As requested by the systemd developers and used by our own tools.
Signed-off-by: Paul Moore <pmo...@redhat.com>
---
doc/man/man3/seccomp_arch_add.3 | 10 +++++++-
include/seccomp.h.in | 10 ++++++++
src/api.c | 15 ++++++++++++
src/arch.c | 25 ++++++++++++++++++++
src/arch.h | 1 +
src/python/libseccomp.pxd | 1 +
src/python/seccomp.pyx | 48 +++++++++++++++++++++++++++++++++++++--
7 files changed, 106 insertions(+), 4 deletions(-)
diff --git a/doc/man/man3/seccomp_arch_add.3 b/doc/man/man3/seccomp_arch_add.3
index f03376d..dd000fc 100644
--- a/doc/man/man3/seccomp_arch_add.3
+++ b/doc/man/man3/seccomp_arch_add.3
@@ -1,4 +1,4 @@
-.TH "seccomp_arch_add" 3 "16 April 2014" "p...@paul-moore.com" "libseccomp
Documentation"
+.TH "seccomp_arch_add" 3 "7 May 2014" "p...@paul-moore.com" "libseccomp
Documentation"
.\" //////////////////////////////////////////////////////////////////////////
.SH NAME
.\" //////////////////////////////////////////////////////////////////////////
@@ -15,6 +15,7 @@ seccomp_arch_add, seccomp_arch_remove, seccomp_arch_exist,
seccomp_arch_native \
.B #define SCMP_ARCH_X86
.B #define SCMP_ARCH_X86_64
.sp
+.BI "uint32_t seccomp_arch_resolve_name(const char *" arch_name ");"
.BI "uint32_t seccomp_arch_native();"
.BI "int seccomp_arch_exist(const scmp_filter_ctx " ctx ", uint32_t "
arch_token ");"
.BI "int seccomp_arch_add(scmp_filter_ctx " ctx ", uint32_t " arch_token ");"
@@ -46,7 +47,12 @@ constant always referring to the native compiled
architecture. The
.BR seccomp_arch_native ()
function returns the system's architecture such that it will match one of the
.BR SCMP_ARCH_*
-constants.
+constants. While the
+.BR seccomp_arch_resolve_name ()
+function also returns a
+.BR SCMP_ARCH_*
+constant, the returned token matches the name of the architecture
+passed as an argument to the function.
.P
When a seccomp filter is initialized with the call to
.BR seccomp_init (3)
diff --git a/include/seccomp.h.in b/include/seccomp.h.in
index 07336e6..e119c8c 100644
--- a/include/seccomp.h.in
+++ b/include/seccomp.h.in
@@ -254,6 +254,16 @@ void seccomp_release(scmp_filter_ctx ctx);
int seccomp_merge(scmp_filter_ctx ctx_dst, scmp_filter_ctx ctx_src);
/**
+ * Resolve the architecture name to a architecture token
+ * @param arch_name the architecture name
+ *
+ * This function resolves the given architecture name to a token suitable for
+ * use with libseccomp, returns zero on failure.
+ *
+ */
+uint32_t seccomp_arch_resolve_name(const char *arch_name);
+
+/**
* Return the native architecture token
*
* This function returns the native architecture token value, e.g. SCMP_ARCH_*.
diff --git a/src/api.c b/src/api.c
index ec01fb9..7d4843f 100644
--- a/src/api.c
+++ b/src/api.c
@@ -142,6 +142,21 @@ API int seccomp_merge(scmp_filter_ctx ctx_dst,
}
/* NOTE - function header comment in include/seccomp.h */
+API uint32_t seccomp_arch_resolve_name(const char *arch_name)
+{
+ const struct arch_def *arch;
+
+ if (arch_name == NULL)
+ return 0;
+
+ arch = arch_def_lookup_name(arch_name);
+ if (arch == NULL)
+ return 0;
+
+ return arch->token;
+}
+
+/* NOTE - function header comment in include/seccomp.h */
API uint32_t seccomp_arch_native(void)
{
return arch_def_native->token;
diff --git a/src/arch.c b/src/arch.c
index 1b0a3ef..2d2644d 100644
--- a/src/arch.c
+++ b/src/arch.c
@@ -105,6 +105,31 @@ const struct arch_def *arch_def_lookup(uint32_t token)
}
/**
+ * Lookup the architecture definition by name
+ * @param arch the architecure name
+ *
+ * Return the matching architecture definition, returns NULL on failure.
