Add seccomp.bpf_stmt() method to Python api.

Allows a developer to create their own statements, the bpf_jmp equivalent may follow later if I need it.
2019-10-07 13:44:31 +02:00 · 2019-10-07 13:44:31 +02:00 · 3dcf94d1ae
parent 0eb11794f5
commit 3dcf94d1ae
2 changed files with 29 additions and 0 deletions
--- a/include/kore/python_methods.h
+++ b/include/kore/python_methods.h
@ -151,8 +151,11 @@ static PyObject	*pyseccomp_deny_flag(struct pyseccomp *,
 static PyObject	*pyseccomp_deny_mask(struct pyseccomp *,
 		    PyObject *, PyObject *);

+static PyObject	*pyseccomp_bpf_stmt(struct pyseccomp *, PyObject *);
+
 static PyMethodDef pyseccomp_methods[] = {
 	METHOD("allow", pyseccomp_allow, METH_VARARGS),
+	METHOD("bpf_stmt", pyseccomp_bpf_stmt, METH_VARARGS),
 	METHOD("allow_arg", pyseccomp_allow_arg, METH_VARARGS),
 	METHOD("allow_flag", pyseccomp_allow_flag, METH_VARARGS),
 	METHOD("allow_mask", pyseccomp_allow_mask, METH_VARARGS),
--- a/src/python.c
+++ b/src/python.c
@ -529,6 +529,32 @@ pyseccomp_dealloc(struct pyseccomp *seccomp)
 	seccomp->filters = NULL;
 }

+static PyObject *
+pyseccomp_bpf_stmt(struct pyseccomp *seccomp, PyObject *args)
+{
+	u_int32_t		k;
+	u_int16_t		code;
+	size_t			len, off;
+	struct sock_filter	filter[1];
+
+	if (!PyArg_ParseTuple(args, "HI", &code, &k))
+		return (NULL);
+
+	filter[0].k = k;
+	filter[0].jt = 0;
+	filter[0].jf = 0;
+	filter[0].code = code;
+
+	len = sizeof(struct sock_filter);
+	off = seccomp->elm * sizeof(struct sock_filter);
+	seccomp->filters = kore_realloc(seccomp->filters, off + len);
+
+	memcpy(seccomp->filters + off, filter, len);
+	seccomp->elm += 1;
+
+	Py_RETURN_NONE;
+}
+
 static PyObject *
 pyseccomp_allow(struct pyseccomp *seccomp, PyObject *args)
 {