script_core 0.2.2 → 0.2.7

data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.h

@@ -23,17 +23,9 @@
 #ifndef _ARCH_PPC64_H
 #define _ARCH_PPC64_H
 
-#include <inttypes.h>
-
 #include "arch.h"
-#include "system.h"
-
-extern const struct arch_def arch_def_ppc64;
-extern const struct arch_def arch_def_ppc64le;
-
-int ppc64_syscall_resolve_name(const char *name);
-const char *ppc64_syscall_resolve_num(int num);
 
-const struct arch_syscall_def *ppc64_syscall_iterate(unsigned int spot);
+ARCH_DECL(ppc64)
+ARCH_DECL(ppc64le)
 
 #endif

data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.c

@@ -0,0 +1,31 @@
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <linux/audit.h>
+
+#include "arch.h"
+#include "arch-riscv64.h"
+
+const struct arch_def arch_def_riscv64 = {
+	.token = SCMP_ARCH_RISCV64,
+	.token_bpf = AUDIT_ARCH_RISCV64,
+	.size = ARCH_SIZE_64,
+	.endian = ARCH_ENDIAN_LITTLE,
+	.syscall_resolve_name = riscv64_syscall_resolve_name,
+	.syscall_resolve_num = riscv64_syscall_resolve_num,
+	.syscall_rewrite = NULL,
+	.rule_add = NULL,
+};

data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.h

@@ -0,0 +1,22 @@
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#ifndef _ARCH_RISCV64_H
+#define _ARCH_RISCV64_H
+
+#include "arch.h"
+
+ARCH_DECL(riscv64)
+
+#endif

data/ext/enterprise_script_service/libseccomp/src/arch-s390.c

@@ -8,6 +8,8 @@
 #include <string.h>
 #include <linux/audit.h>
 
+#include "db.h"
+#include "syscalls.h"
 #include "arch.h"
 #include "arch-s390.h"
 
@@ -15,16 +17,159 @@
 #define __s390_NR_socketcall		102
 #define __s390_NR_ipc			117
 
