|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Seccomp Library
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* Copyright (c) 2019 Cisco Systems <pmoore2@cisco.com>
|
|
Packit |
56e23f |
* Copyright (c) 2012,2013 Red Hat <pmoore@redhat.com>
|
|
Packit |
56e23f |
* Author: Paul Moore <paul@paul-moore.com>
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/*
|
|
Packit |
56e23f |
* This library is free software; you can redistribute it and/or modify it
|
|
Packit |
56e23f |
* under the terms of version 2.1 of the GNU Lesser General Public License as
|
|
Packit |
56e23f |
* published by the Free Software Foundation.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This library is distributed in the hope that it will be useful, but WITHOUT
|
|
Packit |
56e23f |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
Packit |
56e23f |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
|
Packit |
56e23f |
* for more details.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit |
56e23f |
* along with this library; if not, see <http://www.gnu.org/licenses>.
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
#ifndef _SECCOMP_H
|
|
Packit |
56e23f |
#define _SECCOMP_H
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
#include <elf.h>
|
|
Packit |
56e23f |
#include <inttypes.h>
|
|
Packit |
56e23f |
#include <asm/unistd.h>
|
|
Packit |
56e23f |
#include <linux/audit.h>
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
#ifdef __cplusplus
|
|
Packit |
56e23f |
extern "C" {
|
|
Packit |
56e23f |
#endif
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/*
|
|
Packit |
56e23f |
* version information
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
#define SCMP_VER_MAJOR @VERSION_MAJOR@
|
|
Packit |
56e23f |
#define SCMP_VER_MINOR @VERSION_MINOR@
|
|
Packit |
56e23f |
#define SCMP_VER_MICRO @VERSION_MICRO@
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
struct scmp_version {
|
|
Packit |
56e23f |
unsigned int major;
|
|
Packit |
56e23f |
unsigned int minor;
|
|
Packit |
56e23f |
unsigned int micro;
|
|
Packit |
56e23f |
};
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/*
|
|
Packit |
56e23f |
* types
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Filter context/handle
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
typedef void *scmp_filter_ctx;
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Filter attributes
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
enum scmp_filter_attr {
|
|
Packit |
56e23f |
_SCMP_FLTATR_MIN = 0,
|
|
Packit |
56e23f |
SCMP_FLTATR_ACT_DEFAULT = 1, /**< default filter action */
|
|
Packit |
56e23f |
SCMP_FLTATR_ACT_BADARCH = 2, /**< bad architecture action */
|
|
Packit |
56e23f |
SCMP_FLTATR_CTL_NNP = 3, /**< set NO_NEW_PRIVS on filter load */
|
|
Packit |
56e23f |
SCMP_FLTATR_CTL_TSYNC = 4, /**< sync threads on filter load */
|
|
Packit |
56e23f |
SCMP_FLTATR_API_TSKIP = 5, /**< allow rules with a -1 syscall */
|
|
Packit |
56e23f |
SCMP_FLTATR_CTL_LOG = 6, /**< log not-allowed actions */
|
|
Packit |
56e23f |
_SCMP_FLTATR_MAX,
|
|
Packit |
56e23f |
};
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Comparison operators
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
enum scmp_compare {
|
|
Packit |
56e23f |
_SCMP_CMP_MIN = 0,
|
|
Packit |
56e23f |
SCMP_CMP_NE = 1, /**< not equal */
|
|
Packit |
56e23f |
SCMP_CMP_LT = 2, /**< less than */
|
|
Packit |
56e23f |
SCMP_CMP_LE = 3, /**< less than or equal */
|
|
Packit |
56e23f |
SCMP_CMP_EQ = 4, /**< equal */
|
|
Packit |
56e23f |
SCMP_CMP_GE = 5, /**< greater than or equal */
|
|
Packit |
56e23f |
SCMP_CMP_GT = 6, /**< greater than */
|
|
Packit |
56e23f |
SCMP_CMP_MASKED_EQ = 7, /**< masked equality */
|
|
Packit |
56e23f |
_SCMP_CMP_MAX,
|
|
Packit |
56e23f |
};
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Argument datum
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
typedef uint64_t scmp_datum_t;
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Argument / Value comparison definition
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
struct scmp_arg_cmp {
|
|
Packit |
56e23f |
unsigned int arg; /**< argument number, starting at 0 */
|
|
Packit |
56e23f |
enum scmp_compare op; /**< the comparison op, e.g. SCMP_CMP_* */
|
|
Packit |
56e23f |
scmp_datum_t datum_a;
|
|
Packit |
56e23f |
scmp_datum_t datum_b;
|
|
Packit |
56e23f |
};
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/*
|
|
Packit |
56e23f |
