libc/tools/genseccomp.py - android_bionic - Gitiles

 #!/usr/bin/env python
 import os
 from subprocess import Popen, PIPE
 import textwrap
 from gensyscalls import SysCallsTxtParser


 syscall_file = "SYSCALLS.TXT"


 class SyscallRange(object):
   def __init__(self, name, value):
     self.names = [name]
     self.begin = value
     self.end = self.begin + 1

   def add(self, name, value):
     if value != self.end:
       raise ValueError
     self.end += 1
     self.names.append(name)


 def generate_bpf_jge(value, ge_target, less_target):
   return "BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, {0}, {1}, {2})".format(value, ge_target, less_target)


 # Converts the sorted ranges of allowed syscalls to a binary tree bpf
 # For a single range, output a simple jump to {fail} or {allow}. We can't set
 # the jump ranges yet, since we don't know the size of the filter, so use a
 # placeholder
 # For multiple ranges, split into two, convert the two halves and output a jump
 # to the correct half
 def convert_to_bpf(ranges):
   if len(ranges) == 1:
     # We will replace {fail} and {allow} with appropriate range jumps later
     return [generate_bpf_jge(ranges[0].end, "{fail}", "{allow}") +
             ", //" + "|".join(ranges[0].names)]
   else:
     half = (len(ranges) + 1) / 2
     first = convert_to_bpf(ranges[:half])
     second = convert_to_bpf(ranges[half:])
     return [generate_bpf_jge(ranges[half].begin, len(first), 0) + ","] + first + second


 def construct_bpf(architecture, header_dir, output_path):
   parser = SysCallsTxtParser()
   parser.parse_file(syscall_file)
   syscalls = parser.syscalls

   # Select only elements matching required architecture
   syscalls = [x for x in syscalls if architecture in x and x[architecture]]

   # We only want the name
   names = [x["name"] for x in syscalls]

   # Run preprocessor over the __NR_syscall symbols, including unistd.h,
   # to get the actual numbers
   prefix = "__SECCOMP_"  # prefix to ensure no name collisions
   cpp = Popen(["../../prebuilts/clang/host/linux-x86/clang-stable/bin/clang",
                "-E", "-nostdinc", "-I" + header_dir, "-Ikernel/uapi/", "-"],
               stdin=PIPE, stdout=PIPE)
   cpp.stdin.write("#include <asm/unistd.h>\n")
   for name in names:
     # In SYSCALLS.TXT, there are two arm-specific syscalls whose names start
     # with __ARM__NR_. These we must simply write out as is.
     if not name.startswith("__ARM_NR_"):
       cpp.stdin.write(prefix + name + ", __NR_" + name + "\n")
     else:
       cpp.stdin.write(prefix + name + ", " + name + "\n")
   content = cpp.communicate()[0].split("\n")

   # The input is now the preprocessed source file. This will contain a lot
   # of junk from the preprocessor, but our lines will be in the format:
   #
   #     __SECCOMP_${NAME}, (0 + value)

   syscalls = []
   for line in content:
     if not line.startswith(prefix):
       continue

     # We might pick up extra whitespace during preprocessing, so best to strip.
     name, value = [w.strip() for w in line.split(",")]
     name = name[len(prefix):]

     # Note that some of the numbers were expressed as base + offset, so we
     # need to eval, not just int
     value = eval(value)
     syscalls.append((name, value))

   # Sort the values so we convert to ranges and binary chop
   syscalls = sorted(syscalls, lambda x, y: cmp(x[1], y[1]))

   # Turn into a list of ranges. Keep the names for the comments
   ranges = []
   for name, value in syscalls:
     if not ranges:
       ranges.append(SyscallRange(name, value))
       continue

     last_range = ranges[-1]
     if last_range.end == value:
       last_range.add(name, value)
     else:
       ranges.append(SyscallRange(name, value))

   bpf = convert_to_bpf(ranges)

