diff options
Diffstat (limited to 'src/shared/linux')
l--------- | src/shared/linux/Makefile | 1 | ||||
-rw-r--r-- | src/shared/linux/auto_dev-ioctl.h | 229 | ||||
-rw-r--r-- | src/shared/linux/fanotify.h | 98 | ||||
-rw-r--r-- | src/shared/linux/seccomp-bpf.h | 76 | ||||
-rw-r--r-- | src/shared/linux/seccomp.h | 47 |
5 files changed, 0 insertions, 451 deletions
diff --git a/src/shared/linux/Makefile b/src/shared/linux/Makefile deleted file mode 120000 index d0b0e8e008..0000000000 --- a/src/shared/linux/Makefile +++ /dev/null @@ -1 +0,0 @@ -../Makefile
\ No newline at end of file diff --git a/src/shared/linux/auto_dev-ioctl.h b/src/shared/linux/auto_dev-ioctl.h deleted file mode 100644 index 850f39b33e..0000000000 --- a/src/shared/linux/auto_dev-ioctl.h +++ /dev/null @@ -1,229 +0,0 @@ -/* - * Copyright 2008 Red Hat, Inc. All rights reserved. - * Copyright 2008 Ian Kent <raven@themaw.net> - * - * This file is part of the Linux kernel and is made available under - * the terms of the GNU General Public License, version 2, or at your - * option, any later version, incorporated herein by reference. - */ - -#ifndef _LINUX_AUTO_DEV_IOCTL_H -#define _LINUX_AUTO_DEV_IOCTL_H - -#include <linux/auto_fs.h> - -#ifdef __KERNEL__ -#include <linux/string.h> -#else -#include <string.h> -#endif /* __KERNEL__ */ - -#define AUTOFS_DEVICE_NAME "autofs" - -#define AUTOFS_DEV_IOCTL_VERSION_MAJOR 1 -#define AUTOFS_DEV_IOCTL_VERSION_MINOR 0 - -#define AUTOFS_DEVID_LEN 16 - -#define AUTOFS_DEV_IOCTL_SIZE sizeof(struct autofs_dev_ioctl) - -/* - * An ioctl interface for autofs mount point control. - */ - -struct args_protover { - __u32 version; -}; - -struct args_protosubver { - __u32 sub_version; -}; - -struct args_openmount { - __u32 devid; -}; - -struct args_ready { - __u32 token; -}; - -struct args_fail { - __u32 token; - __s32 status; -}; - -struct args_setpipefd { - __s32 pipefd; -}; - -struct args_timeout { - __u64 timeout; -}; - -struct args_requester { - __u32 uid; - __u32 gid; -}; - -struct args_expire { - __u32 how; -}; - -struct args_askumount { - __u32 may_umount; -}; - -struct args_ismountpoint { - union { - struct args_in { - __u32 type; - } in; - struct args_out { - __u32 devid; - __u32 magic; - } out; - }; -}; - -/* - * All the ioctls use this structure. - * When sending a path size must account for the total length - * of the chunk of memory otherwise is is the size of the - * structure. - */ - -struct autofs_dev_ioctl { - __u32 ver_major; - __u32 ver_minor; - __u32 size; /* total size of data passed in - * including this struct */ - __s32 ioctlfd; /* automount command fd */ - - /* Command parameters */ - - union { - struct args_protover protover; - struct args_protosubver protosubver; - struct args_openmount openmount; - struct args_ready ready; - struct args_fail fail; - struct args_setpipefd setpipefd; - struct args_timeout timeout; - struct args_requester requester; - struct args_expire expire; - struct args_askumount askumount; - struct args_ismountpoint ismountpoint; - }; - - char path[0]; -}; - -static inline void init_autofs_dev_ioctl(struct autofs_dev_ioctl *in) -{ - memset(in, 0, sizeof(struct autofs_dev_ioctl)); - in->ver_major = AUTOFS_DEV_IOCTL_VERSION_MAJOR; - in->ver_minor = AUTOFS_DEV_IOCTL_VERSION_MINOR; - in->size = sizeof(struct autofs_dev_ioctl); - in->ioctlfd = -1; - return; -} - -/* - * If you change