* macros/defines
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* The native architecture token
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_ARCH_NATIVE 0
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* The x86 (32-bit) architecture token
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_ARCH_X86 AUDIT_ARCH_I386
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* The x86-64 (64-bit) architecture token
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_ARCH_X86_64 AUDIT_ARCH_X86_64
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* The x32 (32-bit x86_64) architecture token
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* NOTE: this is different from the value used by the kernel because we need to
|
|
Packit |
56e23f |
* be able to distinguish between x32 and x86_64
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_ARCH_X32 (EM_X86_64|__AUDIT_ARCH_LE)
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* The ARM architecture tokens
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_ARCH_ARM AUDIT_ARCH_ARM
|
|
Packit |
56e23f |
/* AArch64 support for audit was merged in 3.17-rc1 */
|
|
Packit |
56e23f |
#ifndef AUDIT_ARCH_AARCH64
|
|
Packit |
56e23f |
#ifndef EM_AARCH64
|
|
Packit |
56e23f |
#define EM_AARCH64 183
|
|
Packit |
56e23f |
#endif /* EM_AARCH64 */
|
|
Packit |
56e23f |
#define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
|
|
Packit |
56e23f |
#endif /* AUDIT_ARCH_AARCH64 */
|
|
Packit |
56e23f |
#define SCMP_ARCH_AARCH64 AUDIT_ARCH_AARCH64
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* The MIPS architecture tokens
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#ifndef __AUDIT_ARCH_CONVENTION_MIPS64_N32
|
|
Packit |
56e23f |
#define __AUDIT_ARCH_CONVENTION_MIPS64_N32 0x20000000
|
|
Packit |
56e23f |
#endif
|
|
Packit |
56e23f |
#ifndef EM_MIPS
|
|
Packit |
56e23f |
#define EM_MIPS 8
|
|
Packit |
56e23f |
#endif
|
|
Packit |
56e23f |
#ifndef AUDIT_ARCH_MIPS
|
|
Packit |
56e23f |
#define AUDIT_ARCH_MIPS (EM_MIPS)
|
|
Packit |
56e23f |
#endif
|
|
Packit |
56e23f |
#ifndef AUDIT_ARCH_MIPS64
|
|
Packit |
56e23f |
#define AUDIT_ARCH_MIPS64 (EM_MIPS|__AUDIT_ARCH_64BIT)
|
|
Packit |
56e23f |
#endif
|
|
Packit |
56e23f |
/* MIPS64N32 support was merged in 3.15 */
|
|
Packit |
56e23f |
#ifndef AUDIT_ARCH_MIPS64N32
|
|
Packit |
56e23f |
#define AUDIT_ARCH_MIPS64N32 (EM_MIPS|__AUDIT_ARCH_64BIT|\
|
|
Packit |
56e23f |
__AUDIT_ARCH_CONVENTION_MIPS64_N32)
|
|
Packit |
56e23f |
#endif
|
|
Packit |
56e23f |
/* MIPSEL64N32 support was merged in 3.15 */
|
|
Packit |
56e23f |
#ifndef AUDIT_ARCH_MIPSEL64N32
|
|
Packit |
56e23f |
#define AUDIT_ARCH_MIPSEL64N32 (EM_MIPS|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE|\
|
|
Packit |
56e23f |
__AUDIT_ARCH_CONVENTION_MIPS64_N32)
|
|
Packit |
56e23f |
#endif
|
|
Packit |
56e23f |
#define SCMP_ARCH_MIPS AUDIT_ARCH_MIPS
|
|
Packit |
56e23f |
#define SCMP_ARCH_MIPS64 AUDIT_ARCH_MIPS64
|
|
Packit |
56e23f |
#define SCMP_ARCH_MIPS64N32 AUDIT_ARCH_MIPS64N32
|
|
Packit |
56e23f |
#define SCMP_ARCH_MIPSEL AUDIT_ARCH_MIPSEL
|
|
Packit |
56e23f |
#define SCMP_ARCH_MIPSEL64 AUDIT_ARCH_MIPSEL64
|
|
Packit |
56e23f |
#define SCMP_ARCH_MIPSEL64N32 AUDIT_ARCH_MIPSEL64N32
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* The PowerPC architecture tokens
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_ARCH_PPC AUDIT_ARCH_PPC
|
|
Packit |
56e23f |
#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64
|
|
Packit |
56e23f |
#ifndef AUDIT_ARCH_PPC64LE
|
|
Packit |
56e23f |
#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
|
|
Packit |
56e23f |
#endif
|
|
Packit |
56e23f |
#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* The S390 architecture tokens
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_ARCH_S390 AUDIT_ARCH_S390
|
|
Packit |
56e23f |
#define SCMP_ARCH_S390X AUDIT_ARCH_S390X
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* The PA-RISC hppa architecture tokens
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_ARCH_PARISC AUDIT_ARCH_PARISC
|
|
Packit |
56e23f |
#define SCMP_ARCH_PARISC64 AUDIT_ARCH_PARISC64
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Convert a syscall name into the associated syscall number
|
|
Packit |
56e23f |
* @param x the syscall name
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_SYS(x) (__SNR_##x)
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/* Helpers for the argument comparison macros, DO NOT USE directly */
