1 /* syscall_filter.h
2  * Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
3  * Use of this source code is governed by a BSD-style license that can be
4  * found in the LICENSE file.
5  *
6  * Syscall filter functions.
7  */
8 
9 #ifndef SYSCALL_FILTER_H
10 #define SYSCALL_FILTER_H
11 
12 #include "bpf.h"
13 
14 #ifdef __cplusplus
15 extern "C" {
16 #endif
17 
18 struct filter_block {
19 	struct sock_filter *instrs;
20 	size_t len;
21 
22 	struct filter_block *next;
23 	struct filter_block *last;
24 	size_t total_len;
25 };
26 
27 struct parser_state {
28 	const char *filename;
29 	size_t line_number;
30 };
31 
32 struct bpf_labels;
33 
34 struct filter_block *compile_policy_line(struct parser_state *state, int nr,
35 					 const char *policy_line,
36 					 unsigned int label_id,
37 					 struct bpf_labels *labels,
38 					 int do_ret_trap);
39 int compile_file(const char *filename, FILE *policy_file,
40 		 struct filter_block *head, struct filter_block **arg_blocks,
41 		 struct bpf_labels *labels, int use_ret_trap, int allow_logging,
42 		 unsigned int include_level);
43 int compile_filter(const char *filename, FILE *policy_file,
44 		   struct sock_fprog *prog, int do_ret_trap,
45 		   int add_logging_syscalls);
46 
47 struct filter_block *new_filter_block(void);
48 int flatten_block_list(struct filter_block *head, struct sock_filter *filter,
49 		       size_t index, size_t cap);
50 void free_block_list(struct filter_block *head);
51 
52 int seccomp_can_softfail(void);
53 
54 #ifdef __cplusplus
55 }; /* extern "C" */
56 #endif
57 
58 #endif /* SYSCALL_FILTER_H */
59