From 1379851360349d6617ad32944a25ee5e2bb74fc2 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sat, 8 Aug 2015 19:12:30 -0400
Subject: Baseline firejail 0.9.28

---
 src/include/common.h     | 115 +++++++++++++++++++++++++++++++++
 src/include/libnetlink.h | 163 +++++++++++++++++++++++++++++++++++++++++++++++
 src/include/pid.h        |  58 +++++++++++++++++
 3 files changed, 336 insertions(+)
 create mode 100644 src/include/common.h
 create mode 100644 src/include/libnetlink.h
 create mode 100644 src/include/pid.h

(limited to 'src/include')

diff --git a/src/include/common.h b/src/include/common.h
new file mode 100644
index 000000000..7ce1e9290
--- /dev/null
+++ b/src/include/common.h
@@ -0,0 +1,115 @@
+/*
+ * Copyright (C) 2014, 2015 netblue30 (netblue30@yahoo.com)
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+#ifndef COMMON_H
+#define COMMON_H
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stddef.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+
+#define errExit(msg)    do { char msgout[500]; sprintf(msgout, "Error %s:%s(%d)", msg, __FUNCTION__, __LINE__); perror(msgout); exit(1);} while (0)
+
+// macro to print ip addresses in a printf statement
+#define PRINT_IP(A) \
+((int) (((A) >> 24) & 0xFF)),  ((int) (((A) >> 16) & 0xFF)), ((int) (((A) >> 8) & 0xFF)), ((int) ( (A) & 0xFF))
+
+// macro to print a mac addresses in a printf statement
+#define PRINT_MAC(A) \
+((unsigned) (*(A)) & 0xff), ((unsigned) (*((A) + 1) & 0xff)), ((unsigned) (*((A) + 2) & 0xff)), \
+((unsigned) (*((A) + 3)) & 0xff), ((unsigned) (*((A) + 4) & 0xff)), ((unsigned) (*((A) + 5)) & 0xff)
+
+// the number of bits in a network mask
+static inline uint8_t mask2bits(uint32_t mask) {
+	uint32_t tmp = 0x80000000;
+	int i;
+	uint8_t rv = 0;
+
+	for (i = 0; i < 32; i++, tmp >>= 1) {
+		if (tmp & mask)
+			rv++;
+		else
+			break;
+	}
+	return rv;
+}
+
+// read an IPv4 address and convert it to uint32_t
+static inline int atoip(const char *str, uint32_t *ip) {
+	unsigned a, b, c, d;
+
+	if (sscanf(str, "%u.%u.%u.%u", &a, &b, &c, &d) != 4 || a > 255 || b > 255 || c > 255 || d > 255)
+		return 1;
+		
+	*ip = a * 0x1000000 + b * 0x10000 + c * 0x100 + d;
+	return 0;
+}
+
+// verify an ip address is in the network range given by ifip and mask
+static inline char *in_netrange(uint32_t ip, uint32_t ifip, uint32_t ifmask) {
+	if ((ip & ifmask) != (ifip & ifmask))
+		return "Error: the IP address is not in the interface range\n";
+	else if ((ip & ifmask) == ip)
+		return "Error: the IP address is a network address\n";
+	else if ((ip | ~ifmask) == ip)
+		return "Error: the IP address is a network address\n";
+	return NULL;
+}
+
+// read a mac address
+static inline int atomac(char *str, unsigned char macAddr[6]) {
+	unsigned mac[6];
+
+	if (sscanf(str, "%2x:%2x:%2x:%2x:%2x:%2x", &mac[0], &mac[1], &mac[2], &mac[3], &mac[4], &mac[5]) != 6)
+		return 1;
+
+	int i;
+	for (i = 0; i < 6; i++) {
+		if (mac[i] > 0xff)
+			return 1;
+			
+		macAddr[i] = (unsigned char) mac[i];
+	}
+
+	return 0;
+}
+
+// check a mac address is configured
+static inline int mac_not_zero(const unsigned char mac[6]) {
+	int i;
+	for (i = 0; i < 6; i++) {
+		if (mac[i] != 0)
+			return 1;
+	}
+	
+	return 0;
+}
+
+int join_namespace(pid_t pid, char *type);
+int name2pid(const char *name, pid_t *pid);
+char *pid_proc_comm(const pid_t pid);
+char *pid_proc_cmdline(const pid_t pid);
+#endif
diff --git a/src/include/libnetlink.h b/src/include/libnetlink.h
new file mode 100644
index 000000000..e9cd6b186