|
|
Packit |
56e23f |
#define _SCMP_VA_NUM_ARGS(...) _SCMP_VA_NUM_ARGS_IMPL(__VA_ARGS__,2,1)
|
|
Packit |
56e23f |
#define _SCMP_VA_NUM_ARGS_IMPL(_1,_2,N,...) N
|
|
Packit |
56e23f |
#define _SCMP_MACRO_DISPATCHER(func, ...) \
|
|
Packit |
56e23f |
_SCMP_MACRO_DISPATCHER_IMPL1(func, _SCMP_VA_NUM_ARGS(__VA_ARGS__))
|
|
Packit |
56e23f |
#define _SCMP_MACRO_DISPATCHER_IMPL1(func, nargs) \
|
|
Packit |
56e23f |
_SCMP_MACRO_DISPATCHER_IMPL2(func, nargs)
|
|
Packit |
56e23f |
#define _SCMP_MACRO_DISPATCHER_IMPL2(func, nargs) \
|
|
Packit |
56e23f |
func ## nargs
|
|
Packit |
56e23f |
#define _SCMP_CMP32_1(x, y, z) \
|
|
Packit |
56e23f |
SCMP_CMP64(x, y, (uint32_t)(z))
|
|
Packit |
56e23f |
#define _SCMP_CMP32_2(x, y, z, q) \
|
|
Packit |
56e23f |
SCMP_CMP64(x, y, (uint32_t)(z), (uint32_t)(q))
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Specify a 64-bit argument comparison struct for use in declaring rules
|
|
Packit |
56e23f |
* @param arg the argument number, starting at 0
|
|
Packit |
56e23f |
* @param op the comparison operator, e.g. SCMP_CMP_*
|
|
Packit |
56e23f |
* @param datum_a dependent on comparison
|
|
Packit |
56e23f |
* @param datum_b dependent on comparison, optional
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_CMP64(...) ((struct scmp_arg_cmp){__VA_ARGS__})
|
|
Packit |
56e23f |
#define SCMP_CMP SCMP_CMP64
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Specify a 32-bit argument comparison struct for use in declaring rules
|
|
Packit |
56e23f |
* @param arg the argument number, starting at 0
|
|
Packit |
56e23f |
* @param op the comparison operator, e.g. SCMP_CMP_*
|
|
Packit |
56e23f |
* @param datum_a dependent on comparison (32-bits)
|
|
Packit |
56e23f |
* @param datum_b dependent on comparison, optional (32-bits)
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_CMP32(x, y, ...) \
|
|
Packit |
56e23f |
_SCMP_MACRO_DISPATCHER(_SCMP_CMP32_, __VA_ARGS__)(x, y, __VA_ARGS__)
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Specify a 64-bit argument comparison struct for argument 0
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_A0_64(...) SCMP_CMP64(0, __VA_ARGS__)
|
|
Packit |
56e23f |
#define SCMP_A0 SCMP_A0_64
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Specify a 32-bit argument comparison struct for argument 0
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_A0_32(x, ...) SCMP_CMP32(0, x, __VA_ARGS__)
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Specify a 64-bit argument comparison struct for argument 1
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_A1_64(...) SCMP_CMP64(1, __VA_ARGS__)
|
|
Packit |
56e23f |
#define SCMP_A1 SCMP_A1_64
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Specify a 32-bit argument comparison struct for argument 1
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_A1_32(x, ...) SCMP_CMP32(1, x, __VA_ARGS__)
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Specify a 64-bit argument comparison struct for argument 2
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_A2_64(...) SCMP_CMP64(2, __VA_ARGS__)
|
|
Packit |
56e23f |
#define SCMP_A2 SCMP_A2_64
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Specify a 32-bit argument comparison struct for argument 2
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_A2_32(x, ...) SCMP_CMP32(2, x, __VA_ARGS__)
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Specify a 64-bit argument comparison struct for argument 3
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_A3_64(...) SCMP_CMP64(3, __VA_ARGS__)
|
|
Packit |
56e23f |
#define SCMP_A3 SCMP_A3_64
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Specify a 32-bit argument comparison struct for argument 3
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_A3_32(x, ...) SCMP_CMP32(3, x, __VA_ARGS__)
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Specify a 64-bit argument comparison struct for argument 4
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_A4_64(...) SCMP_CMP64(4, __VA_ARGS__)
|
|
Packit |
56e23f |
#define SCMP_A4 SCMP_A4_64
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Specify a 32-bit argument comparison struct for argument 4
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_A4_32(x, ...) SCMP_CMP32(4, x, __VA_ARGS__)
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Specify a 64-bit argument comparison struct for argument 5
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_A5_64(...) SCMP_CMP64(5, __VA_ARGS__)
