall_priority(scmp_filter_ctx ctx, int syscall, uint8_t priority) diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx index f1848dc..cb3132c 100644 --- a/src/python/seccomp.pyx +++ b/src/python/seccomp.pyx @@ -121,7 +121,8 @@ def resolve_syscall(arch, syscall): cdef char *ret_str if isinstance(syscall, basestring): - return libseccomp.seccomp_syscall_resolve_name_arch(arch, syscall) + return libseccomp.seccomp_syscall_resolve_name_rewrite_arch(arch, + syscall) elif isinstance(syscall, int): ret_str = libseccomp.seccomp_syscall_resolve_num_arch(arch, syscall) if ret_str is NULL: ------------------------------------------------------------------------------ Is your legacy SCM system holding you back? Join Perforce May 7 to find out: • 3 signs your SCM is hindering your productivity • Requirements for releasing software faster • Expert tips and advice for migrating your SCM now http://p.sf.net/sfu/perforce _______________________________________________ libseccomp-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