--- /dev/null
+++ b/src/include/libnetlink.h
@@ -0,0 +1,163 @@
+/* file extracted from iproute2 software package
+ *
+ * Original source code:
+ * 
+ * Information:
+ *     http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2
+ * 
+ * Download:
+ *     http://www.kernel.org/pub/linux/utils/net/iproute2/
+ * 
+ * Repository:
+ *     git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git
+ * 
+ * License: GPL v2
+ */
+
+
+#ifndef __LIBNETLINK_H__
+#define __LIBNETLINK_H__ 1
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <asm/types.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
+#include <linux/if_link.h>
+#include <linux/if_addr.h>
+#include <linux/neighbour.h>
+
+struct rtnl_handle
+{
+	int			fd;
+	struct sockaddr_nl	local;
+	struct sockaddr_nl	peer;
+	__u32			seq;
+	__u32			dump;
+};
+
+extern int rcvbuf;
+
+extern int rtnl_open(struct rtnl_handle *rth, unsigned subscriptions);
+extern int rtnl_open_byproto(struct rtnl_handle *rth, unsigned subscriptions, int protocol);
+extern void rtnl_close(struct rtnl_handle *rth);
+extern int rtnl_wilddump_request(struct rtnl_handle *rth, int fam, int type);
+extern int rtnl_wilddump_req_filter(struct rtnl_handle *rth, int fam, int type,
+				    __u32 filt_mask);
+extern int rtnl_dump_request(struct rtnl_handle *rth, int type, void *req, int len);
+
+typedef int (*rtnl_filter_t)(const struct sockaddr_nl *,
+			     struct nlmsghdr *n, void *);
+
+struct rtnl_dump_filter_arg
+{
+	rtnl_filter_t filter;
+	void *arg1;
+};
+
+extern int rtnl_dump_filter_l(struct rtnl_handle *rth,
+			      const struct rtnl_dump_filter_arg *arg);
+extern int rtnl_dump_filter(struct rtnl_handle *rth, rtnl_filter_t filter,
+			    void *arg);
+extern int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer,
+		     unsigned groups, struct nlmsghdr *answer);
+extern int rtnl_send(struct rtnl_handle *rth, const void *buf, int);
+extern int rtnl_send_check(struct rtnl_handle *rth, const void *buf, int);
+
+extern int addattr(struct nlmsghdr *n, int maxlen, int type);
+extern int addattr8(struct nlmsghdr *n, int maxlen, int type, __u8 data);
+extern int addattr16(struct nlmsghdr *n, int maxlen, int type, __u16 data);
+extern int addattr32(struct nlmsghdr *n, int maxlen, int type, __u32 data);
+extern int addattr64(struct nlmsghdr *n, int maxlen, int type, __u64 data);
+extern int addattrstrz(struct nlmsghdr *n, int maxlen, int type, const char *data);
+
+extern int addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data, int alen);
+extern int addraw_l(struct nlmsghdr *n, int maxlen, const void *data, int len);
+extern struct rtattr *addattr_nest(struct nlmsghdr *n, int maxlen, int type);
+extern int addattr_nest_end(struct nlmsghdr *n, struct rtattr *nest);
+extern struct rtattr *addattr_nest_compat(struct nlmsghdr *n, int maxlen, int type, const void *data, int len);
+extern int addattr_nest_compat_end(struct nlmsghdr *n, struct rtattr *nest);
+extern int rta_addattr32(struct rtattr *rta, int maxlen, int type, __u32 data);
+extern int rta_addattr_l(struct rtattr *rta, int maxlen, int type, const void *data, int alen);
+
+extern int parse_rtattr(struct rtattr *tb[], int max, struct rtattr *rta, int len);
+extern int parse_rtattr_flags(struct rtattr *tb[], int max, struct rtattr *rta,
+			      int len, unsigned short flags);
+extern int parse_rtattr_byindex(struct rtattr *tb[], int max, struct rtattr *rta, int len);
+extern int __parse_rtattr_nested_compat(struct rtattr *tb[], int max, struct rtattr *rta, int len);