|
|
Packit |
56e23f |
#define SCMP_A5 SCMP_A5_64
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Specify a 32-bit argument comparison struct for argument 5
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_A5_32(x, ...) SCMP_CMP32(5, x, __VA_ARGS__)
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/*
|
|
Packit |
56e23f |
* seccomp actions
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Kill the process
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_ACT_KILL_PROCESS 0x80000000U
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Kill the thread
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_ACT_KILL_THREAD 0x00000000U
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Kill the thread, defined for backward compatibility
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_ACT_KILL SCMP_ACT_KILL_THREAD
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Throw a SIGSYS signal
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_ACT_TRAP 0x00030000U
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Return the specified error code
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_ACT_ERRNO(x) (0x00050000U | ((x) & 0x0000ffffU))
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Notify a tracing process with the specified value
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_ACT_TRACE(x) (0x7ff00000U | ((x) & 0x0000ffffU))
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Allow the syscall to be executed after the action has been logged
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_ACT_LOG 0x7ffc0000U
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Allow the syscall to be executed
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
#define SCMP_ACT_ALLOW 0x7fff0000U
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/*
|
|
Packit |
56e23f |
* functions
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Query the library version information
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function returns a pointer to a populated scmp_version struct, the
|
|
Packit |
56e23f |
* caller does not need to free the structure when finished.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
const struct scmp_version *seccomp_version(void);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Query the library's level of API support
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function returns an API level value indicating the current supported
|
|
Packit |
56e23f |
* functionality. It is important to note that this level of support is
|
|
Packit |
56e23f |
* determined at runtime and therefore can change based on the running kernel
|
|
Packit |
56e23f |
* and system configuration (e.g. any previously loaded seccomp filters). This
|
|
Packit |
56e23f |
* function can be called multiple times, but it only queries the system the
|
|
Packit |
56e23f |
* first time it is called, the API level is cached and used in subsequent
|
|
Packit |
56e23f |
* calls.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* The current API levels are described below:
|
|
Packit |
56e23f |
* 0 : reserved
|
|
Packit |
56e23f |
* 1 : base level
|
|
Packit |
56e23f |
* 2 : support for the SCMP_FLTATR_CTL_TSYNC filter attribute
|
|
Packit |
56e23f |
* uses the seccomp(2) syscall instead of the prctl(2) syscall
|
|
Packit |
56e23f |
* 3 : support for the SCMP_FLTATR_CTL_LOG filter attribute
|
|
Packit |
56e23f |
* support for the SCMP_ACT_LOG action
|
|
Packit |
56e23f |
* support for the SCMP_ACT_KILL_PROCESS action
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
unsigned int seccomp_api_get(void);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Set the library's level of API support
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function forcibly sets the API level of the library at runtime. Valid
|
|
Packit |
56e23f |
* API levels are discussed in the description of the seccomp_api_get()
|
|
Packit |
56e23f |
* function. General use of this function is strongly discouraged.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_api_set(unsigned int level);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Initialize the filter state
|
|
Packit |
56e23f |
* @param def_action the default filter action
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function initializes the internal seccomp filter state and should
|
|
Packit |
56e23f |
