aboutsummaryrefslogtreecommitdiff
path: root/frida_mode/src/seccomp
diff options
context:
space:
mode:
Diffstat (limited to 'frida_mode/src/seccomp')
-rw-r--r--frida_mode/src/seccomp/seccomp.c8
-rw-r--r--frida_mode/src/seccomp/seccomp_atomic.c4
-rw-r--r--frida_mode/src/seccomp/seccomp_callback.c23
-rw-r--r--frida_mode/src/seccomp/seccomp_child.c7
-rw-r--r--frida_mode/src/seccomp/seccomp_event.c11
-rw-r--r--frida_mode/src/seccomp/seccomp_filter.c24
-rw-r--r--frida_mode/src/seccomp/seccomp_socket.c23
-rw-r--r--frida_mode/src/seccomp/seccomp_syscall.c7
8 files changed, 49 insertions, 58 deletions
diff --git a/frida_mode/src/seccomp/seccomp.c b/frida_mode/src/seccomp/seccomp.c
index 99111591..9d8fdd5d 100644
--- a/frida_mode/src/seccomp/seccomp.c
+++ b/frida_mode/src/seccomp/seccomp.c
@@ -1,7 +1,5 @@
#include "frida-gumjs.h"
-#include "debug.h"
-
#include "seccomp.h"
#include "util.h"
@@ -12,7 +10,7 @@ void seccomp_on_fork(void) {
if (seccomp_filename == NULL) { return; }
#ifdef __APPLE__
- FATAL("Seccomp not supported on OSX");
+ FFATAL("Seccomp not supported on OSX");
#else
seccomp_callback_parent();
#endif
@@ -27,12 +25,12 @@ void seccomp_config(void) {
void seccomp_init(void) {
- OKF("Seccomp - file [%s]", seccomp_filename);
+ FOKF("Seccomp - file [%s]", seccomp_filename);
if (seccomp_filename == NULL) { return; }
#ifdef __APPLE__
- FATAL("Seccomp not supported on OSX");
+ FFATAL("Seccomp not supported on OSX");
#else
seccomp_callback_initialize();
#endif
diff --git a/frida_mode/src/seccomp/seccomp_atomic.c b/frida_mode/src/seccomp/seccomp_atomic.c
index c2042f97..18cb6724 100644
--- a/frida_mode/src/seccomp/seccomp_atomic.c
+++ b/frida_mode/src/seccomp/seccomp_atomic.c
@@ -3,13 +3,13 @@
#include <stdbool.h>
#include <stdio.h>
- #include "debug.h"
+ #include "util.h"
void seccomp_atomic_set(volatile bool *ptr, bool val) {
if (!__sync_bool_compare_and_swap(ptr, !val, val)) {
- FATAL("Failed to set event");
+ FFATAL("Failed to set event");
}
diff --git a/frida_mode/src/seccomp/seccomp_callback.c b/frida_mode/src/seccomp/seccomp_callback.c
index ac0fb8bb..f7aaf78b 100644
--- a/frida_mode/src/seccomp/seccomp_callback.c
+++ b/frida_mode/src/seccomp/seccomp_callback.c
@@ -6,8 +6,7 @@
#include <fcntl.h>
#include "seccomp.h"
-
- #include "debug.h"
+ #include "util.h"
static void seccomp_callback_filter(struct seccomp_notif * req,
struct seccomp_notif_resp *resp,
@@ -35,7 +34,7 @@ static void seccomp_callback_filter(struct seccomp_notif * req,
#if !defined(__MUSL__)
seccomp_print("FRAMES: (%u)\n", frames->len);
char **syms = backtrace_symbols(frames->items, frames->len);
- if (syms == NULL) { FATAL("Failed to get symbols"); }
+ if (syms == NULL) { FFATAL("Failed to get symbols"); }
for (guint i = 0; i < frames->len; i++) {
@@ -84,7 +83,7 @@ static void seccomp_callback_child(int signal_parent, void *ctx) {
int sock_fd = *((int *)ctx);
int fd = seccomp_socket_recv(sock_fd);
- if (close(sock_fd) < 0) { FATAL("child - close"); }
+ if (close(sock_fd) < 0) { FFATAL("child - close"); }
seccomp_event_signal(signal_parent);
seccomp_filter_child_install();
@@ -101,18 +100,18 @@ void seccomp_callback_parent(void) {
seccomp_socket_create(sock);
seccomp_child_run(seccomp_callback_child, sock, &child, &child_fd);
- if (dup2(child_fd, SECCOMP_PARENT_EVENT_FD) < 0) { FATAL("dup2"); }