this make sure you make the corresponding change - * to autofs-dev-ioctl.c:lookup_ioctl() - */ -enum { - /* Get various version info */ - AUTOFS_DEV_IOCTL_VERSION_CMD = 0x71, - AUTOFS_DEV_IOCTL_PROTOVER_CMD, - AUTOFS_DEV_IOCTL_PROTOSUBVER_CMD, - - /* Open mount ioctl fd */ - AUTOFS_DEV_IOCTL_OPENMOUNT_CMD, - - /* Close mount ioctl fd */ - AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD, - - /* Mount/expire status returns */ - AUTOFS_DEV_IOCTL_READY_CMD, - AUTOFS_DEV_IOCTL_FAIL_CMD, - - /* Activate/deactivate autofs mount */ - AUTOFS_DEV_IOCTL_SETPIPEFD_CMD, - AUTOFS_DEV_IOCTL_CATATONIC_CMD, - - /* Expiry timeout */ - AUTOFS_DEV_IOCTL_TIMEOUT_CMD, - - /* Get mount last requesting uid and gid */ - AUTOFS_DEV_IOCTL_REQUESTER_CMD, - - /* Check for eligible expire candidates */ - AUTOFS_DEV_IOCTL_EXPIRE_CMD, - - /* Request busy status */ - AUTOFS_DEV_IOCTL_ASKUMOUNT_CMD, - - /* Check if path is a mountpoint */ - AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD, -}; - -#define AUTOFS_IOCTL 0x93 - -#define AUTOFS_DEV_IOCTL_VERSION \ - _IOWR(AUTOFS_IOCTL, \ - AUTOFS_DEV_IOCTL_VERSION_CMD, struct autofs_dev_ioctl) - -#define AUTOFS_DEV_IOCTL_PROTOVER \ - _IOWR(AUTOFS_IOCTL, \ - AUTOFS_DEV_IOCTL_PROTOVER_CMD, struct autofs_dev_ioctl) - -#define AUTOFS_DEV_IOCTL_PROTOSUBVER \ - _IOWR(AUTOFS_IOCTL, \ - AUTOFS_DEV_IOCTL_PROTOSUBVER_CMD, struct autofs_dev_ioctl) - -#define AUTOFS_DEV_IOCTL_OPENMOUNT \ - _IOWR(AUTOFS_IOCTL, \ - AUTOFS_DEV_IOCTL_OPENMOUNT_CMD, struct autofs_dev_ioctl) - -#define AUTOFS_DEV_IOCTL_CLOSEMOUNT \ - _IOWR(AUTOFS_IOCTL, \ - AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD, struct autofs_dev_ioctl) - -#define AUTOFS_DEV_IOCTL_READY \ - _IOWR(AUTOFS_IOCTL, \ - AUTOFS_DEV_IOCTL_READY_CMD, struct autofs_dev_ioctl) - -#define AUTOFS_DEV_IOCTL_FAIL \ - _IOWR(AUTOFS_IOCTL, \ - AUTOFS_DEV_IOCTL_FAIL_CMD, struct autofs_dev_ioctl) - -#define AUTOFS_DEV_IOCTL_SETPIPEFD \ - _IOWR(AUTOFS_IOCTL, \ - AUTOFS_DEV_IOCTL_SETPIPEFD_CMD, struct autofs_dev_ioctl) - -#define AUTOFS_DEV_IOCTL_CATATONIC \ - _IOWR(AUTOFS_IOCTL, \ - AUTOFS_DEV_IOCTL_CATATONIC_CMD, struct autofs_dev_ioctl) - -#define AUTOFS_DEV_IOCTL_TIMEOUT \ - _IOWR(AUTOFS_IOCTL, \ - AUTOFS_DEV_IOCTL_TIMEOUT_CMD, struct autofs_dev_ioctl) - -#define AUTOFS_DEV_IOCTL_REQUESTER \ - _IOWR(AUTOFS_IOCTL, \ - AUTOFS_DEV_IOCTL_REQUESTER_CMD, struct autofs_dev_ioctl) - -#define AUTOFS_DEV_IOCTL_EXPIRE \ - _IOWR(AUTOFS_IOCTL, \ - AUTOFS_DEV_IOCTL_EXPIRE_CMD, struct autofs_dev_ioctl) - -#define AUTOFS_DEV_IOCTL_ASKUMOUNT \ - _IOWR(AUTOFS_IOCTL, \ - AUTOFS_DEV_IOCTL_ASKUMOUNT_CMD, struct autofs_dev_ioctl) - -#define AUTOFS_DEV_IOCTL_ISMOUNTPOINT \ - _IOWR(AUTOFS_IOCTL, \ - AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD, struct autofs_dev_ioctl) - -#endif /* _LINUX_AUTO_DEV_IOCTL_H */ diff --git a/src/shared/linux/fanotify.h b/src/shared/linux/fanotify.h deleted file mode 100644 index 63531a6b4d..0000000000 --- a/src/shared/linux/fanotify.h +++ /dev/null @@ -1,98 +0,0 @@ -#ifndef _LINUX_FANOTIFY_H -#define _LINUX_FANOTIFY_H - -#include <linux/types.h> - -/* the following events that user-space can register for */ -#define FAN_ACCESS 0x00000001 /* File was accessed */ -#define FAN_MODIFY 0x00000002 /* File was modified */ -#define FAN_CLOSE_WRITE 0x00000008 /* Unwrittable file closed */ -#define FAN_CLOSE_NOWRITE 0x00000010 /* Writtable file closed */ -#define FAN_OPEN 0x00000020 /* File was opened */ - -#define FAN_EVENT_ON_CHILD 0x08000000 /* interested in child events */ - -/* FIXME currently Q's have no limit.... */ -#define FAN_Q_OVERFLOW 0x00004000 /* Event queued overflowed */ - -#define FAN_OPEN_PERM 0x00010000 /* File open in perm check */ -#define FAN_ACCESS_PERM 0x00020000 /* File accessed in perm check */ - -/* helper events */ -#define FAN_CLOSE (FAN_CLOSE_WRITE | FAN_CLOSE_NOWRITE) /* close */ - -/* flags used for fanotify_init() */ -#define FAN_CLOEXEC 0x00000001 -#define FAN_NONBLOCK 0x00000002 - -#define FAN_ALL_INIT_FLAGS (FAN_CLOEXEC | FAN_NONBLOCK) - -/* flags used for fanotify_modify_mark() */ -#define FAN_MARK_ADD 0x00000001 -#define FAN_MARK_REMOVE 0x00000002 -#define FAN_MARK_DONT_FOLLOW 0x00000004 -#define FAN_MARK_ONLYDIR 0x00000008 -#define FAN_MARK_MOUNT 0x00000010 -#define FAN_MARK_IGNORED_MASK 0x00000020 -#define FAN_MARK_IGNORED_SURV_MODIFY 0x00000040 -#define FAN_MARK_FLUSH 0x00000080 - -#define FAN_ALL_MARK_FLAGS (FAN_MARK_ADD |\ - FAN_MARK_REMOVE |\ - FAN_MARK_DONT_FOLLOW |\ - FAN_MARK_ONLYDIR |\ - FAN_MARK_MOUNT |\ - FAN_MARK_IGNORED_MASK |\ - FAN_MARK_IGNORED_SURV_MODIFY) - -/* - * All of the events - we build the list by hand so that we can add flags in - * the future and not break backward compatibility. Apps will get only the - * events that they originally wanted. Be sure to add new events here! - */ -#define FAN_ALL_EVENTS (FAN_ACCESS |\ - FAN_MODIFY |\ - FAN_CLOSE |\ - FAN_OPEN) - -/* - * All events which require a permission response from userspace - */ -#define FAN_ALL_PERM_EVENTS (FAN_OPEN_PERM |\ - FAN_ACCESS_PERM) - -#define FAN_ALL_OUTGOING_EVENTS (FAN_ALL_EVENTS |\ - FAN_ALL_PERM_EVENTS |\ - FAN_Q_OVERFLOW) - -#define FANOTIFY_METADATA_VERSION 2 - -struct fanotify_event_metadata { - __u32 event_len; - __u32 vers; - __u64 mask; - __s32 fd; - __s32 pid; -} __attribute__ ((packed)); - -struct fanotify_response { - __s32 fd; - __u32 response; -} __attribute__ ((packed)); - -/* Legit userspace responses to a _PERM event */ -#define FAN_ALLOW 0x01 -#define FAN_DENY 0x02 - -/* Helper functions to deal with fanotify_event_metadata buffers */ -#define FAN_EVENT_METADATA_LEN (sizeof(struct fanotify_event_metadata)) - -#define FAN_EVENT_NEXT(meta, len) ((len) -= (meta)->event_len, \ - (struct fanotify_event_metadata*)(((char *)(meta)) + \ - (meta)->event_len)) - -#define FAN_EVENT_OK(meta, len) ((long)(len) >= (long)FAN_EVENT_METADATA_LEN && \ - (long)(meta)->event_len >= (long)FAN_EVENT_METADATA_LEN && \ - (long)(meta)->event_len <= (long)(len)) - -#endif /* _LINUX_FANOTIFY_H */ diff --git a/src/shared/linux/seccomp-bpf.h b/src/shared/linux/seccomp-bpf.h deleted file mode 100644 index 1e3d136739..0000000000 --- a/src/shared/linux/seccomp-bpf.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * seccomp example for x86 (32-bit and 64-bit) with BPF macros - * - * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org> - * Authors: - * Will Drewry <wad@chromium.org> - * Kees Cook <keescook@chromium.org> - * - * The code may be used by anyone for any purpose, and can serve as a - * starting point for developing applications using mode 2 seccomp. - */ -#ifndef _SECCOMP_BPF_H_ -#define _SECCOMP_BPF_H_ - -#include <stdio.h> -#include <stddef.h> -#include <stdlib.h> -#include <errno.h> -#include <signal.h> -#include <string.h> -#include <unistd.h> - -#include <sys/prctl.h> - -#include <linux/unistd.h> -#include <linux/audit.h> -#include <linux/filter.h> -#include <linux/seccomp.h> - -#ifndef SECCOMP_MODE_FILTER -# define SECCOMP_MODE_FILTER 2 /* uses user-supplied filter. */ -# define SECCOMP_RET_KILL 0x00000000U /* kill the task immediately */ -# define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */ -# define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */ -struct seccomp_data { - int nr; - __u32 arch; - __u64 instruction_pointer; - __u64 args[6]; -}; -#endif -#ifndef SYS_SECCOMP -# define SYS_SECCOMP 1 -#endif - -#define syscall_nr (offsetof(struct seccomp_data, nr)) -#define arch_nr (offsetof(struct seccomp_data, arch)) - -#if defined(__i386__) -# define REG_SYSCALL REG_EAX -# define ARCH_NR AUDIT_ARCH_I386 -#elif defined(__x86_64__) -# define REG_SYSCALL REG_RAX -# define ARCH_NR AUDIT_ARCH_X86_64 -#else -# warning "Platform does not support seccomp filter yet" -# define REG_SYSCALL 0 -# define ARCH_NR 0 -#endif - -#define VALIDATE_ARCHITECTURE \ - BPF_STMT(BPF_LD+BPF_W+BPF_ABS, arch_nr), \ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \ - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL) - -#define EXAMINE_SYSCALL \ - BPF_STMT(BPF_LD+BPF_W+BPF_ABS, syscall_nr) - -#define ALLOW_SYSCALL(name) \ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_##name, 0, 1), \ - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) - -#define _KILL_PROCESS \ - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL) - -#endif /* _SECCOMP_BPF_H_ */ diff --git a/src/shared/linux/seccomp.h b/src/shared/linux/seccomp.h deleted file mode 100644 index 9c03683fa0..0000000000 --- a/src/shared/linux/seccomp.h +++ /dev/null @@ -1,47 +0,0 @@ -#ifndef _LINUX_SECCOMP_H -#define _LINUX_SECCOMP_H - - -#include <linux/types.h> - - -/* Valid values for seccomp.mode and prctl(PR_SET_SECCOMP, <mode>) */ -#define SECCOMP_MODE_DISABLED 0 /* seccomp is not in use. */ -#define SECCOMP_MODE_STRICT 1 /* uses hard-coded filter. */ -#define SECCOMP_MODE_FILTER 2 /* uses user-supplied filter. */ - -/* - * All BPF programs must return a 32-bit value. - * The bottom 16-bits are for optional return data. - * The upper 16-bits are ordered from least permissive values to most. - * - * The ordering ensures that a min_t() over composed return values always - * selects the least permissive choice. - */ -#define SECCOMP_RET_KILL 0x00000000U /* kill the task immediately */ -#define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */ -#define SECCOMP_RET_ERRNO 0x00050000U /* returns an errno */ -#define SECCOMP_RET_TRACE 0x7ff00000U /* pass to a tracer or disallow */ -#define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */ - -/* Masks for the return value sections. */ -#define SECCOMP_RET_ACTION 0x7fff0000U -#define SECCOMP_RET_DATA 0x0000ffffU - -/** - * struct seccomp_data - the format the BPF program executes over. - * @nr: the system call number - * @arch: indicates system call convention as an AUDIT_ARCH_* value - * as defined in <linux/audit.h>. - * @instruction_pointer: at the time of the system call. - * @args: up to 6 system call arguments always stored as 64-bit values - * regardless of the architecture. - */ -struct seccomp_data { - int nr; - __u32 arch; - __u64 instruction_pointer; - __u64 args[6]; -}; - -#endif /* _LINUX_SECCOMP_H */ |