+ *
+ */
+const struct arch_def *arch_def_lookup_name(const char *arch_name)
+{
+ if (strcmp(arch_name, "x86") == 0)
+ return &arch_def_x86;
+ else if (strcmp(arch_name, "x86_64") == 0)
+ return &arch_def_x86_64;
+ else if (strcmp(arch_name, "x32") == 0)
+ return &arch_def_x32;
+ else if (strcmp(arch_name, "arm") == 0)
+ return &arch_def_arm;
+ else if (strcmp(arch_name, "mips") == 0)
+ return &arch_def_mips;
+ else if (strcmp(arch_name, "mipsel") == 0)
+ return &arch_def_mipsel;
+
+ return NULL;
+}
+
+/**
* Determine the maximum number of syscall arguments
* @param arch the architecture definition
*
diff --git a/src/arch.h b/src/arch.h
index d3ed9be..aa3158c 100644
--- a/src/arch.h
+++ b/src/arch.h
@@ -78,6 +78,7 @@ struct arch_syscall_def {
int arch_valid(uint32_t arch);
const struct arch_def *arch_def_lookup(uint32_t token);
+const struct arch_def *arch_def_lookup_name(const char *arch_name);
int arch_arg_count_max(const struct arch_def *arch);
diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd
index 1c3921c..5fea471 100644
--- a/src/python/libseccomp.pxd
+++ b/src/python/libseccomp.pxd
@@ -69,6 +69,7 @@ cdef extern from "seccomp.h":
int seccomp_merge(scmp_filter_ctx ctx_dst, scmp_filter_ctx ctx_src)
+ uint32_t seccomp_arch_resolve_name(char *arch_name)
uint32_t seccomp_arch_native()
int seccomp_arch_exist(scmp_filter_ctx ctx, int arch_token)
int seccomp_arch_add(scmp_filter_ctx ctx, int arch_token)
diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
index 702a520..f1848dc 100644
--- a/src/python/seccomp.pyx
+++ b/src/python/seccomp.pyx
@@ -120,9 +120,9 @@ def resolve_syscall(arch, syscall):
"""
cdef char *ret_str
- if (isinstance(syscall, basestring)):
+ if isinstance(syscall, basestring):
return libseccomp.seccomp_syscall_resolve_name_arch(arch, syscall)
- elif (isinstance(syscall, int)):
+ elif isinstance(syscall, int):
ret_str = libseccomp.seccomp_syscall_resolve_num_arch(arch, syscall)
if ret_str is NULL:
raise ValueError('Unknown syscall %d on arch %d' % (syscall, arch))
@@ -144,6 +144,8 @@ cdef class Arch:
MIPSEL - MIPS little endian
"""
+ cdef int _token
+
NATIVE = libseccomp.SCMP_ARCH_NATIVE
X86 = libseccomp.SCMP_ARCH_X86
X86_64 = libseccomp.SCMP_ARCH_X86_64
@@ -152,6 +154,48 @@ cdef class Arch:
MIPS = libseccomp.SCMP_ARCH_MIPS
MIPSEL = libseccomp.SCMP_ARCH_MIPSEL
+ def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE):
+ """ Initialize the architecture object.
+
+ Arguments:
+ arch - the architecture name or token value
+
+ Description:
+ Create an architecture object using the given name or token value.
+ """
+ if isinstance(arch, int):
+ if arch == libseccomp.SCMP_ARCH_NATIVE:
+ self._token = libseccomp.seccomp_arch_native()
+ elif arch == libseccomp.SCMP_ARCH_X86:
+ self._token = libseccomp.SCMP_ARCH_X86
+ elif arch == libseccomp.SCMP_ARCH_X86_64:
+ self._token = libseccomp.SCMP_ARCH_X86_64
+ elif arch == libseccomp.SCMP_ARCH_X32:
+ self._token = libseccomp.SCMP_ARCH_X32
+ elif arch == libseccomp.SCMP_ARCH_ARM:
+ self._token = libseccomp.SCMP_ARCH_ARM
+ elif arch == libseccomp.SCMP_ARCH_MIPS:
+ self._token = libseccomp.SCMP_ARCH_MIPS
+ elif arch == libseccomp.SCMP_ARCH_MIPSEL:
+ self._token = libseccomp.SCMP_ARCH_MIPSEL
+ else:
+ self._token = 0;
+ elif isinstance(arch, basestring):
+ self._token = libseccomp.seccomp_arch_resolve_name(arch)
+ else:
+ raise TypeError("Architecture must be an int or str type")
+ if self._token == 0:
+ raise ValueError("Invalid architecture")
+
+ def __int__(self):
+ """ Convert the architecture object to a token value.
+
+ Description:
+ Convert the architecture object to an integer representing the
+ architecture's token value.
+ """
+ return self._token
+
cdef class Attr:
""" Python object representing the SyscallFilter attributes.
------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
libseccomp-discuss mailing list
libseccomp-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
