aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/errno.c206
-rw-r--r--src/lib/syscall.c1694
2 files changed, 1900 insertions, 0 deletions
diff --git a/src/lib/errno.c b/src/lib/errno.c
new file mode 100644
index 000000000..d38c197ad
--- /dev/null
+++ b/src/lib/errno.c
@@ -0,0 +1,206 @@
1/*
2 * Copyright (C) 2014-2020 Firejail Authors
3 *
4 * This file is part of firejail project
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19*/
20#include "../include/syscall.h"
21
22#include <errno.h>
23#include <stdio.h>
24#include <string.h>
25//#include <attr/xattr.h>
26
27typedef struct {
28 char *name;
29 int nr;
30} ErrnoEntry;
31
32static ErrnoEntry errnolist[] = {
33//
34// code generated using tools/extract-errnos
35//
36 {"EPERM", EPERM},
37 {"ENOENT", ENOENT},
38 {"ESRCH", ESRCH},
39 {"EINTR", EINTR},
40 {"EIO", EIO},
41 {"ENXIO", ENXIO},
42 {"E2BIG", E2BIG},
43 {"ENOEXEC", ENOEXEC},
44 {"EBADF", EBADF},
45 {"ECHILD", ECHILD},
46 {"EAGAIN", EAGAIN},
47 {"ENOMEM", ENOMEM},
48 {"EACCES", EACCES},
49 {"EFAULT", EFAULT},
50 {"ENOTBLK", ENOTBLK},
51 {"EBUSY", EBUSY},
52 {"EEXIST", EEXIST},
53 {"EXDEV", EXDEV},
54 {"ENODEV", ENODEV},
55 {"ENOTDIR", ENOTDIR},
56 {"EISDIR", EISDIR},
57 {"EINVAL", EINVAL},
58 {"ENFILE", ENFILE},
59 {"EMFILE", EMFILE},
60 {"ENOTTY", ENOTTY},
61 {"ETXTBSY", ETXTBSY},
62 {"EFBIG", EFBIG},
63 {"ENOSPC", ENOSPC},
64 {"ESPIPE", ESPIPE},
65 {"EROFS", EROFS},
66 {"EMLINK", EMLINK},
67 {"EPIPE", EPIPE},
68 {"EDOM", EDOM},
69 {"ERANGE", ERANGE},
70 {"EDEADLK", EDEADLK},
71 {"ENAMETOOLONG", ENAMETOOLONG},
72 {"ENOLCK", ENOLCK},
73 {"ENOSYS", ENOSYS},
74 {"ENOTEMPTY", ENOTEMPTY},
75 {"ELOOP", ELOOP},
76 {"EWOULDBLOCK", EWOULDBLOCK},
77 {"ENOMSG", ENOMSG},
78 {"EIDRM", EIDRM},
79 {"ECHRNG", ECHRNG},
80 {"EL2NSYNC", EL2NSYNC},
81 {"EL3HLT", EL3HLT},
82 {"EL3RST", EL3RST},
83 {"ELNRNG", ELNRNG},
84 {"EUNATCH", EUNATCH},
85 {"ENOCSI", ENOCSI},
86 {"EL2HLT", EL2HLT},
87 {"EBADE", EBADE},
88 {"EBADR", EBADR},
89 {"EXFULL", EXFULL},
90 {"ENOANO", ENOANO},
91 {"EBADRQC", EBADRQC},
92 {"EBADSLT", EBADSLT},
93 {"EDEADLOCK", EDEADLOCK},
94 {"EBFONT", EBFONT},
95 {"ENOSTR", ENOSTR},
96 {"ENODATA", ENODATA},
97 {"ETIME", ETIME},
98 {"ENOSR", ENOSR},
99 {"ENONET", ENONET},
100 {"ENOPKG", ENOPKG},
101 {"EREMOTE", EREMOTE},
102 {"ENOLINK", ENOLINK},
103 {"EADV", EADV},
104 {"ESRMNT", ESRMNT},
105 {"ECOMM", ECOMM},
106 {"EPROTO", EPROTO},
107 {"EMULTIHOP", EMULTIHOP},
108 {"EDOTDOT", EDOTDOT},
109 {"EBADMSG", EBADMSG},
110 {"EOVERFLOW", EOVERFLOW},
111 {"ENOTUNIQ", ENOTUNIQ},
112 {"EBADFD", EBADFD},
113 {"EREMCHG", EREMCHG},
114 {"ELIBACC", ELIBACC},
115 {"ELIBBAD", ELIBBAD},
116 {"ELIBSCN", ELIBSCN},
117 {"ELIBMAX", ELIBMAX},
118 {"ELIBEXEC", ELIBEXEC},
119 {"EILSEQ", EILSEQ},
120 {"ERESTART", ERESTART},
121 {"ESTRPIPE", ESTRPIPE},
122 {"EUSERS", EUSERS},
123 {"ENOTSOCK", ENOTSOCK},
124 {"EDESTADDRREQ", EDESTADDRREQ},
125 {"EMSGSIZE", EMSGSIZE},
126 {"EPROTOTYPE", EPROTOTYPE},
127 {"ENOPROTOOPT", ENOPROTOOPT},
128 {"EPROTONOSUPPORT", EPROTONOSUPPORT},
129 {"ESOCKTNOSUPPORT", ESOCKTNOSUPPORT},
130 {"EOPNOTSUPP", EOPNOTSUPP},
131 {"EPFNOSUPPORT", EPFNOSUPPORT},
132 {"EAFNOSUPPORT", EAFNOSUPPORT},
133 {"EADDRINUSE", EADDRINUSE},
134 {"EADDRNOTAVAIL", EADDRNOTAVAIL},
135 {"ENETDOWN", ENETDOWN},
136 {"ENETUNREACH", ENETUNREACH},
137 {"ENETRESET", ENETRESET},
138 {"ECONNABORTED", ECONNABORTED},
139 {"ECONNRESET", ECONNRESET},
140 {"ENOBUFS", ENOBUFS},
141 {"EISCONN", EISCONN},
142 {"ENOTCONN", ENOTCONN},
143 {"ESHUTDOWN", ESHUTDOWN},
144 {"ETOOMANYREFS", ETOOMANYREFS},
145 {"ETIMEDOUT", ETIMEDOUT},
146 {"ECONNREFUSED", ECONNREFUSED},
147 {"EHOSTDOWN", EHOSTDOWN},
148 {"EHOSTUNREACH", EHOSTUNREACH},
149 {"EALREADY", EALREADY},
150 {"EINPROGRESS", EINPROGRESS},
151 {"ESTALE", ESTALE},
152 {"EUCLEAN", EUCLEAN},
153 {"ENOTNAM", ENOTNAM},
154 {"ENAVAIL", ENAVAIL},
155 {"EISNAM", EISNAM},
156 {"EREMOTEIO", EREMOTEIO},
157 {"EDQUOT", EDQUOT},
158 {"ENOMEDIUM", ENOMEDIUM},
159 {"EMEDIUMTYPE", EMEDIUMTYPE},
160 {"ECANCELED", ECANCELED},
161 {"ENOKEY", ENOKEY},
162 {"EKEYEXPIRED", EKEYEXPIRED},
163 {"EKEYREVOKED", EKEYREVOKED},
164 {"EKEYREJECTED", EKEYREJECTED},
165 {"EOWNERDEAD", EOWNERDEAD},
166 {"ENOTRECOVERABLE", ENOTRECOVERABLE},
167 {"ERFKILL", ERFKILL},
168 {"EHWPOISON", EHWPOISON},
169 {"ENOTSUP", ENOTSUP},
170#ifdef ENOATTR
171 {"ENOATTR", ENOATTR},
172#endif
173};
174
175int errno_find_name(const char *name) {
176 int i;
177 int elems = sizeof(errnolist) / sizeof(errnolist[0]);
178 for (i = 0; i < elems; i++) {
179 if (strcasecmp(name, errnolist[i].name) == 0)
180 return errnolist[i].nr;
181 }
182
183 return -1;
184}
185
186char *errno_find_nr(int nr) {
187 int i;
188 int elems = sizeof(errnolist) / sizeof(errnolist[0]);
189 for (i = 0; i < elems; i++) {
190 if (nr == errnolist[i].nr)
191 return errnolist[i].name;
192 }
193
194 return "unknown";
