89 inline void Allow(filter& f) {  in Allow()  argument
90     f.push_back(BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW));  in Allow()
93 inline void Disallow(filter& f) {  in Disallow()  argument
94     f.push_back(BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP));  in Disallow()
97 static void ExamineSyscall(filter& f) {  in ExamineSyscall()  argument
98     f.push_back(BPF_STMT(BPF_LD|BPF_W|BPF_ABS, syscall_nr));  in ExamineSyscall()
102 static bool SetValidateArchitectureJumpTarget(size_t offset, filter& f) {  in SetValidateArchitectureJumpTarget()  argument
103     size_t jump_length = f.size() - offset - 1;  in SetValidateArchitectureJumpTarget()
110     f[offset] = BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, SECONDARY_ARCH, u8_jump_length, 0);  in SetValidateArchitectureJumpTarget()
114 static size_t ValidateArchitectureAndJumpIfNeeded(filter& f) {  in ValidateArchitectureAndJumpIfNeeded()  argument
115     f.push_back(BPF_STMT(BPF_LD|BPF_W|BPF_ABS, arch_nr));  in ValidateArchitectureAndJumpIfNeeded()
116     f.push_back(BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, PRIMARY_ARCH, 2, 0));  in ValidateArchitectureAndJumpIfNeeded()
117     f.push_back(BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, SECONDARY_ARCH, 1, 0));  in ValidateArchitectureAndJumpIfNeeded()
118     Disallow(f);  in ValidateArchitectureAndJumpIfNeeded()
119     return f.size() - 2;  in ValidateArchitectureAndJumpIfNeeded()
122 static void ValidateArchitecture(filter& f) {  in ValidateArchitecture()  argument
123     f.push_back(BPF_STMT(BPF_LD|BPF_W|BPF_ABS, arch_nr));  in ValidateArchitecture()
124     f.push_back(BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, PRIMARY_ARCH, 1, 0));  in ValidateArchitecture()
125     Disallow(f);  in ValidateArchitecture()
129 static void ValidateSyscallArgInRange(filter& f, __u32 arg_num, __u32 range_min, __u32 range_max) {  in ValidateSyscallArgInRange()  argument
137     f.push_back(BPF_STMT(BPF_LD|BPF_W|BPF_ABS, syscall_arg));  in ValidateSyscallArgInRange()
138     f.push_back(BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, range_min, 0, 1));  in ValidateSyscallArgInRange()
139     f.push_back(BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, range_max + 1, 0, 1));  in ValidateSyscallArgInRange()
140     Disallow(f);  in ValidateSyscallArgInRange()
151 static void ValidateSetUidGid(filter& f, uint32_t uid_gid_min, uint32_t uid_gid_max, bool primary) {  in ValidateSetUidGid()  argument
153     ExamineSyscall(f);  in ValidateSetUidGid()
155     f.push_back(BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, setresuid_nr, 0, 12));  in ValidateSetUidGid()
157         ValidateSyscallArgInRange(f, arg, uid_gid_min, uid_gid_max);  in ValidateSetUidGid()
161     ExamineSyscall(f);  in ValidateSetUidGid()
163     f.push_back(BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, setresgid_nr, 0, 12));  in ValidateSetUidGid()
165         ValidateSyscallArgInRange(f, arg, uid_gid_min, uid_gid_max);  in ValidateSetUidGid()
169     Allow(f);  in ValidateSetUidGid()
172 static bool install_filter(filter const& f) {  in install_filter()  argument
174         static_cast<unsigned short>(f.size()),  in install_filter()
175         const_cast<struct sock_filter*>(&f[0]),  in install_filter()
179         PLOG(FATAL) << "Could not set seccomp filter of size " << f.size();  in install_filter()
186     filter f;  in _install_setuidgid_filter()  local
191     auto offset_to_secondary_filter = ValidateArchitectureAndJumpIfNeeded(f);  in _install_setuidgid_filter()
193     ValidateArchitecture(f);  in _install_setuidgid_filter()
196     ValidateSetUidGid(f, uid_gid_min, uid_gid_max, true /* primary */);  in _install_setuidgid_filter()
199     if (!SetValidateArchitectureJumpTarget(offset_to_secondary_filter, f)) {  in _install_setuidgid_filter()
203     ValidateSetUidGid(f, uid_gid_min, uid_gid_max, false /* primary */);  in _install_setuidgid_filter()
206     return install_filter(f);  in _install_setuidgid_filter()
218     filter f;  in _set_seccomp_filter()  local
245     auto offset_to_secondary_filter = ValidateArchitectureAndJumpIfNeeded(f);  in _set_seccomp_filter()
247     ValidateArchitecture(f);  in _set_seccomp_filter()
250     ExamineSyscall(f);  in _set_seccomp_filter()
253         f.push_back(p[i]);  in _set_seccomp_filter()
255     Disallow(f);  in _set_seccomp_filter()
258     if (!SetValidateArchitectureJumpTarget(offset_to_secondary_filter, f)) {  in _set_seccomp_filter()
262     ExamineSyscall(f);  in _set_seccomp_filter()
265         f.push_back(s[i]);  in _set_seccomp_filter()
267     Disallow(f);  in _set_seccomp_filter()
270     return install_filter(f);  in _set_seccomp_filter()