Merge "Expose seccomp table" am: 4b43140142 am: 448e702fd3
am: 6ed3b2bd7a
Change-Id: I7e5d34ce6c0feb6c65aa39189684a5f59d3b6679
diff --git a/libc/seccomp/include/seccomp_policy.h b/libc/seccomp/include/seccomp_policy.h
index 33b5d0e..397f8e4 100644
--- a/libc/seccomp/include/seccomp_policy.h
+++ b/libc/seccomp/include/seccomp_policy.h
@@ -17,6 +17,10 @@
#ifndef SECCOMP_POLICY_H
#define SECCOMP_POLICY_H
+#include <stddef.h>
+#include <linux/filter.h>
+
bool set_seccomp_filter();
+void get_seccomp_filter(const sock_filter*& filter, size_t& filter_size);
#endif
diff --git a/libc/seccomp/seccomp_policy.cpp b/libc/seccomp/seccomp_policy.cpp
index d93ae1e..fd2179b 100644
--- a/libc/seccomp/seccomp_policy.cpp
+++ b/libc/seccomp/seccomp_policy.cpp
@@ -18,7 +18,6 @@
#include <assert.h>
#include <linux/audit.h>
-#include <linux/filter.h>
#include <linux/seccomp.h>
#include <sys/prctl.h>
@@ -154,3 +153,13 @@
return install_filter(f);
}
+
+void get_seccomp_filter(const sock_filter*& filter, size_t& filter_size) {
+#if defined __aarch64__ || defined __x86_64__ || defined __mips64__
+ filter = primary_filter;
+ filter_size = primary_filter_size;
+#else
+ filter = secondary_filter;
+ filter_size = secondary_filter_size;
+#endif
+}