* be called before any other functions in this library to ensure the filter
|
|
Packit |
56e23f |
* state is initialized. Returns a filter context on success, NULL on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
scmp_filter_ctx seccomp_init(uint32_t def_action);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Reset the filter state
|
|
Packit |
56e23f |
* @param ctx the filter context
|
|
Packit |
56e23f |
* @param def_action the default filter action
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function resets the given seccomp filter state and ensures the
|
|
Packit |
56e23f |
* filter state is reinitialized. This function does not reset any seccomp
|
|
Packit |
56e23f |
* filters already loaded into the kernel. Returns zero on success, negative
|
|
Packit |
56e23f |
* values on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_reset(scmp_filter_ctx ctx, uint32_t def_action);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Destroys the filter state and releases any resources
|
|
Packit |
56e23f |
* @param ctx the filter context
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This functions destroys the given seccomp filter state and releases any
|
|
Packit |
56e23f |
* resources, including memory, associated with the filter state. This
|
|
Packit |
56e23f |
* function does not reset any seccomp filters already loaded into the kernel.
|
|
Packit |
56e23f |
* The filter context can no longer be used after calling this function.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
void seccomp_release(scmp_filter_ctx ctx);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Merge two filters
|
|
Packit |
56e23f |
* @param ctx_dst the destination filter context
|
|
Packit |
56e23f |
* @param ctx_src the source filter context
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function merges two filter contexts into a single filter context and
|
|
Packit |
56e23f |
* destroys the second filter context. The two filter contexts must have the
|
|
Packit |
56e23f |
* same attribute values and not contain any of the same architectures; if they
|
|
Packit |
56e23f |
* do, the merge operation will fail. On success, the source filter context
|
|
Packit |
56e23f |
* will be destroyed and should no longer be used; it is not necessary to
|
|
Packit |
56e23f |
* call seccomp_release() on the source filter context. Returns zero on
|
|
Packit |
56e23f |
* success, negative values on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_merge(scmp_filter_ctx ctx_dst, scmp_filter_ctx ctx_src);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Resolve the architecture name to a architecture token
|
|
Packit |
56e23f |
* @param arch_name the architecture name
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function resolves the given architecture name to a token suitable for
|
|
Packit |
56e23f |
* use with libseccomp, returns zero on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
uint32_t seccomp_arch_resolve_name(const char *arch_name);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Return the native architecture token
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function returns the native architecture token value, e.g. SCMP_ARCH_*.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
uint32_t seccomp_arch_native(void);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Check to see if an existing architecture is present in the filter
|
|
Packit |
56e23f |
* @param ctx the filter context
|
|
Packit |
56e23f |
* @param arch_token the architecture token, e.g. SCMP_ARCH_*
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function tests to see if a given architecture is included in the filter
|
|
Packit |
56e23f |
* context. If the architecture token is SCMP_ARCH_NATIVE then the native
|
|
Packit |
56e23f |
* architecture will be assumed. Returns zero if the architecture exists in
|
|
Packit |
56e23f |
* the filter, -EEXIST if it is not present, and other negative values on
|
|
Packit |
56e23f |
* failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_arch_exist(const scmp_filter_ctx ctx, uint32_t arch_token);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Adds an architecture to the filter
|
|
Packit |
56e23f |
* @param ctx the filter context
|
|
Packit |
56e23f |
* @param arch_token the architecture token, e.g. SCMP_ARCH_*
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function adds a new architecture to the given seccomp filter context.