+
+#define parse_rtattr_nested(tb, max, rta) \
+	(parse_rtattr((tb), (max), RTA_DATA(rta), RTA_PAYLOAD(rta)))
+
+#define parse_rtattr_nested_compat(tb, max, rta, data, len) \
+	({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL;	\
+		__parse_rtattr_nested_compat(tb, max, rta, len); })
+
+static inline __u8 rta_getattr_u8(const struct rtattr *rta)
+{
+	return *(__u8 *)RTA_DATA(rta);
+}
+static inline __u16 rta_getattr_u16(const struct rtattr *rta)
+{
+	return *(__u16 *)RTA_DATA(rta);
+}
+static inline __u32 rta_getattr_u32(const struct rtattr *rta)
+{
+	return *(__u32 *)RTA_DATA(rta);
+}
+static inline __u64 rta_getattr_u64(const struct rtattr *rta)
+{
+	__u64 tmp;
+	memcpy(&tmp, RTA_DATA(rta), sizeof(__u64));
+	return tmp;
+}
+static inline const char *rta_getattr_str(const struct rtattr *rta)
+{
+	return (const char *)RTA_DATA(rta);
+}
+
+extern int rtnl_listen(struct rtnl_handle *, rtnl_filter_t handler,
+		       void *jarg);
+extern int rtnl_from_file(FILE *, rtnl_filter_t handler,
+		       void *jarg);
+
+#define NLMSG_TAIL(nmsg) \
+	((struct rtattr *) (((void *) (nmsg)) + NLMSG_ALIGN((nmsg)->nlmsg_len)))
+
+#ifndef IFA_RTA
+#define IFA_RTA(r) \
+	((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
+#endif
+#ifndef IFA_PAYLOAD
+#define IFA_PAYLOAD(n)	NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg))
+#endif
+
+#ifndef IFLA_RTA
+#define IFLA_RTA(r) \
+	((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
+#endif
+#ifndef IFLA_PAYLOAD
+#define IFLA_PAYLOAD(n)	NLMSG_PAYLOAD(n,sizeof(struct ifinfomsg))
+#endif
+
+#ifndef NDA_RTA
+#define NDA_RTA(r) \
+	((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ndmsg))))
+#endif
+#ifndef NDA_PAYLOAD
+#define NDA_PAYLOAD(n)	NLMSG_PAYLOAD(n,sizeof(struct ndmsg))
+#endif
+
+#ifndef NDTA_RTA
+#define NDTA_RTA(r) \
+	((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ndtmsg))))
+#endif
+#ifndef NDTA_PAYLOAD
+#define NDTA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndtmsg))
+#endif
+
+#endif /* __LIBNETLINK_H__ */
+
diff --git a/src/include/pid.h b/src/include/pid.h
new file mode 100644
index 000000000..aaadaa542
--- /dev/null
+++ b/src/include/pid.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2014, 2015 netblue30 (netblue30@yahoo.com)
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#ifndef PID_H
+#define PID_H
+extern int max_pids;
+
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <sys/types.h>
+#include <unistd.h>
+typedef struct {
+	short level;  // -1 not a firejail process, 0 not investigated yet, 1 firejail process, > 1 firejail child
+	unsigned char zombie;
+	pid_t parent;
+	uid_t uid;
+	char *user;
+	char *cmd;
+	unsigned utime;
+	unsigned stime;
+	unsigned long long rx;	// network rx, bytes
+	unsigned long long tx;	// networking tx, bytes
+	unsigned rx_delta;
+	unsigned tx_delta;
+} Process;
+//extern Process pids[max_pids];
+extern Process *pids;
+
+// pid functions
+void pid_getmem(unsigned pid, unsigned *rss, unsigned *shared);
+void pid_get_cpu_time(unsigned pid, unsigned *utime, unsigned *stime);
+unsigned long long pid_get_start_time(unsigned pid);
+uid_t pid_get_uid(pid_t pid);
+char *pid_get_user_name(uid_t uid);
+// print functions
+void pid_print_tree(unsigned index, unsigned parent, int nowrap);
+void pid_print_list(unsigned index, int nowrap);
+void pid_store_cpu(unsigned index, unsigned parent, unsigned *utime, unsigned *stime);
+void pid_read(pid_t mon_pid);
+
+#endif
-- 
cgit v1.2.3-54-g00ecf