195}
196
197
198
199void errno_print(void) {
200 int i;
201 int elems = sizeof(errnolist) / sizeof(errnolist[0]);
202 for (i = 0; i < elems; i++) {
203 printf("%d\t- %s\n", errnolist[i].nr, errnolist[i].name);
204 }
205 printf("\n");
206}
diff --git a/src/lib/syscall.c b/src/lib/syscall.c
new file mode 100644
index 000000000..1cf7f2d52
--- /dev/null
+++ b/src/lib/syscall.c
@@ -0,0 +1,1694 @@
1/*
2 * Copyright (C) 2014-2020 Firejail Authors
3 *
4 * This file is part of firejail project
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19*/
20#define _GNU_SOURCE
21#include "../include/syscall.h"
22#include <assert.h>
23#include <stdbool.h>
24#include <stdio.h>
25#include <string.h>
26#include <sys/syscall.h>
27#include "../include/common.h"
28
29typedef struct {
30 const char * const name;
31 int nr;
32} SyscallEntry;
33
34typedef struct {
35 const char * const name;
36 const char * const list;
37} SyscallGroupList;
38
39typedef struct {
40 const char *slist;
41 char *prelist, *postlist;
42 bool found;
43 int syscall;
44} SyscallCheckList;
45
46// Native syscalls (64 bit versions for 64 bit arch etc)
47static const SyscallEntry syslist[] = {
48#if defined(__x86_64__)
49// code generated using
50// awk '/__NR_/ { print "{ \"" gensub("__NR_", "", "g", $2) "\", " $3 " },"; }' < /usr/include/x86_64-linux-gnu/asm/unistd_64.h
51#include "../include/syscall_x86_64.h"
52#elif defined(__i386__)
53// awk '/__NR_/ { print "{ \"" gensub("__NR_", "", "g", $2) "\", " $3 " },"; }' < /usr/include/x86_64-linux-gnu/asm/unistd_32.h
54#include "../include/syscall_i386.h"
55#else
56#warning "Please submit a syscall table for your architecture"
57#endif
58};
59
60// 32 bit syscalls for 64 bit arch
61static const SyscallEntry syslist32[] = {
62#if defined(__x86_64__)
63#include "../include/syscall_i386.h"
64// TODO for other 64 bit archs
65#elif defined(__i386__) || defined(__arm__) || defined(__powerpc__)
66// no secondary arch for 32 bit archs
67#endif
68};
69
70static const SyscallGroupList sysgroups[] = {
71 { .name = "@aio", .list =
72#ifdef SYS_io_cancel
73 "io_cancel,"
74#endif
75#ifdef SYS_io_destroy
76 "io_destroy,"
77#endif
78#ifdef SYS_io_getevents
79 "io_getevents,"
80#endif
81#ifdef SYS_io_pgetevents
82 "io_pgetevents,"
83#endif
84#ifdef SYS_io_setup
85 "io_setup,"
86#endif
87#ifdef SYS_io_submit
88 "io_submit"
89#endif
90 },
91 { .name = "@basic-io", .list =
92#ifdef SYS__llseek
93 "_llseek,"
94#endif
95#ifdef SYS_close
96 "close,"
97#endif
98#ifdef SYS_dup
99 "dup,"
100#endif
101#ifdef SYS_dup2
102 "dup2,"
103#endif
104#ifdef SYS_dup3
105 "dup3,"
106#endif
107#ifdef SYS_lseek
108 "lseek,"
109#endif
110#ifdef SYS_pread64
111 "pread64,"
112#endif
113#ifdef SYS_preadv
114 "preadv,"
115#endif
116#ifdef SYS_preadv2
117 "preadv2,"
118#endif
119#ifdef SYS_pwrite64
120 "pwrite64,"
121#endif
122#ifdef SYS_pwritev
123 "pwritev,"
124#endif
125#ifdef SYS_pwritev2
126 "pwritev2,"
127#endif
128#ifdef SYS_read
129 "read,"
130#endif
131#ifdef SYS_readv
132 "readv,"
133#endif
134#ifdef SYS_write
135 "write,"
136#endif
137#ifdef SYS_writev
138 "writev"
139#endif
140 },
141 { .name = "@chown", .list =
142#ifdef SYS_chown
143 "chown,"
144#endif
145#ifdef SYS_chown32
146 "chown32,"
147#endif
148#ifdef SYS_fchown
149 "fchown,"
150#endif
151#ifdef SYS_fchown32
152 "fchown32,"
153#endif
154#ifdef SYS_fchownat
155 "fchownat,"
156#endif
157#ifdef SYS_lchown
158 "lchown,"
159#endif
160#ifdef SYS_lchown32
161 "lchown32"
162#endif
163 },
164 { .name = "@clock", .list =
165#ifdef SYS_adjtimex
166 "adjtimex,"
167#endif
168#ifdef SYS_clock_adjtime
169 "clock_adjtime,"
170#endif
171#ifdef SYS_clock_settime
172 "clock_settime,"
173#endif
174#ifdef SYS_settimeofday
175 "settimeofday,"
176#endif
177#ifdef SYS_stime
178 "stime"
179#endif
180 },
181 { .name = "@cpu-emulation", .list =
182#ifdef SYS_modify_ldt
183 "modify_ldt,"
184#endif
185#ifdef SYS_subpage_prot
186 "subpage_prot,"
187#endif
188#ifdef SYS_switch_endian
189 "switch_endian,"
190#endif
191#ifdef SYS_vm86
192 "vm86,"
193#endif
194#ifdef SYS_vm86old
195 "vm86old"
196#endif
197#if !defined(SYS_modify_ldt) && !defined(SYS_subpage_prot) && !defined(SYS_switch_endian) && !defined(SYS_vm86) && !defined(SYS_vm86old)
198 "__dummy_syscall__" // workaround for arm64, s390x and sparc64 which don't have any of above defined and empty syscall lists are not allowed
199#endif
200 },
201 { .name = "@debug", .list =
202#ifdef SYS_lookup_dcookie
203 "lookup_dcookie,"
204#endif
205#ifdef SYS_perf_event_open
206 "perf_event_open,"
207#endif
208#ifdef SYS_process_vm_writev
209 "process_vm_writev,"
210#endif
211#ifdef SYS_rtas
212 "rtas,"
213#endif
214#ifdef SYS_s390_runtime_instr
215 "s390_runtime_instr,"
216#endif
217#ifdef SYS_sys_debug_setcontext
218 "sys_debug_setcontext,"
219#endif
220 },
221 { .name = "@default", .list =
222 "@clock,"
