1 files changed, 81 insertions, 0 deletions
diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c
new file mode 100644
index 000000000..e8639b822
--- /dev/null
+++ b/src/fsec-print/main.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2014-2017 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "fsec_print.h"
+static void usage(void) {
+        printf("Usage:\n");
+        printf("\tfsec-print file - disassemble seccomp filter\n");
+}
+int main(int argc, char **argv) {
+#if 0
+{
+//system("cat /proc/self/status");
+int i;
+for (i = 0; i < argc; i++)
+        printf("*%s* ", argv[i]);
+printf("\n");
+}
+#endif
+        if (argc != 2) {
+                usage();
+                return 1;
+        }
+        if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0) {
+                usage();
+                return 0;
+        }
+        char *fname = argv[1];
+        // open input file
+        int fd = open(fname, O_RDONLY);
+        if (fd == -1)
+                goto errexit;
+        // calculate the number of entries
+        int size = lseek(fd, 0, SEEK_END);
+        if (size == -1) // todo: check maximum size of seccomp filter (4KB?)
+                goto errexit;
+        unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter);
+        // read filter
+        struct sock_filter *filter = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
+        if (filter == MAP_FAILED)
+                goto errexit;
+        // print filter
+        print(filter, entries);
+        // free mapped memory
+        if (munmap(filter, size) == -1)
+                perror("Error un-mmapping the file");
+        // close file
+        close(fd);
+        return 0;
+errexit:
+        close(fd);
+        fprintf(stderr, "Error: cannot read %s\n", fname);
+        exit(1);
+}

diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c new file mode 100644 index 000000000..e8639b822 --- /dev/null +++ b/src/fsec-print/main.c
@@ -0,0 +1,81 @@
	1	/*
	2	* Copyright (C) 2014-2017 Firejail Authors
	3	*
	4	* This file is part of firejail project
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; either version 2 of the License, or
	9	* (at your option) any later version.
	10	*
	11	* This program is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	* GNU General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License along
	17	* with this program; if not, write to the Free Software Foundation, Inc.,
	18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	19	*/
	20	#include "fsec_print.h"
	21
	22	static void usage(void) {
	23	printf("Usage:\n");
	24	printf("\tfsec-print file - disassemble seccomp filter\n");
	25	}
	26
	27	int main(int argc, char **argv) {
	28	#if 0
	29	{
	30	//system("cat /proc/self/status");
	31	int i;
	32	for (i = 0; i < argc; i++)
	33	printf("%s ", argv[i]);
	34	printf("\n");
	35	}
	36	#endif
	37	if (argc != 2) {
	38	usage();
	39	return 1;
	40	}
	41
	42	if (strcmp(argv[1], "-h") == 0 \|\| strcmp(argv[1], "--help") == 0 \|\| strcmp(argv[1], "-?") == 0) {
	43	usage();
	44	return 0;
	45	}
	46
	47	char *fname = argv[1];
	48
	49	// open input file
	50	int fd = open(fname, O_RDONLY);
	51	if (fd == -1)
	52	goto errexit;
	53
	54	// calculate the number of entries
	55	int size = lseek(fd, 0, SEEK_END);
	56	if (size == -1) // todo: check maximum size of seccomp filter (4KB?)
	57	goto errexit;
	58	unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter);
	59
	60	// read filter
	61	struct sock_filter *filter = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
	62	if (filter == MAP_FAILED)
	63	goto errexit;
	64
	65
	66	// print filter
	67	print(filter, entries);
	68
	69	// free mapped memory
	70	if (munmap(filter, size) == -1)
	71	perror("Error un-mmapping the file");
	72
	73	// close file
	74	close(fd);
	75	return 0;
	76	errexit:
	77	close(fd);
	78	fprintf(stderr, "Error: cannot read %s\n", fname);
	79	exit(1);
	80
	81	}