|
|
Packit |
56e23f |
* Any new rules added after this function successfully returns will be added
|
|
Packit |
56e23f |
* to this architecture but existing rules will not be added to this
|
|
Packit |
56e23f |
* architecture. If the architecture token is SCMP_ARCH_NATIVE then the native
|
|
Packit |
56e23f |
* architecture will be assumed. Returns zero on success, -EEXIST if
|
|
Packit |
56e23f |
* specified architecture is already present, other negative values on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_arch_add(scmp_filter_ctx ctx, uint32_t arch_token);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Removes an architecture from the filter
|
|
Packit |
56e23f |
* @param ctx the filter context
|
|
Packit |
56e23f |
* @param arch_token the architecture token, e.g. SCMP_ARCH_*
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function removes an architecture from the given seccomp filter context.
|
|
Packit |
56e23f |
* If the architecture token is SCMP_ARCH_NATIVE then the native architecture
|
|
Packit |
56e23f |
* will be assumed. Returns zero on success, negative values on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_arch_remove(scmp_filter_ctx ctx, uint32_t arch_token);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Loads the filter into the kernel
|
|
Packit |
56e23f |
* @param ctx the filter context
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function loads the given seccomp filter context into the kernel. If
|
|
Packit |
56e23f |
* the filter was loaded correctly, the kernel will be enforcing the filter
|
|
Packit |
56e23f |
* when this function returns. Returns zero on success, negative values on
|
|
Packit |
56e23f |
* error.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_load(const scmp_filter_ctx ctx);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Get the value of a filter attribute
|
|
Packit |
56e23f |
* @param ctx the filter context
|
|
Packit |
56e23f |
* @param attr the filter attribute name
|
|
Packit |
56e23f |
* @param value the filter attribute value
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function fetches the value of the given attribute name and returns it
|
|
Packit |
56e23f |
* via @value. Returns zero on success, negative values on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_attr_get(const scmp_filter_ctx ctx,
|
|
Packit |
56e23f |
enum scmp_filter_attr attr, uint32_t *value);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Set the value of a filter attribute
|
|
Packit |
56e23f |
* @param ctx the filter context
|
|
Packit |
56e23f |
* @param attr the filter attribute name
|
|
Packit |
56e23f |
* @param value the filter attribute value
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function sets the value of the given attribute. Returns zero on
|
|
Packit |
56e23f |
* success, negative values on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_attr_set(scmp_filter_ctx ctx,
|
|
Packit |
56e23f |
enum scmp_filter_attr attr, uint32_t value);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Resolve a syscall number to a name
|
|
Packit |
56e23f |
* @param arch_token the architecture token, e.g. SCMP_ARCH_*
|
|
Packit |
56e23f |
* @param num the syscall number
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* Resolve the given syscall number to the syscall name for the given
|
|
Packit |
56e23f |
* architecture; it is up to the caller to free the returned string. Returns
|
|
Packit |
56e23f |
* the syscall name on success, NULL on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
char *seccomp_syscall_resolve_num_arch(uint32_t arch_token, int num);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Resolve a syscall name to a number
|
|
Packit |
56e23f |
* @param arch_token the architecture token, e.g. SCMP_ARCH_*
|
|
Packit |
56e23f |
* @param name the syscall name
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* Resolve the given syscall name to the syscall number for the given
|
|
Packit |
56e23f |
* architecture. Returns the syscall number on success, including negative
|
|
Packit |
56e23f |