223 "@cpu-emulation,"
224 "@debug,"
225 "@module,"
226 "@obsolete,"
227 "@raw-io,"
228 "@reboot,"
229 "@swap,"
230#ifdef SYS_open_by_handle_at
231 "open_by_handle_at,"
232#endif
233#ifdef SYS_name_to_handle_at
234 "name_to_handle_at,"
235#endif
236#ifdef SYS_ioprio_set
237 "ioprio_set,"
238#endif
239#ifdef SYS_ni_syscall
240 "ni_syscall,"
241#endif
242#ifdef SYS_syslog
243 "syslog,"
244#endif
245#ifdef SYS_fanotify_init
246 "fanotify_init,"
247#endif
248#ifdef SYS_kcmp
249 "kcmp,"
250#endif
251#ifdef SYS_add_key
252 "add_key,"
253#endif
254#ifdef SYS_request_key
255 "request_key,"
256#endif
257#ifdef SYS_mbind
258 "mbind,"
259#endif
260#ifdef SYS_migrate_pages
261 "migrate_pages,"
262#endif
263#ifdef SYS_move_pages
264 "move_pages,"
265#endif
266#ifdef SYS_keyctl
267 "keyctl,"
268#endif
269#ifdef SYS_io_setup
270 "io_setup,"
271#endif
272#ifdef SYS_io_destroy
273 "io_destroy,"
274#endif
275#ifdef SYS_io_getevents
276 "io_getevents,"
277#endif
278#ifdef SYS_io_submit
279 "io_submit,"
280#endif
281#ifdef SYS_io_cancel
282 "io_cancel,"
283#endif
284#ifdef SYS_remap_file_pages
285 "remap_file_pages,"
286#endif
287#ifdef SYS_set_mempolicy
288 "set_mempolicy"
289#endif
290#ifdef SYS_vmsplice
291 "vmsplice,"
292#endif
293#ifdef SYS_umount
294 "umount,"
295#endif
296#ifdef SYS_userfaultfd
297 "userfaultfd,"
298#endif
299#ifdef SYS_acct
300 "acct,"
301#endif
302#ifdef SYS_bpf
303 "bpf,"
304#endif
305#ifdef SYS_chroot
306 "chroot,"
307#endif
308#ifdef SYS_mount
309 "mount,"
310#endif
311#ifdef SYS_nfsservctl
312 "nfsservctl,"
313#endif
314#ifdef SYS_pivot_root
315 "pivot_root,"
316#endif
317#ifdef SYS_setdomainname
318 "setdomainname,"
319#endif
320#ifdef SYS_sethostname
321 "sethostname,"
322#endif
323#ifdef SYS_umount2
324 "umount2,"
325#endif
326#ifdef SYS_vhangup
327 "vhangup"
328#endif
329//#ifdef SYS_mincore // 0.9.57 - problem fixed in Linux kernel 5.0; on 4.x it will break kodi, mpv, totem
330// "mincore"
331//#endif
332 },
333 { .name = "@default-nodebuggers", .list =
334 "@default,"
335#ifdef SYS_ptrace
336 "ptrace,"
337#endif
338#ifdef SYS_personality
339 "personality,"
340#endif
341#ifdef SYS_process_vm_readv
342 "process_vm_readv"
343#endif
344 },
345 { .name = "@default-keep", .list =
346 "execve,"
347 "prctl"
348 },
349 { .name = "@file-system", .list =
350#ifdef SYS_access
351 "access,"
352#endif
353#ifdef SYS_chdir
354 "chdir,"
355#endif
356#ifdef SYS_chmod
357 "chmod,"
358#endif
359#ifdef SYS_close
360 "close,"
361#endif
362#ifdef SYS_creat
363 "creat,"
364#endif
365#ifdef SYS_faccessat
366 "faccessat,"
367#endif
368#ifdef SYS_fallocate
369 "fallocate,"
370#endif
371#ifdef SYS_fchdir
372 "fchdir,"
373#endif
374#ifdef SYS_fchmod
375 "fchmod,"
376#endif
377#ifdef SYS_fchmodat
378 "fchmodat,"
379#endif
380#ifdef SYS_fcntl
381 "fcntl,"
382#endif
383#ifdef SYS_fcntl64
384 "fcntl64,"
385#endif
386#ifdef SYS_fgetxattr
387 "fgetxattr,"
388#endif
389#ifdef SYS_flistxattr
390 "flistxattr,"
391#endif
392#ifdef SYS_fremovexattr
393 "fremovexattr,"
394#endif
395#ifdef SYS_fsetxattr
396 "fsetxattr,"
397#endif
398#ifdef SYS_fstat
399 "fstat,"
400#endif
401#ifdef SYS_fstat64
402 "fstat64,"
403#endif
404#ifdef SYS_fstatat64
405 "fstatat64,"
406#endif
407#ifdef SYS_fstatfs
408 "fstatfs,"
409#endif
410#ifdef SYS_fstatfs64
411 "fstatfs64,"
412#endif
413#ifdef SYS_ftruncate
414 "ftruncate,"
415#endif
416#ifdef SYS_ftruncate64
417 "ftruncate64,"
418#endif
419#ifdef SYS_futimesat
420 "futimesat,"
421#endif
422#ifdef SYS_getcwd
423 "getcwd,"
424#endif
425#ifdef SYS_getdents
426 "getdents,"
427#endif
428#ifdef SYS_getdents64
429 "getdents64,"
430#endif
431#ifdef SYS_getxattr
432 "getxattr,"
433#endif
434#ifdef SYS_inotify_add_watch
435 "inotify_add_watch,"
436#endif
437#ifdef SYS_inotify_init
438 "inotify_init,"
439#endif
440#ifdef SYS_inotify_init1
441 "inotify_init1,"
442#endif
443#ifdef SYS_inotify_rm_watch
444 "inotify_rm_watch,"
445#endif
446#ifdef SYS_lgetxattr
447 "lgetxattr,"
448#endif
449#ifdef SYS_link
450 "link,"
451#endif
452#ifdef SYS_linkat
453 "linkat,"
454#endif
455#ifdef SYS_listxattr
456 "listxattr,"
457#endif
458#ifdef SYS_llistxattr
459 "llistxattr,"
460#endif
461#ifdef SYS_lremovexattr
462 "lremovexattr,"
463#endif
464#ifdef SYS_lsetxattr
465 "lsetxattr,"
466#endif
467#ifdef SYS_lstat
468 "lstat,"
469#endif
470#ifdef SYS_lstat64
471 "lstat64,"
472#endif
473#ifdef SYS_mkdir
474 "mkdir,"
475#endif
476#ifdef SYS_mkdirat
477 "mkdirat,"
478#endif
479#ifdef SYS_mknod
480 "mknod,"
481#endif
482#ifdef SYS_mknodat
483 "mknodat,"
484#endif
485#ifdef SYS_mmap
486 "mmap,"
487#endif
488#ifdef SYS_mmap2
489 "mmap2,"
490#endif
491#ifdef SYS_munmap
492 "munmap,"
493#endif
494#ifdef SYS_newfstatat
495 "newfstatat,"
496#endif
497#ifdef SYS_oldfstat
498 "oldfstat,"
499#endif
500#ifdef SYS_oldlstat
501 "oldlstat,"
502#endif
503#ifdef SYS_oldstat
504 "oldstat,"
