1  /*
       2   * Decoder of seccomp filter programs.
       3   *
       4   * Copyright (c) 2015-2022 Dmitry V. Levin <ldv@strace.io>
       5   * All rights reserved.
       6   *
       7   * SPDX-License-Identifier: LGPL-2.1-or-later
       8   */
       9  
      10  #include "defs.h"
      11  
      12  #include "bpf_filter.h"
      13  
      14  #include <linux/filter.h>
      15  #include <linux/seccomp.h>
      16  #include "xlat/seccomp_ret_action.h"
      17  
      18  static bool
      19  print_seccomp_filter_k(const struct bpf_filter_block *const fp)
      20  {
      21  	if (BPF_CLASS(fp->code) == BPF_RET) {
      22  		unsigned int action = SECCOMP_RET_ACTION_FULL & fp->k;
      23  		unsigned int data = fp->k & ~action;
      24  
      25  		tprint_flags_begin();
      26  		printxval(seccomp_ret_action, action, "SECCOMP_RET_???");
      27  		if (data) {
      28  			tprint_flags_or();
      29  			PRINT_VAL_X(data);
      30  		}
      31  		tprint_flags_end();
      32  
      33  		return true;
      34  	}
      35  
      36  	return false;
      37  }
      38  
      39  void
      40  print_seccomp_fprog(struct tcb *const tcp, const kernel_ulong_t addr,
      41  		    const unsigned short len)
      42  {
      43  	print_bpf_fprog(tcp, addr, len, print_seccomp_filter_k);
      44  }
      45  
      46  void
      47  decode_seccomp_fprog(struct tcb *const tcp, const kernel_ulong_t addr)
      48  {
      49  	decode_bpf_fprog(tcp, addr, print_seccomp_filter_k);
      50  }