-const struct arch_def arch_def_s390 = {
-	.token = SCMP_ARCH_S390,
-	.token_bpf = AUDIT_ARCH_S390,
-	.size = ARCH_SIZE_32,
-	.endian = ARCH_ENDIAN_BIG,
-	.syscall_resolve_name = s390_syscall_resolve_name,
-	.syscall_resolve_num = s390_syscall_resolve_num,
-	.syscall_rewrite = s390_syscall_rewrite,
-	.rule_add = s390_rule_add,
-};
+/**
+ * Resolve a syscall name to a number
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number using the syscall table.
+ * Returns the syscall number on success, including negative pseudo syscall
+ * numbers; returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int s390_syscall_resolve_name_munge(const char *name)
+{
+	if (strcmp(name, "accept") == 0)
+		return __PNR_accept;
+	if (strcmp(name, "accept4") == 0)
+		return __PNR_accept4;
+	else if (strcmp(name, "bind") == 0)
+		return __PNR_bind;
+	else if (strcmp(name, "connect") == 0)
+		return __PNR_connect;
+	else if (strcmp(name, "getpeername") == 0)
+		return __PNR_getpeername;
+	else if (strcmp(name, "getsockname") == 0)
+		return __PNR_getsockname;
+	else if (strcmp(name, "getsockopt") == 0)
+		return __PNR_getsockopt;
+	else if (strcmp(name, "listen") == 0)
+		return __PNR_listen;
+	else if (strcmp(name, "msgctl") == 0)
+		return __PNR_msgctl;
+	else if (strcmp(name, "msgget") == 0)
+		return __PNR_msgget;
+	else if (strcmp(name, "msgrcv") == 0)
+		return __PNR_msgrcv;
+	else if (strcmp(name, "msgsnd") == 0)
+		return __PNR_msgsnd;
+	else if (strcmp(name, "recv") == 0)
+		return __PNR_recv;
+	else if (strcmp(name, "recvfrom") == 0)
+		return __PNR_recvfrom;
+	else if (strcmp(name, "recvmsg") == 0)
+		return __PNR_recvmsg;
+	else if (strcmp(name, "semctl") == 0)
+		return __PNR_semctl;
+	else if (strcmp(name, "semget") == 0)
+		return __PNR_semget;
+	else if (strcmp(name, "semtimedop") == 0)
+		return __PNR_semtimedop;
+	else if (strcmp(name, "recvmmsg") == 0)
+		return __PNR_recvmmsg;
+	else if (strcmp(name, "send") == 0)
+		return __PNR_send;
+	else if (strcmp(name, "sendmsg") == 0)
+		return __PNR_sendmsg;
+	else if (strcmp(name, "sendmmsg") == 0)
+		return __PNR_sendmmsg;
+	else if (strcmp(name, "sendto") == 0)
+		return __PNR_sendto;
+	else if (strcmp(name, "setsockopt") == 0)
+		return __PNR_setsockopt;
+	else if (strcmp(name, "shmat") == 0)
+		return __PNR_shmat;
+	else if (strcmp(name, "shmdt") == 0)
+		return __PNR_shmdt;
+	else if (strcmp(name, "shmget") == 0)
+		return __PNR_shmget;
+	else if (strcmp(name, "shmctl") == 0)
+		return __PNR_shmctl;
+	else if (strcmp(name, "shutdown") == 0)
+		return __PNR_shutdown;
+	else if (strcmp(name, "socket") == 0)
+		return __PNR_socket;
+	else if (strcmp(name, "socketpair") == 0)
+		return __PNR_socketpair;
+
+	return s390_syscall_resolve_name(name);
+}
+
+/**
+ * Resolve a syscall number to a name
+ * @param num the syscall number
+ *
+ * Resolve the given syscall number to the syscall name using the syscall table.
+ * Returns a pointer to the syscall name string on success, including pseudo
+ * syscall names; returns NULL on failure.
+ *
+ */
+const char *s390_syscall_resolve_num_munge(int num)
+{
+	if (num == __PNR_accept)
+		return "accept";
+	else if (num == __PNR_accept4)
+		return "accept4";
+	else if (num == __PNR_bind)
+		return "bind";
+	else if (num == __PNR_connect)
+		return "connect";
+	else if (num == __PNR_getpeername)
+		return "getpeername";
+	else if (num == __PNR_getsockname)
+		return "getsockname";
+	else if (num == __PNR_getsockopt)
+		return "getsockopt";
+	else if (num == __PNR_listen)
+		return "listen";
+	else if (num == __PNR_msgctl)
+		return "msgctl";
+	else if (num == __PNR_msgget)
+		return "msgget";
+	else if (num == __PNR_msgrcv)
+		return "msgrcv";
+	else if (num == __PNR_msgsnd)
+		return "msgsnd";
+	else if (num == __PNR_recv)
+		return "recv";
+	else if (num == __PNR_recvfrom)
+		return "recvfrom";
+	else if (num == __PNR_recvmsg)
+		return "recvmsg";
+	else if (num == __PNR_recvmmsg)
+		return "recvmmsg";
+	else if (num == __PNR_semctl)
+		return "semctl";
+	else if (num == __PNR_semget)
+		return "semget";
+	else if (num == __PNR_semtimedop)
+		return "semtimedop";
+	else if (num == __PNR_send)
+		return "send";
+	else if (num == __PNR_sendmsg)
+		return "sendmsg";
+	else if (num == __PNR_sendmmsg)
+		return "sendmmsg";
+	else if (num == __PNR_sendto)
+		return "sendto";
+	else if (num == __PNR_setsockopt)
+		return "setsockopt";
+	else if (num == __PNR_shmat)
+		return "shmat";
+	else if (num == __PNR_shmdt)
+		return "shmdt";
+	else if (num == __PNR_shmget)
+		return "shmget";
+	else if (num == __PNR_shmctl)
+		return "shmctl";
+	else if (num == __PNR_shutdown)
+		return "shutdown";
+	else if (num == __PNR_socket)
+		return "socket";
+	else if (num == __PNR_socketpair)
+		return "socketpair";
+
+	return s390_syscall_resolve_num(num);
+}
 
 /**
  * Convert a multiplexed pseudo syscall into a direct syscall
@@ -107,8 +252,8 @@ static int _s390_syscall_demux(int syscall)
 		/* semctl */
 		return 394;
 	case -204:
-		/* semtimedop - not defined */
-		return __NR_SCMP_UNDEF;
+		/* semtimedop */
+		return 392;
 	case -211:
 		/* msgsnd */
 		return 400;
@@ -231,6 +376,9 @@ static int _s390_syscall_mux(int syscall)
 	case 396:
 		/* shmctl */
 		return -224;
+	case 392:
+		/* semtimedop */
+		return -204;
 	}
 