* pseudo syscall numbers (e.g. __PNR_*); returns __NR_SCMP_ERROR on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_syscall_resolve_name_arch(uint32_t arch_token, const char *name);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Resolve a syscall name to a number and perform any rewriting necessary
|
|
Packit |
56e23f |
* @param arch_token the architecture token, e.g. SCMP_ARCH_*
|
|
Packit |
56e23f |
* @param name the syscall name
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* Resolve the given syscall name to the syscall number for the given
|
|
Packit |
56e23f |
* architecture and do any necessary syscall rewriting needed by the
|
|
Packit |
56e23f |
* architecture. Returns the syscall number on success, including negative
|
|
Packit |
56e23f |
* pseudo syscall numbers (e.g. __PNR_*); returns __NR_SCMP_ERROR on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_syscall_resolve_name_rewrite(uint32_t arch_token, const char *name);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Resolve a syscall name to a number
|
|
Packit |
56e23f |
* @param name the syscall name
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* Resolve the given syscall name to the syscall number. Returns the syscall
|
|
Packit |
56e23f |
* number on success, including negative pseudo syscall numbers (e.g. __PNR_*);
|
|
Packit |
56e23f |
* returns __NR_SCMP_ERROR on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_syscall_resolve_name(const char *name);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Set the priority of a given syscall
|
|
Packit |
56e23f |
* @param ctx the filter context
|
|
Packit |
56e23f |
* @param syscall the syscall number
|
|
Packit |
56e23f |
* @param priority priority value, higher value == higher priority
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function sets the priority of the given syscall; this value is used
|
|
Packit |
56e23f |
* when generating the seccomp filter code such that higher priority syscalls
|
|
Packit |
56e23f |
* will incur less filter code overhead than the lower priority syscalls in the
|
|
Packit |
56e23f |
* filter. Returns zero on success, negative values on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_syscall_priority(scmp_filter_ctx ctx,
|
|
Packit |
56e23f |
int syscall, uint8_t priority);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Add a new rule to the filter
|
|
Packit |
56e23f |
* @param ctx the filter context
|
|
Packit |
56e23f |
* @param action the filter action
|
|
Packit |
56e23f |
* @param syscall the syscall number
|
|
Packit |
56e23f |
* @param arg_cnt the number of argument filters in the argument filter chain
|
|
Packit |
56e23f |
* @param ... scmp_arg_cmp structs (use of SCMP_ARG_CMP() recommended)
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function adds a series of new argument/value checks to the seccomp
|
|
Packit |
56e23f |
* filter for the given syscall; multiple argument/value checks can be
|
|
Packit |
56e23f |
* specified and they will be chained together (AND'd together) in the filter.
|
|
Packit |
56e23f |
* If the specified rule needs to be adjusted due to architecture specifics it
|
|
Packit |
56e23f |
* will be adjusted without notification. Returns zero on success, negative
|
|
Packit |
56e23f |
* values on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_rule_add(scmp_filter_ctx ctx,
|
|
Packit |
56e23f |
uint32_t action, int syscall, unsigned int arg_cnt, ...);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Add a new rule to the filter
|
|
Packit |
56e23f |
* @param ctx the filter context
|
|
Packit |
56e23f |
* @param action the filter action
|
|
Packit |
56e23f |
* @param syscall the syscall number
|
|
Packit |
56e23f |
* @param arg_cnt the number of elements in the arg_array parameter
|
|
Packit |
56e23f |
* @param arg_array array of scmp_arg_cmp structs
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function adds a series of new argument/value checks to the seccomp
|
|
Packit |
56e23f |
* filter for the given syscall; multiple argument/value checks can be
|
|
Packit |
56e23f |
* specified and they will be chained together (AND'd together) in the filter.