505#endif
506#ifdef SYS_open
507 "open,"
508#endif
509#ifdef SYS_openat
510 "openat,"
511#endif
512#ifdef SYS_readlink
513 "readlink,"
514#endif
515#ifdef SYS_readlinkat
516 "readlinkat,"
517#endif
518#ifdef SYS_removexattr
519 "removexattr,"
520#endif
521#ifdef SYS_rename
522 "rename,"
523#endif
524#ifdef SYS_renameat
525 "renameat,"
526#endif
527#ifdef SYS_renameat2
528 "renameat2,"
529#endif
530#ifdef SYS_rmdir
531 "rmdir,"
532#endif
533#ifdef SYS_setxattr
534 "setxattr,"
535#endif
536#ifdef SYS_stat
537 "stat,"
538#endif
539#ifdef SYS_stat64
540 "stat64,"
541#endif
542#ifdef SYS_statfs
543 "statfs,"
544#endif
545#ifdef SYS_statfs64
546 "statfs64,"
547#endif
548#ifdef SYS_statx
549 "statx,"
550#endif
551#ifdef SYS_symlink
552 "symlink,"
553#endif
554#ifdef SYS_symlinkat
555 "symlinkat,"
556#endif
557#ifdef SYS_truncate
558 "truncate,"
559#endif
560#ifdef SYS_truncate64
561 "truncate64,"
562#endif
563#ifdef SYS_unlink
564 "unlink,"
565#endif
566#ifdef SYS_unlinkat
567 "unlinkat,"
568#endif
569#ifdef SYS_utime
570 "utime,"
571#endif
572#ifdef SYS_utimensat
573 "utimensat,"
574#endif
575#ifdef SYS_utimes
576 "utimes"
577#endif
578 },
579 { .name = "@io-event", .list =
580#ifdef SYS__newselect
581 "_newselect,"
582#endif
583#ifdef SYS_epoll_create
584 "epoll_create,"
585#endif
586#ifdef SYS_epoll_create1
587 "epoll_create1,"
588#endif
589#ifdef SYS_epoll_ctl
590 "epoll_ctl,"
591#endif
592#ifdef SYS_epoll_ctl_old
593 "epoll_ctl_old,"
594#endif
595#ifdef SYS_epoll_pwait
596 "epoll_pwait,"
597#endif
598#ifdef SYS_epoll_wait
599 "epoll_wait,"
600#endif
601#ifdef SYS_epoll_wait_old
602 "epoll_wait_old,"
603#endif
604#ifdef SYS_eventfd
605 "eventfd,"
606#endif
607#ifdef SYS_eventfd2
608 "eventfd2,"
609#endif
610#ifdef SYS_poll
611 "poll,"
612#endif
613#ifdef SYS_ppoll
614 "ppoll,"
615#endif
616#ifdef SYS_pselect6
617 "pselect6,"
618#endif
619#ifdef SYS_select
620 "select"
621#endif
622 },
623 { .name = "@ipc", .list =
624#ifdef SYS_ipc
625 "ipc,"
626#endif
627#ifdef SYS_memfd_create
628 "memfd_create,"
629#endif
630#ifdef SYS_mq_getsetattr
631 "mq_getsetattr,"
632#endif
633#ifdef SYS_mq_notify
634 "mq_notify,"
635#endif
636#ifdef SYS_mq_open
637 "mq_open,"
638#endif
639#ifdef SYS_mq_timedreceive
640 "mq_timedreceive,"
641#endif
642#ifdef SYS_mq_timedsend
643 "mq_timedsend,"
644#endif
645#ifdef SYS_mq_unlink
646 "mq_unlink,"
647#endif
648#ifdef SYS_msgctl
649 "msgctl,"
650#endif
651#ifdef SYS_msgget
652 "msgget,"
653#endif
654#ifdef SYS_msgrcv
655 "msgrcv,"
656#endif
657#ifdef SYS_msgsnd
658 "msgsnd,"
659#endif
660#ifdef SYS_pipe
661 "pipe,"
662#endif
663#ifdef SYS_pipe2
664 "pipe2,"
665#endif
666#ifdef SYS_process_vm_readv
667 "process_vm_readv,"
668#endif
669#ifdef SYS_process_vm_writev
670 "process_vm_writev,"
671#endif
672#ifdef SYS_semctl
673 "semctl,"
674#endif
675#ifdef SYS_semget
676 "semget,"
677#endif
678#ifdef SYS_semop
679 "semop,"
680#endif
681#ifdef SYS_semtimedop
682 "semtimedop,"
683#endif
684#ifdef SYS_shmat
685 "shmat,"
686#endif
687#ifdef SYS_shmctl
688 "shmctl,"
689#endif
690#ifdef SYS_shmdt
691 "shmdt,"
692#endif
693#ifdef SYS_shmget
694 "shmget"
695#endif
696 },
697 { .name = "@keyring", .list =
698#ifdef SYS_add_key
699 "add_key,"
700#endif
701#ifdef SYS_keyctl
702 "keyctl,"
703#endif
704#ifdef SYS_request_key
705 "request_key"
706#endif
707 },
708 { .name = "@memlock", .list =
709#ifdef SYS_mlock
710 "mlock,"
711#endif
712#ifdef SYS_mlock2
713 "mlock2,"
714#endif
715#ifdef SYS_mlockall
716 "mlockall,"
717#endif
718#ifdef SYS_munlock
719 "munlock,"
720#endif
721#ifdef SYS_munlockall
722 "munlockall"
723#endif
724 },
725 { .name = "@module", .list =
726#ifdef SYS_delete_module
727 "delete_module,"
728#endif
729#ifdef SYS_finit_module
730 "finit_module,"
731#endif
732#ifdef SYS_init_module
733 "init_module"
734#endif
735 },
736 { .name = "@mount", .list =
737#ifdef SYS_chroot
738 "chroot,"
739#endif
740#ifdef SYS_mount
741 "mount,"
742#endif
743#ifdef SYS_pivot_root
744 "pivot_root,"
745#endif
746#ifdef SYS_umount
747 "umount,"
748#endif
749#ifdef SYS_umount2
750 "umount2"
751#endif
752 },
753 { .name = "@network-io", .list =
754#ifdef SYS_accept
755 "accept,"
756#endif
757#ifdef SYS_accept4
758 "accept4,"
759#endif
760#ifdef SYS_bind
761 "bind,"
762#endif
763#ifdef SYS_connect
764 "connect,"
765#endif
766#ifdef SYS_getpeername
767 "getpeername,"
768#endif
769#ifdef SYS_getsockname
770 "getsockname,"
771#endif
772#ifdef SYS_getsockopt
773 "getsockopt,"
774#endif
775#ifdef SYS_listen
776 "listen,"
777#endif
778#ifdef SYS_recv
779 "recv,"
780#endif
781#ifdef SYS_recvfrom
782 "recvfrom,"
783#endif
784#ifdef SYS_recvmmsg
785 "recvmmsg,"
786#endif
787#ifdef SYS_recvmsg
788 "recvmsg,"
789#endif
790#ifdef SYS_send
791 "send,"
792#endif
793#ifdef SYS_sendmmsg
794 "sendmmsg,"
795#endif
796#ifdef SYS_sendmsg
797 "sendmsg,"
798#endif