   # Now we know the size of the tree, we can substitute the {fail} and {allow}
   # placeholders
   for i, statement in enumerate(bpf):
     # Replace placeholder with
     # "distance to jump to fail, distance to jump to allow"
     # We will add a kill statement and an allow statement after the tree
     # With bpfs jmp 0 means the next statement, so the distance to the end is
     # len(bpf) - i - 1, which is where we will put the kill statement, and
     # then the statement after that is the allow statement
     if "{fail}" in statement and "{allow}" in statement:
       bpf[i] = statement.format(fail=str(len(bpf) - i - 1),
                                 allow=str(len(bpf) - i))

   # Add check that we aren't off the bottom of the syscalls
   bpf.insert(0,
              "BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, " + str(ranges[0].begin) +
              ", 0, " + str(len(bpf)) + "),")

   # Add the error and allow calls at the end
   bpf.append("BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_TRAP),")
   bpf.append("BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW),")

   # And output policy
   header = textwrap.dedent("""\
     // Autogenerated file - edit at your peril!!

     #include <linux/filter.h>
     #include <errno.h>

     #include "seccomp_policy.h"
     const struct sock_filter {architecture}_filter[] = {{
     """).format(architecture=architecture)

   footer = textwrap.dedent("""\

     }};

     const size_t {architecture}_filter_size = sizeof({architecture}_filter) / sizeof(struct sock_filter);
     """).format(architecture=architecture)
   output = header + "\n".join(bpf) + footer

   existing = ""
   if os.path.isfile(output_path):
     existing = open(output_path).read()
   if output == existing:
     print "File " + output_path + " not changed."
   else:
     with open(output_path, "w") as output_file:
       output_file.write(output)

     print "Generated file " + output_path


 def main():
   # Set working directory for predictable results
   os.chdir(os.path.join(os.environ["ANDROID_BUILD_TOP"], "bionic/libc"))
   construct_bpf("arm", "kernel/uapi/asm-arm", "seccomp/arm_policy.c")
   construct_bpf("arm64", "kernel/uapi/asm-arm64", "seccomp/arm64_policy.c")


 if __name__ == "__main__":
   main()
	#!/usr/bin/env python
	import os
	from subprocess import Popen, PIPE
	import textwrap
	from gensyscalls import SysCallsTxtParser


	syscall_file = "SYSCALLS.TXT"


	class SyscallRange(object):
	def __init__(self, name, value):
	self.names = [name]
	self.begin = value
	self.end = self.begin + 1

	def add(self, name, value):
	if value != self.end:
	raise ValueError
	self.end += 1
	self.names.append(name)


	def generate_bpf_jge(value, ge_target, less_target):
	return "BPF_JUMP(BPF_JMP\|BPF_JGE\|BPF_K, {0}, {1}, {2})".format(value, ge_target, less_target)


	# Converts the sorted ranges of allowed syscalls to a binary tree bpf
	# For a single range, output a simple jump to {fail} or {allow}. We can't set
	# the jump ranges yet, since we don't know the size of the filter, so use a
	# placeholder
	# For multiple ranges, split into two, convert the two halves and output a jump
	# to the correct half
	def convert_to_bpf(ranges):
	if len(ranges) == 1:
	# We will replace {fail} and {allow} with appropriate range jumps later
	return [generate_bpf_jge(ranges[0].end, "{fail}", "{allow}") +
	", //" + "\|".join(ranges[0].names)]
	else:
	half = (len(ranges) + 1) / 2
	first = convert_to_bpf(ranges[:half])
	second = convert_to_bpf(ranges[half:])
	return [generate_bpf_jge(ranges[half].begin, len(first), 0) + ","] + first + second


	def construct_bpf(architecture, header_dir, output_path):
	parser = SysCallsTxtParser()
	parser.parse_file(syscall_file)
	syscalls = parser.syscalls

	# Select only elements matching required architecture
	syscalls = [x for x in syscalls if architecture in x and x[architecture]]