 	return __NR_SCMP_ERROR;
@@ -448,3 +596,14 @@ add_return:
 		free(rule_dup);
 	return rc;
 }
+
+const struct arch_def arch_def_s390 = {
+	.token = SCMP_ARCH_S390,
+	.token_bpf = AUDIT_ARCH_S390,
+	.size = ARCH_SIZE_32,
+	.endian = ARCH_ENDIAN_BIG,
+	.syscall_resolve_name = s390_syscall_resolve_name_munge,
+	.syscall_resolve_num = s390_syscall_resolve_num_munge,
+	.syscall_rewrite = s390_syscall_rewrite,
+	.rule_add = s390_rule_add,
+};

data/ext/enterprise_script_service/libseccomp/src/arch-s390.h

@@ -6,24 +6,8 @@
 #ifndef _ARCH_S390_H
 #define _ARCH_S390_H
 
-#include <inttypes.h>
-
 #include "arch.h"
-#include "db.h"
-#include "system.h"
-
-#define s390_arg_count_max		6
-
-extern const struct arch_def arch_def_s390;
-#define s390_arg_offset(x)		(offsetof(struct seccomp_data, args[x]))
-
-int s390_syscall_resolve_name(const char *name);
-const char *s390_syscall_resolve_num(int num);
-
-const struct arch_syscall_def *s390_syscall_iterate(unsigned int spot);
-
-int s390_syscall_rewrite(int *syscall);
 
-int s390_rule_add(struct db_filter *db, struct db_api_rule_list *rule);
+ARCH_DECL(s390)
 
 #endif

data/ext/enterprise_script_service/libseccomp/src/arch-s390x.c

@@ -8,6 +8,8 @@
 #include <string.h>
 #include <linux/audit.h>
 
+#include "db.h"
+#include "syscalls.h"
 #include "arch.h"
 #include "arch-s390x.h"
 
@@ -15,16 +17,159 @@
 #define __s390x_NR_socketcall		102
 #define __s390x_NR_ipc			117
 