799#ifdef SYS_sendto
800 "sendto,"
801#endif
802#ifdef SYS_setsockopt
803 "setsockopt,"
804#endif
805#ifdef SYS_shutdown
806 "shutdown,"
807#endif
808#ifdef SYS_socket
809 "socket,"
810#endif
811#ifdef SYS_socketcall
812 "socketcall,"
813#endif
814#ifdef SYS_socketpair
815 "socketpair"
816#endif
817 },
818 { .name = "@obsolete", .list =
819#ifdef SYS__sysctl
820 "_sysctl,"
821#endif
822#ifdef SYS_afs_syscall
823 "afs_syscall,"
824#endif
825#ifdef SYS_bdflush
826 "bdflush,"
827#endif
828#ifdef SYS_break
829 "break,"
830#endif
831#ifdef SYS_create_module
832 "create_module,"
833#endif
834#ifdef SYS_ftime
835 "ftime,"
836#endif
837#ifdef SYS_get_kernel_syms
838 "get_kernel_syms,"
839#endif
840#ifdef SYS_getpmsg
841 "getpmsg,"
842#endif
843#ifdef SYS_gtty
844 "gtty,"
845#endif
846#ifdef SYS_idle
847 "idle,"
848#endif
849#ifdef SYS_lock
850 "lock,"
851#endif
852#ifdef SYS_mpx
853 "mpx,"
854#endif
855#ifdef SYS_prof
856 "prof,"
857#endif
858#ifdef SYS_profil
859 "profil,"
860#endif
861#ifdef SYS_putpmsg
862 "putpmsg,"
863#endif
864#ifdef SYS_query_module
865 "query_module,"
866#endif
867#ifdef SYS_security
868 "security,"
869#endif
870#ifdef SYS_sgetmask
871 "sgetmask,"
872#endif
873#ifdef SYS_ssetmask
874 "ssetmask,"
875#endif
876#ifdef SYS_stty
877 "stty,"
878#endif
879#ifdef SYS_sysfs
880 "sysfs,"
881#endif
882#ifdef SYS_tuxcall
883 "tuxcall,"
884#endif
885#ifdef SYS_ulimit
886 "ulimit,"
887#endif
888#ifdef SYS_uselib
889 "uselib,"
890#endif
891#ifdef SYS_ustat
892 "ustat,"
893#endif
894#ifdef SYS_vserver
895 "vserver"
896#endif
897#if !defined(SYS__sysctl) && !defined(SYS_afs_syscall) && !defined(SYS_bdflush) && !defined(SYS_break) && !defined(SYS_create_module) && !defined(SYS_ftime) && !defined(SYS_get_kernel_syms) && !defined(SYS_getpmsg) && !defined(SYS_gtty) && !defined(SYS_lock) && !defined(SYS_mpx) && !defined(SYS_prof) && !defined(SYS_profil) && !defined(SYS_putpmsg) && !defined(SYS_query_module) && !defined(SYS_security) && !defined(SYS_sgetmask) && !defined(SYS_ssetmask) && !defined(SYS_stty) && !defined(SYS_sysfs) && !defined(SYS_tuxcall) && !defined(SYS_ulimit) && !defined(SYS_uselib) && !defined(SYS_ustat) && !defined(SYS_vserver)
898 "__dummy_syscall__" // workaround for arm64 which doesn't have any of above defined and empty syscall lists are not allowed
899#endif
900 },
901 { .name = "@privileged", .list =
902 "@chown,"
903 "@clock,"
904 "@module,"
905 "@raw-io,"
906 "@reboot,"
907 "@swap,"
908#ifdef SYS__sysctl
909 "_sysctl,"
910#endif
911#ifdef SYS_acct
912 "acct,"
913#endif
914#ifdef SYS_bpf
915 "bpf,"
916#endif
917#ifdef SYS_capset
918 "capset,"
919#endif
920#ifdef SYS_chroot
921 "chroot,"
922#endif
923#ifdef SYS_fanotify_init
924 "fanotify_init,"
925#endif
926#ifdef SYS_mount
927 "mount,"
928#endif
929#ifdef SYS_nfsservctl
930 "nfsservctl,"
931#endif
932#ifdef SYS_open_by_handle_at
933 "open_by_handle_at,"
934#endif
935#ifdef SYS_pivot_root
936 "pivot_root,"
937#endif
938#ifdef SYS_quotactl
939 "quotactl,"
940#endif
941#ifdef SYS_setdomainname
942 "setdomainname,"
943#endif
944#ifdef SYS_setfsuid
945 "setfsuid,"
946#endif
947#ifdef SYS_setfsuid32
948 "setfsuid32,"
949#endif
950#ifdef SYS_setgroups
951 "setgroups,"
952#endif
953#ifdef SYS_setgroups32
954 "setgroups32,"
955#endif
956#ifdef SYS_sethostname
957 "sethostname,"
958#endif
959#ifdef SYS_setresuid
960 "setresuid,"
961#endif
962#ifdef SYS_setresuid32
963 "setresuid32,"
964#endif
965#ifdef SYS_setreuid
966 "setreuid,"
967#endif
968#ifdef SYS_setreuid32
969 "setreuid32,"
970#endif
971#ifdef SYS_setuid
972 "setuid,"
973#endif
974#ifdef SYS_setuid32
975 "setuid32,"
976#endif
977#ifdef SYS_umount2
978 "umount2,"
979#endif
980#ifdef SYS_vhangup
981 "vhangup"
982#endif
983 },
984 { .name = "@process", .list =
985#ifdef SYS_arch_prctl
986 "arch_prctl,"
987#endif
988#ifdef SYS_capget
989 "capget,"
990#endif
991#ifdef SYS_clone
992 "clone,"
993#endif
994#ifdef SYS_execveat
995 "execveat,"
996#endif
997#ifdef SYS_fork
998 "fork,"
999#endif
1000#ifdef SYS_getrusage
1001 "getrusage,"
1002#endif
1003#ifdef SYS_kill
1004 "kill,"
1005#endif
1006#ifdef SYS_pidfd_send_signal
1007 "pidfd_send_signal,"
1008#endif
1009#ifdef SYS_prctl
1010 "prctl,"
1011#endif
1012#ifdef SYS_rt_sigqueueinfo
1013 "rt_sigqueueinfo,"
1014#endif
1015#ifdef SYS_rt_tgsigqueueinfo
1016 "rt_tgsigqueueinfo,"
1017#endif
1018#ifdef SYS_setns
1019 "setns,"
1020#endif
1021#ifdef SYS_swapcontext
1022 "swapcontext,"
1023#endif
1024#ifdef SYS_tgkill
1025 "tgkill,"
1026#endif
1027#ifdef SYS_times
1028 "times,"
1029#endif
1030#ifdef SYS_tkill
1031 "tkill,"
1032#endif
1033#ifdef SYS_unshare
1034 "unshare,"
1035#endif
1036#ifdef SYS_vfork
1037 "vfork,"
1038#endif
1039#ifdef SYS_wait4
1040 "wait4,"
1041#endif
1042#ifdef SYS_waitid
1043 "waitid,"
1044#endif
1045#ifdef SYS_waitpid
1046 "waitpid"
1047#endif
1048 },
1049 { .name = "@raw-io", .list =