	# We only want the name
	names = [x["name"] for x in syscalls]

	# Run preprocessor over the __NR_syscall symbols, including unistd.h,
	# to get the actual numbers
	prefix = "__SECCOMP_" # prefix to ensure no name collisions
	cpp = Popen(["../../prebuilts/clang/host/linux-x86/clang-stable/bin/clang",
	"-E", "-nostdinc", "-I" + header_dir, "-Ikernel/uapi/", "-"],
	stdin=PIPE, stdout=PIPE)
	cpp.stdin.write("#include <asm/unistd.h>\n")
	for name in names:
	# In SYSCALLS.TXT, there are two arm-specific syscalls whose names start
	# with __ARM__NR_. These we must simply write out as is.
	if not name.startswith("__ARM_NR_"):
	cpp.stdin.write(prefix + name + ", __NR_" + name + "\n")
	else:
	cpp.stdin.write(prefix + name + ", " + name + "\n")
	content = cpp.communicate()[0].split("\n")

	# The input is now the preprocessed source file. This will contain a lot
	# of junk from the preprocessor, but our lines will be in the format:
	#
	# __SECCOMP_${NAME}, (0 + value)

	syscalls = []
	for line in content:
	if not line.startswith(prefix):
	continue

	# We might pick up extra whitespace during preprocessing, so best to strip.
	name, value = [w.strip() for w in line.split(",")]
	name = name[len(prefix):]

	# Note that some of the numbers were expressed as base + offset, so we
	# need to eval, not just int
	value = eval(value)
	syscalls.append((name, value))

	# Sort the values so we convert to ranges and binary chop
	syscalls = sorted(syscalls, lambda x, y: cmp(x[1], y[1]))

	# Turn into a list of ranges. Keep the names for the comments
	ranges = []
	for name, value in syscalls:
	if not ranges:
	ranges.append(SyscallRange(name, value))
	continue

	last_range = ranges[-1]
	if last_range.end == value:
	last_range.add(name, value)
	else:
	ranges.append(SyscallRange(name, value))

	bpf = convert_to_bpf(ranges)

	# Now we know the size of the tree, we can substitute the {fail} and {allow}
	# placeholders
	for i, statement in enumerate(bpf):
	# Replace placeholder with
	# "distance to jump to fail, distance to jump to allow"
	# We will add a kill statement and an allow statement after the tree
	# With bpfs jmp 0 means the next statement, so the distance to the end is
	# len(bpf) - i - 1, which is where we will put the kill statement, and
	# then the statement after that is the allow statement
	if "{fail}" in statement and "{allow}" in statement:
	bpf[i] = statement.format(fail=str(len(bpf) - i - 1),
	allow=str(len(bpf) - i))

	# Add check that we aren't off the bottom of the syscalls
	bpf.insert(0,
	"BPF_JUMP(BPF_JMP\|BPF_JGE\|BPF_K, " + str(ranges[0].begin) +
	", 0, " + str(len(bpf)) + "),")

	# Add the error and allow calls at the end
	bpf.append("BPF_STMT(BPF_RET\|BPF_K, SECCOMP_RET_TRAP),")
	bpf.append("BPF_STMT(BPF_RET\|BPF_K, SECCOMP_RET_ALLOW),")

	# And output policy
	header = textwrap.dedent("""\
	// Autogenerated file - edit at your peril!!

	#include <linux/filter.h>
	#include <errno.h>

	#include "seccomp_policy.h"
	const struct sock_filter {architecture}_filter[] = {{
	""").format(architecture=architecture)

	footer = textwrap.dedent("""\

	}};

	const size_t {architecture}_filter_size = sizeof({architecture}_filter) / sizeof(struct sock_filter);
	""").format(architecture=architecture)
	output = header + "\n".join(bpf) + footer

	existing = ""
	if os.path.isfile(output_path):
	existing = open(output_path).read()
	if output == existing:
	print "File " + output_path + " not changed."
	else:
	with open(output_path, "w") as output_file:
	output_file.write(output)

	print "Generated file " + output_path


	def main():
	# Set working directory for predictable results
	os.chdir(os.path.join(os.environ["ANDROID_BUILD_TOP"], "bionic/libc"))
	construct_bpf("arm", "kernel/uapi/asm-arm", "seccomp/arm_policy.c")
	construct_bpf("arm64", "kernel/uapi/asm-arm64", "seccomp/arm64_policy.c")


	if __name__ == "__main__":
	main()