|
|
Packit |
56e23f |
* If the specified rule needs to be adjusted due to architecture specifics it
|
|
Packit |
56e23f |
* will be adjusted without notification. Returns zero on success, negative
|
|
Packit |
56e23f |
* values on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_rule_add_array(scmp_filter_ctx ctx,
|
|
Packit |
56e23f |
uint32_t action, int syscall, unsigned int arg_cnt,
|
|
Packit |
56e23f |
const struct scmp_arg_cmp *arg_array);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Add a new rule to the filter
|
|
Packit |
56e23f |
* @param ctx the filter context
|
|
Packit |
56e23f |
* @param action the filter action
|
|
Packit |
56e23f |
* @param syscall the syscall number
|
|
Packit |
56e23f |
* @param arg_cnt the number of argument filters in the argument filter chain
|
|
Packit |
56e23f |
* @param ... scmp_arg_cmp structs (use of SCMP_ARG_CMP() recommended)
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function adds a series of new argument/value checks to the seccomp
|
|
Packit |
56e23f |
* filter for the given syscall; multiple argument/value checks can be
|
|
Packit |
56e23f |
* specified and they will be chained together (AND'd together) in the filter.
|
|
Packit |
56e23f |
* If the specified rule can not be represented on the architecture the
|
|
Packit |
56e23f |
* function will fail. Returns zero on success, negative values on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_rule_add_exact(scmp_filter_ctx ctx, uint32_t action,
|
|
Packit |
56e23f |
int syscall, unsigned int arg_cnt, ...);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Add a new rule to the filter
|
|
Packit |
56e23f |
* @param ctx the filter context
|
|
Packit |
56e23f |
* @param action the filter action
|
|
Packit |
56e23f |
* @param syscall the syscall number
|
|
Packit |
56e23f |
* @param arg_cnt the number of elements in the arg_array parameter
|
|
Packit |
56e23f |
* @param arg_array array of scmp_arg_cmp structs
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function adds a series of new argument/value checks to the seccomp
|
|
Packit |
56e23f |
* filter for the given syscall; multiple argument/value checks can be
|
|
Packit |
56e23f |
* specified and they will be chained together (AND'd together) in the filter.
|
|
Packit |
56e23f |
* If the specified rule can not be represented on the architecture the
|
|
Packit |
56e23f |
* function will fail. Returns zero on success, negative values on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_rule_add_exact_array(scmp_filter_ctx ctx,
|
|
Packit |
56e23f |
uint32_t action, int syscall,
|
|
Packit |
56e23f |
unsigned int arg_cnt,
|
|
Packit |
56e23f |
const struct scmp_arg_cmp *arg_array);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Generate seccomp Pseudo Filter Code (PFC) and export it to a file
|
|
Packit |
56e23f |
* @param ctx the filter context
|
|
Packit |
56e23f |
* @param fd the destination fd
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function generates seccomp Pseudo Filter Code (PFC) and writes it to
|
|
Packit |
56e23f |
* the given fd. Returns zero on success, negative values on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_export_pfc(const scmp_filter_ctx ctx, int fd);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/**
|
|
Packit |
56e23f |
* Generate seccomp Berkley Packet Filter (BPF) code and export it to a file
|
|
Packit |
56e23f |
* @param ctx the filter context
|
|
Packit |
56e23f |
* @param fd the destination fd
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
* This function generates seccomp Berkley Packer Filter (BPF) code and writes
|
|
Packit |
56e23f |
* it to the given fd. Returns zero on success, negative values on failure.
|
|
Packit |
56e23f |
*
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd);
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/*
|
|
Packit |
56e23f |
* pseudo syscall definitions
|
|
Packit |
56e23f |
*/
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
/* NOTE - pseudo syscall values {-1..-99} are reserved */
|
|
Packit |
56e23f |
#define __NR_SCMP_ERROR -1
|
|
Packit |
56e23f |
#define __NR_SCMP_UNDEF -2
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
#include <seccomp-syscalls.h>
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
#ifdef __cplusplus
|
|
Packit |
56e23f |
}
|
|
Packit |
56e23f |
#endif
|
|
Packit |
56e23f |
|
|
Packit |
56e23f |
#endif
|