1050#ifdef SYS_ioperm
1051 "ioperm,"
1052#endif
1053#ifdef SYS_iopl
1054 "iopl,"
1055#endif
1056#ifdef SYS_pciconfig_iobase
1057 "pciconfig_iobase,"
1058#endif
1059#ifdef SYS_pciconfig_read
1060 "pciconfig_read,"
1061#endif
1062#ifdef SYS_pciconfig_write
1063 "pciconfig_write,"
1064#endif
1065#ifdef SYS_s390_mmio_read
1066 "s390_mmio_read,"
1067#endif
1068#ifdef SYS_s390_mmio_write
1069 "s390_mmio_write"
1070#endif
1071#if !defined(SYS_ioperm) && !defined(SYS_iopl) && !defined(SYS_pciconfig_iobase) && !defined(SYS_pciconfig_read) && !defined(SYS_pciconfig_write) && !defined(SYS_s390_mmio_read) && !defined(SYS_s390_mmio_write)
1072 "__dummy_syscall__" // workaround for s390x which doesn't have any of above defined and empty syscall lists are not allowed
1073#endif
1074 },
1075 { .name = "@reboot", .list =
1076#ifdef SYS_kexec_load
1077 "kexec_load,"
1078#endif
1079#ifdef SYS_kexec_file_load
1080 "kexec_file_load,"
1081#endif
1082#ifdef SYS_reboot
1083 "reboot,"
1084#endif
1085 },
1086 { .name = "@resources", .list =
1087#ifdef SYS_ioprio_set
1088 "ioprio_set,"
1089#endif
1090#ifdef SYS_mbind
1091 "mbind,"
1092#endif
1093#ifdef SYS_migrate_pages
1094 "migrate_pages,"
1095#endif
1096#ifdef SYS_move_pages
1097 "move_pages,"
1098#endif
1099#ifdef SYS_nice
1100 "nice,"
1101#endif
1102#ifdef SYS_sched_setaffinity
1103 "sched_setaffinity,"
1104#endif
1105#ifdef SYS_sched_setattr
1106 "sched_setattr,"
1107#endif
1108#ifdef SYS_sched_setparam
1109 "sched_setparam,"
1110#endif
1111#ifdef SYS_sched_setscheduler
1112 "sched_setscheduler,"
1113#endif
1114#ifdef SYS_set_mempolicy
1115 "set_mempolicy"
1116#endif
1117 },
1118 { .name = "@setuid", .list =
1119#ifdef SYS_setgid
1120 "setgid,"
1121#endif
1122#ifdef SYS_setgid32
1123 "setgid32,"
1124#endif
1125#ifdef SYS_setgroups
1126 "setgroups,"
1127#endif
1128#ifdef SYS_setgroups32
1129 "setgroups32,"
1130#endif
1131#ifdef SYS_setregid
1132 "setregid,"
1133#endif
1134#ifdef SYS_setregid32
1135 "setregid32,"
1136#endif
1137#ifdef SYS_setresgid
1138 "setresgid,"
1139#endif
1140#ifdef SYS_setresgid32
1141 "setresgid32,"
1142#endif
1143#ifdef SYS_setresuid
1144 "setresuid,"
1145#endif
1146#ifdef SYS_setresuid32
1147 "setresuid32,"
1148#endif
1149#ifdef SYS_setreuid
1150 "setreuid,"
1151#endif
1152#ifdef SYS_setreuid32
1153 "setreuid32,"
1154#endif
1155#ifdef SYS_setuid
1156 "setuid,"
1157#endif
1158#ifdef SYS_setuid32
1159 "setuid32"
1160#endif
1161 },
1162 { .name = "@signal", .list =
1163#ifdef SYS_rt_sigaction
1164 "rt_sigaction,"
1165#endif
1166#ifdef SYS_rt_sigpending
1167 "rt_sigpending,"
1168#endif
1169#ifdef SYS_rt_sigprocmask
1170 "rt_sigprocmask,"
1171#endif
1172#ifdef SYS_rt_sigsuspend
1173 "rt_sigsuspend,"
1174#endif
1175#ifdef SYS_rt_sigtimedwait
1176 "rt_sigtimedwait,"
1177#endif
1178#ifdef SYS_sigaction
1179 "sigaction,"
1180#endif
1181#ifdef SYS_sigaltstack
1182 "sigaltstack,"
1183#endif
1184#ifdef SYS_signal
1185 "signal,"
1186#endif
1187#ifdef SYS_signalfd
1188 "signalfd,"
1189#endif
1190#ifdef SYS_signalfd4
1191 "signalfd4,"
1192#endif
1193#ifdef SYS_sigpending
1194 "sigpending,"
1195#endif
1196#ifdef SYS_sigprocmask
1197 "sigprocmask,"
1198#endif
1199#ifdef SYS_sigsuspend
1200 "sigsuspend"
1201#endif
1202 },
1203 { .name = "@swap", .list =
1204#ifdef SYS_swapon
1205 "swapon,"
1206#endif
1207#ifdef SYS_swapoff
1208 "swapoff"
1209#endif
1210 },
1211 { .name = "@sync", .list =
1212#ifdef SYS_fdatasync
1213 "fdatasync,"
1214#endif
1215#ifdef SYS_fsync
1216 "fsync,"
1217#endif
1218#ifdef SYS_msync
1219 "msync,"
1220#endif
1221#ifdef SYS_sync
1222 "sync,"
1223#endif
1224#ifdef SYS_sync_file_range
1225 "sync_file_range,"
1226#endif
1227#ifdef SYS_sync_file_range2
1228 "sync_file_range2,"
1229#endif
1230#ifdef SYS_syncfs
1231 "syncfs"
1232#endif
1233 },
1234 { .name = "@system-service", .list =
1235 "@aio,"
1236 "@basic-io,"
1237 "@chown,"
1238 "@default,"
1239 "@file-system,"
1240 "@io-event,"
1241 "@ipc,"
1242 "@keyring,"
1243 "@memlock,"
1244 "@network-io,"
1245 "@process,"
1246 "@resources,"
1247 "@setuid,"
1248 "@signal,"
1249 "@sync,"
1250 "@timer,"
1251#ifdef SYS_brk
1252 "brk,"
1253#endif
1254#ifdef SYS_capget
1255 "capget,"
1256#endif
1257#ifdef SYS_capset
1258 "capset,"
1259#endif
1260#ifdef SYS_copy_file_range
1261 "copy_file_range,"
1262#endif
1263#ifdef SYS_fadvise64
1264 "fadvise64,"
1265#endif
1266#ifdef SYS_fadvise64_64
1267 "fadvise64_64,"
1268#endif
1269#ifdef SYS_flock
1270 "flock,"
1271#endif
1272#ifdef SYS_get_mempolicy
1273 "get_mempolicy,"
1274#endif
1275#ifdef SYS_getcpu
1276 "getcpu,"
1277#endif
1278#ifdef SYS_getpriority
1279 "getpriority,"
1280#endif
1281#ifdef SYS_getrandom
1282 "getrandom,"
1283#endif
1284#ifdef SYS_ioctl
1285 "ioctl,"
1286#endif
1287#ifdef SYS_ioprio_get
1288 "ioprio_get,"
1289#endif
1290#ifdef SYS_kcmp
1291 "kcmp,"
1292#endif
1293#ifdef SYS_madvise