-const struct arch_def arch_def_s390x = {
-	.token = SCMP_ARCH_S390X,
-	.token_bpf = AUDIT_ARCH_S390X,
-	.size = ARCH_SIZE_64,
-	.endian = ARCH_ENDIAN_BIG,
-	.syscall_resolve_name = s390x_syscall_resolve_name,
-	.syscall_resolve_num = s390x_syscall_resolve_num,
-	.syscall_rewrite = s390x_syscall_rewrite,
-	.rule_add = s390x_rule_add,
-};
+/**
+ * Resolve a syscall name to a number
+ * @param name the syscall name
+ *
+ * Resolve the given syscall name to the syscall number using the syscall table.
+ * Returns the syscall number on success, including negative pseudo syscall
+ * numbers; returns __NR_SCMP_ERROR on failure.
+ *
+ */
+int s390x_syscall_resolve_name_munge(const char *name)
+{
+	if (strcmp(name, "accept") == 0)
+		return __PNR_accept;
+	if (strcmp(name, "accept4") == 0)
+		return __PNR_accept4;
+	else if (strcmp(name, "bind") == 0)
+		return __PNR_bind;
+	else if (strcmp(name, "connect") == 0)
+		return __PNR_connect;
+	else if (strcmp(name, "getpeername") == 0)
+		return __PNR_getpeername;
+	else if (strcmp(name, "getsockname") == 0)
+		return __PNR_getsockname;
+	else if (strcmp(name, "getsockopt") == 0)
+		return __PNR_getsockopt;
+	else if (strcmp(name, "listen") == 0)
+		return __PNR_listen;
+	else if (strcmp(name, "msgctl") == 0)
+		return __PNR_msgctl;
+	else if (strcmp(name, "msgget") == 0)
+		return __PNR_msgget;
+	else if (strcmp(name, "msgrcv") == 0)
+		return __PNR_msgrcv;
+	else if (strcmp(name, "msgsnd") == 0)
+		return __PNR_msgsnd;
+	else if (strcmp(name, "recv") == 0)
+		return __PNR_recv;
+	else if (strcmp(name, "recvfrom") == 0)
+		return __PNR_recvfrom;
+	else if (strcmp(name, "recvmsg") == 0)
+		return __PNR_recvmsg;
+	else if (strcmp(name, "recvmmsg") == 0)
+		return __PNR_recvmmsg;
+	else if (strcmp(name, "semctl") == 0)
+		return __PNR_semctl;
+	else if (strcmp(name, "semget") == 0)
+		return __PNR_semget;
+	else if (strcmp(name, "semtimedop") == 0)
+		return __PNR_semtimedop;
+	else if (strcmp(name, "send") == 0)
+		return __PNR_send;
+	else if (strcmp(name, "sendmsg") == 0)
+		return __PNR_sendmsg;
+	else if (strcmp(name, "sendmmsg") == 0)
+		return __PNR_sendmmsg;
+	else if (strcmp(name, "sendto") == 0)
+		return __PNR_sendto;
+	else if (strcmp(name, "setsockopt") == 0)
+		return __PNR_setsockopt;
+	else if (strcmp(name, "shmat") == 0)
+		return __PNR_shmat;
+	else if (strcmp(name, "shmdt") == 0)
+		return __PNR_shmdt;
+	else if (strcmp(name, "shmget") == 0)
+		return __PNR_shmget;
+	else if (strcmp(name, "shmctl") == 0)
+		return __PNR_shmctl;
+	else if (strcmp(name, "shutdown") == 0)
+		return __PNR_shutdown;
+	else if (strcmp(name, "socket") == 0)
+		return __PNR_socket;
+	else if (strcmp(name, "socketpair") == 0)
+		return __PNR_socketpair;
+
+	return s390x_syscall_resolve_name(name);
+}
+
+/**
+ * Resolve a syscall number to a name
+ * @param num the syscall number
+ *
+ * Resolve the given syscall number to the syscall name using the syscall table.
+ * Returns a pointer to the syscall name string on success, including pseudo
+ * syscall names; returns NULL on failure.
+ *
+ */
+const char *s390x_syscall_resolve_num_munge(int num)
+{
+	if (num == __PNR_accept)
+		return "accept";
+	else if (num == __PNR_accept4)
+		return "accept4";
+	else if (num == __PNR_bind)
+		return "bind";
+	else if (num == __PNR_connect)
+		return "connect";
+	else if (num == __PNR_getpeername)
+		return "getpeername";
+	else if (num == __PNR_getsockname)
+		return "getsockname";
+	else if (num == __PNR_getsockopt)
+		return "getsockopt";
+	else if (num == __PNR_listen)
+		return "listen";
+	else if (num == __PNR_msgctl)
+		return "msgctl";
+	else if (num == __PNR_msgget)
+		return "msgget";
+	else if (num == __PNR_msgrcv)
+		return "msgrcv";
+	else if (num == __PNR_msgsnd)
+		return "msgsnd";
+	else if (num == __PNR_recv)
+		return "recv";
+	else if (num == __PNR_recvfrom)
+		return "recvfrom";
+	else if (num == __PNR_recvmsg)
+		return "recvmsg";
+	else if (num == __PNR_recvmmsg)
+		return "recvmmsg";
+	else if (num == __PNR_semctl)
+		return "semctl";
+	else if (num == __PNR_semget)
+		return "semget";
+	else if (num == __PNR_semtimedop)
+		return "semtimedop";
+	else if (num == __PNR_send)
+		return "send";
+	else if (num == __PNR_sendmsg)
+		return "sendmsg";
+	else if (num == __PNR_sendmmsg)
+		return "sendmmsg";
+	else if (num == __PNR_sendto)
+		return "sendto";
+	else if (num == __PNR_setsockopt)
+		return "setsockopt";
+	else if (num == __PNR_shmat)
+		return "shmat";
+	else if (num == __PNR_shmdt)
+		return "shmdt";
+	else if (num == __PNR_shmget)
+		return "shmget";
+	else if (num == __PNR_shmctl)
+		return "shmctl";
+	else if (num == __PNR_shutdown)
+		return "shutdown";
+	else if (num == __PNR_socket)
+		return "socket";
+	else if (num == __PNR_socketpair)
+		return "socketpair";
+
+	return s390x_syscall_resolve_num(num);
+}
 
 /**
  * Convert a multiplexed pseudo socket syscall into a direct syscall
@@ -450,3 +595,14 @@ add_return:
 		free(rule_dup);
 	return rc;
 }
+
+const struct arch_def arch_def_s390x = {
+	.token = SCMP_ARCH_S390X,
+	.token_bpf = AUDIT_ARCH_S390X,
+	.size = ARCH_SIZE_64,
+	.endian = ARCH_ENDIAN_BIG,
+	.syscall_resolve_name = s390x_syscall_resolve_name_munge,
+	.syscall_resolve_num = s390x_syscall_resolve_num_munge,
+	.syscall_rewrite = s390x_syscall_rewrite,
+	.rule_add = s390x_rule_add,
+};