commit 3dcf94d1aea523d2caf2b430729128d6194cfc67
parent 0eb11794f56b5f04a973409cfd47605a0bfbc2a8
Author: Joris Vink <joris@coders.se>
Date: Mon, 7 Oct 2019 13:44:31 +0200
Add seccomp.bpf_stmt() method to Python api.
Allows a developer to create their own statements, the bpf_jmp equivalent
may follow later if I need it.
Diffstat:
2 files changed, 29 insertions(+), 0 deletions(-)
diff --git a/include/kore/python_methods.h b/include/kore/python_methods.h
@@ -151,8 +151,11 @@ static PyObject *pyseccomp_deny_flag(struct pyseccomp *,
static PyObject *pyseccomp_deny_mask(struct pyseccomp *,
PyObject *, PyObject *);
+static PyObject *pyseccomp_bpf_stmt(struct pyseccomp *, PyObject *);
+
static PyMethodDef pyseccomp_methods[] = {
METHOD("allow", pyseccomp_allow, METH_VARARGS),
+ METHOD("bpf_stmt", pyseccomp_bpf_stmt, METH_VARARGS),
METHOD("allow_arg", pyseccomp_allow_arg, METH_VARARGS),
METHOD("allow_flag", pyseccomp_allow_flag, METH_VARARGS),
METHOD("allow_mask", pyseccomp_allow_mask, METH_VARARGS),
diff --git a/src/python.c b/src/python.c
@@ -530,6 +530,32 @@ pyseccomp_dealloc(struct pyseccomp *seccomp)
}
static PyObject *
+pyseccomp_bpf_stmt(struct pyseccomp *seccomp, PyObject *args)
+{
+ u_int32_t k;
+ u_int16_t code;
+ size_t len, off;
+ struct sock_filter filter[1];
+
+ if (!PyArg_ParseTuple(args, "HI", &code, &k))
+ return (NULL);
+
+ filter[0].k = k;
+ filter[0].jt = 0;
+ filter[0].jf = 0;
+ filter[0].code = code;
+
+ len = sizeof(struct sock_filter);
+ off = seccomp->elm * sizeof(struct sock_filter);
+ seccomp->filters = kore_realloc(seccomp->filters, off + len);
+
+ memcpy(seccomp->filters + off, filter, len);
+ seccomp->elm += 1;
+
+ Py_RETURN_NONE;
+}
+
+static PyObject *
pyseccomp_allow(struct pyseccomp *seccomp, PyObject *args)
{
const char *syscall;