1294 "madvise,"
1295#endif
1296#ifdef SYS_mprotect
1297 "mprotect,"
1298#endif
1299#ifdef SYS_mremap
1300 "mremap,"
1301#endif
1302#ifdef SYS_name_to_handle_at
1303 "name_to_handle_at,"
1304#endif
1305#ifdef SYS_oldolduname
1306 "oldolduname,"
1307#endif
1308#ifdef SYS_olduname
1309 "olduname,"
1310#endif
1311#ifdef SYS_personality
1312 "personality,"
1313#endif
1314#ifdef SYS_readahead
1315 "readahead,"
1316#endif
1317#ifdef SYS_readdir
1318 "readdir,"
1319#endif
1320#ifdef SYS_remap_file_pages
1321 "remap_file_pages,"
1322#endif
1323#ifdef SYS_sched_get_priority_max
1324 "sched_get_priority_max,"
1325#endif
1326#ifdef SYS_sched_get_priority_min
1327 "sched_get_priority_min,"
1328#endif
1329#ifdef SYS_sched_getaffinity
1330 "sched_getaffinity,"
1331#endif
1332#ifdef SYS_sched_getattr
1333 "sched_getattr,"
1334#endif
1335#ifdef SYS_sched_getparam
1336 "sched_getparam,"
1337#endif
1338#ifdef SYS_sched_getscheduler
1339 "sched_getscheduler,"
1340#endif
1341#ifdef SYS_sched_rr_get_interval
1342 "sched_rr_get_interval,"
1343#endif
1344#ifdef SYS_sched_yield
1345 "sched_yield,"
1346#endif
1347#ifdef SYS_sendfile
1348 "sendfile,"
1349#endif
1350#ifdef SYS_sendfile64
1351 "sendfile64,"
1352#endif
1353#ifdef SYS_setfsgid
1354 "setfsgid,"
1355#endif
1356#ifdef SYS_setfsgid32
1357 "setfsgid32,"
1358#endif
1359#ifdef SYS_setfsuid
1360 "setfsuid,"
1361#endif
1362#ifdef SYS_setfsuid32
1363 "setfsuid32,"
1364#endif
1365#ifdef SYS_setpgid
1366 "setpgid,"
1367#endif
1368#ifdef SYS_setsid
1369 "setsid,"
1370#endif
1371#ifdef SYS_splice
1372 "splice,"
1373#endif
1374#ifdef SYS_sysinfo
1375 "sysinfo,"
1376#endif
1377#ifdef SYS_tee
1378 "tee,"
1379#endif
1380#ifdef SYS_umask
1381 "umask,"
1382#endif
1383#ifdef SYS_uname
1384 "uname,"
1385#endif
1386#ifdef SYS_userfaultfd
1387 "userfaultfd,"
1388#endif
1389#ifdef SYS_vmsplice
1390 "vmsplice"
1391#endif
1392 },
1393 { .name = "@timer", .list =
1394#ifdef SYS_alarm
1395 "alarm,"
1396#endif
1397#ifdef SYS_getitimer
1398 "getitimer,"
1399#endif
1400#ifdef SYS_setitimer
1401 "setitimer,"
1402#endif
1403#ifdef SYS_timer_create
1404 "timer_create,"
1405#endif
1406#ifdef SYS_timer_delete
1407 "timer_delete,"
1408#endif
1409#ifdef SYS_timer_getoverrun
1410 "timer_getoverrun,"
1411#endif
1412#ifdef SYS_timer_gettime
1413 "timer_gettime,"
1414#endif
1415#ifdef SYS_timer_settime
1416 "timer_settime,"
1417#endif
1418#ifdef SYS_timerfd_create
1419 "timerfd_create,"
1420#endif
1421#ifdef SYS_timerfd_gettime
1422 "timerfd_gettime,"
1423#endif
1424#ifdef SYS_timerfd_settime
1425 "timerfd_settime,"
1426#endif
1427#ifdef SYS_times
1428 "times"
1429#endif
1430 }
1431};
1432
1433// return -1 if error, or syscall number
1434static int syscall_find_name(const char *name) {
1435 int i;
1436 int elems = sizeof(syslist) / sizeof(syslist[0]);
1437 for (i = 0; i < elems; i++) {
1438 if (strcmp(name, syslist[i].name) == 0)
1439 return syslist[i].nr;
1440 }
1441
1442 return -1;
1443}
1444
1445static int syscall_find_name_32(const char *name) {
1446 int i;
1447 int elems = sizeof(syslist32) / sizeof(syslist32[0]);
1448 for (i = 0; i < elems; i++) {
1449 if (strcmp(name, syslist32[i].name) == 0)
1450 return syslist32[i].nr;
1451 }
1452
1453 return -1;
1454}
1455
1456const char *syscall_find_nr(int nr) {
1457 int i;
1458 int elems = sizeof(syslist) / sizeof(syslist[0]);
1459 for (i = 0; i < elems; i++) {
1460 if (nr == syslist[i].nr)
1461 return syslist[i].name;
1462 }
1463
1464 return "unknown";
1465}
1466
1467const char *syscall_find_nr_32(int nr) {
1468 int i;
1469 int elems = sizeof(syslist32) / sizeof(syslist32[0]);
1470 for (i = 0; i < elems; i++) {
1471 if (nr == syslist32[i].nr)
1472 return syslist32[i].name;
1473 }
1474
1475 return "unknown";
1476}
1477
1478void syscall_print(void) {
1479 int i;
1480 int elems = sizeof(syslist) / sizeof(syslist[0]);
1481 for (i = 0; i < elems; i++) {
1482 printf("%d\t- %s\n", syslist[i].nr, syslist[i].name);
1483 }
1484 printf("\n");
1485}
1486
1487void syscall_print_32(void) {
1488 int i;
1489 int elems = sizeof(syslist32) / sizeof(syslist32[0]);
1490 for (i = 0; i < elems; i++) {
1491 printf("%d\t- %s\n", syslist32[i].nr, syslist32[i].name);
1492 }
1493 printf("\n");
1494}
1495
1496static const char *syscall_find_group(const char *name) {
1497 int i;
1498 int elems = sizeof(sysgroups) / sizeof(sysgroups[0]);
1499 for (i = 0; i < elems; i++) {
1500 if (strcmp(name, sysgroups[i].name) == 0)
1501 return sysgroups[i].list;
1502 }
1503
1504 return NULL;
1505}
1506
1507// allowed input:
1508// - syscall
1509// - syscall(error)
1510static void syscall_process_name(const char *name, int *syscall_nr, int *error_nr, bool native) {
1511 assert(name);
1512 if (strlen(name) == 0)
1513 goto error;
1514 *error_nr = -1;
1515
1516 // syntax check
1517 char *str = strdup(name);
1518 if (!str)
1519 errExit("strdup");
1520
1521 char *syscall_name = str;
1522 char *error_name = strchr(str, ':');
1523 if (error_name) {
1524 *error_name = '\0';
1525 error_name++;
1526 }
1527 if (strlen(syscall_name) == 0) {
1528 free(str);
1529 goto error;
1530 }
1531
1532 if (*syscall_name == '$')
1533 *syscall_nr = strtol(syscall_name + 1, NULL, 0);
1534 else {
1535 if (native)
1536 *syscall_nr = syscall_find_name(syscall_name);
1537 else
1538 *syscall_nr = syscall_find_name_32(syscall_name);
1539 }
1540 if (error_name) {
1541 *error_nr = errno_find_name(error_name);
1542 if (*error_nr == -1)
1543 *syscall_nr = -1;
1544 }
1545
1546 free(str);
1547 return;
1548
1549error:
1550 fprintf(stderr, "Error fseccomp: invalid syscall list entry %s\n", name);
1551 exit(1);
1552}
1553
1554// return 1 if error, 0 if OK
1555int syscall_check_list(const char *slist, filter_fn *callback, int fd, int arg, void *ptrarg, bool native) {
1556 // don't allow empty lists
1557 if (slist == NULL || *slist == '\0') {
1558 fprintf(stderr, "Error fseccomp: empty syscall lists are not allowed\n");
1559 exit(1);
1560 }
1561
1562 // work on a copy of the string
1563 char *str = strdup(slist);
1564 if (!str)
1565 errExit("strdup");
1566
1567 char *saveptr;
1568 char *ptr = strtok_r(str, ",", &saveptr);
1569 if (ptr == NULL) {
1570 fprintf(stderr, "Error fseccomp: empty syscall lists are not allowed\n");
1571 exit(1);
1572 }
1573
1574 while (ptr) {
1575 int syscall_nr;
1576 int error_nr;
1577 if (*ptr == '@') {
1578 const char *new_list = syscall_find_group(ptr);
1579 if (!new_list) {
1580 fprintf(stderr, "Error fseccomp: unknown syscall group %s\n", ptr);
1581 exit(1);
1582 }
1583 syscall_check_list(new_list, callback, fd, arg, ptrarg, native);
1584 }
1585 else {
1586 bool negate = false;
1587 if (*ptr == '!') {
1588 negate = true;
1589 ptr++;
1590 }
1591 syscall_process_name(ptr, &syscall_nr, &error_nr, native);
1592 if (syscall_nr == -1) {;}
1593 else if (callback != NULL) {
1594 if (negate) {
1595 syscall_nr = -syscall_nr;
1596 }
1597 if (error_nr != -1 && fd > 0) {
1598 filter_add_errno(fd, syscall_nr, error_nr, ptrarg, native);
1599 }
1600 else if (error_nr != -1 && fd == 0) {
1601 callback(fd, syscall_nr, error_nr, ptrarg, native);
1602 }
1603 else {
1604 callback(fd, syscall_nr, arg, ptrarg, native);
1605 }
1606 }
1607 }
1608 ptr = strtok_r(NULL, ",", &saveptr);
1609 }
1610
1611 free(str);
1612 return 0;
1613}
1614
1615static void find_syscall(int fd, int syscall, int arg, void *ptrarg, bool native) {
1616 (void)fd;
1617 (void) arg;
1618 (void)native;
1619 SyscallCheckList *ptr = ptrarg;
1620 if (abs(syscall) == ptr->syscall)
1621 ptr->found = true;
1622}
1623
1624// go through list2 and find matches for problem syscall
1625static void syscall_in_list(int fd, int syscall, int arg, void *ptrarg, bool native) {
1626 (void) fd;
1627 (void)arg;
1628 SyscallCheckList *ptr = ptrarg;
1629 SyscallCheckList sl;
1630 const char *name;
1631
1632 sl.found = false;
1633 sl.syscall = syscall;
1634 syscall_check_list(ptr->slist, find_syscall, fd, 0, &sl, native);
1635
1636 if (native)
1637 name = syscall_find_nr(syscall);
1638 else
1639 name = syscall_find_nr_32(syscall);
1640
1641 // if found in the problem list, add to post-exec list
1642 if (sl.found) {
1643 if (ptr->postlist) {
1644 if (asprintf(&ptr->postlist, "%s,%s", ptr->postlist, name) == -1)
1645 errExit("asprintf");
1646 }
1647 else
1648 ptr->postlist = strdup(name);
1649 }
1650 else { // no problem, add to pre-exec list
1651 // build syscall:error_no
1652 char *newcall = NULL;
1653 if (arg != 0) {
1654 if (asprintf(&newcall, "%s:%s", name, errno_find_nr(arg)) == -1)
1655 errExit("asprintf");
1656 }
1657 else {
1658 newcall = strdup(name);
1659 if (!newcall)
1660 errExit("strdup");
1661 }
1662
1663 if (ptr->prelist) {
1664 if (asprintf(&ptr->prelist, "%s,%s", ptr->prelist, newcall) == -1)
1665 errExit("asprintf");
1666 free(newcall);
1667 }
1668 else
1669 ptr->prelist = newcall;
1670 }
1671}
1672
1673// go through list and find matches for syscalls in list @default-keep
1674void syscalls_in_list(const char *list, const char *slist, int fd, char **prelist, char **postlist, bool native) {
1675 (void) fd;
1676 SyscallCheckList sl;
1677 // these syscalls are used by firejail after the seccomp filter is initialized
1678 sl.slist = slist;
1679 sl.prelist = NULL;
1680 sl.postlist = NULL;
1681 syscall_check_list(list, syscall_in_list, 0, 0, &sl, native);
1682 if (!arg_quiet) {
1683 printf("Seccomp list in: %s,", list);
1684 if (sl.slist)
1685 printf(" check list: %s,", sl.slist);
1686 if (sl.prelist)
1687 printf(" prelist: %s,", sl.prelist);
1688 if (sl.postlist)
1689 printf(" postlist: %s", sl.postlist);
1690 printf("\n");
1691 }
1692 *prelist = sl.prelist;
1693 *postlist = sl.postlist;
1694}
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-11 00:17:07 +0000