+ if (dup2(child_fd, SECCOMP_PARENT_EVENT_FD) < 0) { FFATAL("dup2"); }
- if (close(child_fd) < 0) { FATAL("seccomp_on_fork - close (1)"); }
+ if (close(child_fd) < 0) { FFATAL("seccomp_on_fork - close (1)"); }
- if (close(sock[STDIN_FILENO]) < 0) { FATAL("grandparent - close (2)"); }
+ if (close(sock[STDIN_FILENO]) < 0) { FFATAL("grandparent - close (2)"); }
int fd = seccomp_filter_install(child);
seccomp_socket_send(sock[STDOUT_FILENO], fd);
- if (close(sock[STDOUT_FILENO]) < 0) { FATAL("grandparent - close (3)"); }
+ if (close(sock[STDOUT_FILENO]) < 0) { FFATAL("grandparent - close (3)"); }
- if (close(fd) < 0) { FATAL("grandparent - close (4)"); }
+ if (close(fd) < 0) { FFATAL("grandparent - close (4)"); }
seccomp_child_wait(SECCOMP_PARENT_EVENT_FD);
@@ -125,18 +124,18 @@ void seccomp_callback_initialize(void) {
path = g_canonicalize_filename(seccomp_filename, g_get_current_dir());
- OKF("Seccomp - path [%s]", path);
+ FOKF("Seccomp - path [%s]", path);
fd = open(path, O_RDWR | O_CREAT | O_TRUNC,
S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
if (dup2(fd, SECCOMP_OUTPUT_FILE_FD) < 0) {
- FATAL("Failed to duplicate seccomp output file");
+ FFATAL("Failed to duplicate seccomp output file");
}
- if (close(fd) < 0) { FATAL("Failed to close seccomp output file fd"); }
+ if (close(fd) < 0) { FFATAL("Failed to close seccomp output file fd"); }
g_free(path);
diff --git a/frida_mode/src/seccomp/seccomp_child.c b/frida_mode/src/seccomp/seccomp_child.c
index 43a79894..c02ef67c 100644
--- a/frida_mode/src/seccomp/seccomp_child.c
+++ b/frida_mode/src/seccomp/seccomp_child.c
@@ -10,9 +10,8 @@
#include <sys/types.h>
#include <unistd.h>
- #include "debug.h"
-
#include "seccomp.h"
+ #include "util.h"
#define SECCOMP_CHILD_STACK_SIZE (1UL << 20)
@@ -51,11 +50,11 @@ void seccomp_child_run(seccomp_child_func_t child_func, void *ctx, pid_t *child,
char *stack =
(char *)mmap(NULL, SECCOMP_CHILD_STACK_SIZE, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
- if (stack == MAP_FAILED) { FATAL("mmap"); }
+ if (stack == MAP_FAILED) { FFATAL("mmap"); }
pid_t child_pid = clone(seccomp_child_func, &stack[SECCOMP_CHILD_STACK_SIZE],
flags, child_ctx, NULL, NULL, NULL);
- if (child_pid < 0) { FATAL("clone"); }
+ if (child_pid < 0) { FFATAL("clone"); }
if (child != NULL) { *child = child_pid; }
if (event_fd != NULL) { *event_fd = fd; }
diff --git a/frida_mode/src/seccomp/seccomp_event.c b/frida_mode/src/seccomp/seccomp_event.c
index e2f592ca..aca0967a 100644
--- a/frida_mode/src/seccomp/seccomp_event.c
+++ b/frida_mode/src/seccomp/seccomp_event.c
@@ -5,14 +5,13 @@
#include <sys/syscall.h>
#include <unistd.h>
- #include "debug.h"
-
#include "seccomp.h"
+ #include "util.h"
int seccomp_event_create(void) {
int fd = syscall(SYS_eventfd, 0, 0);
- if (fd < 0) { FATAL("seccomp_event_create"); }
+ if (fd < 0) { FFATAL("seccomp_event_create"); }
return fd;
}
@@ -22,7 +21,7 @@ void seccomp_event_signal(int fd) {
uint64_t val = 1;
if (write(fd, &val, sizeof(uint64_t)) != sizeof(uint64_t)) {
- FATAL("seccomp_event_signal");
+ FFATAL("seccomp_event_signal");
}
@@ -33,7 +32,7 @@ void seccomp_event_wait(int fd) {
uint64_t val = 1;
if (read(fd, &val, sizeof(uint64_t)) != sizeof(uint64_t)) {
- FATAL("seccomp_event_wait");
+ FFATAL("seccomp_event_wait");
}
@@ -41,7 +40,7 @@ void seccomp_event_wait(int fd) {
void seccomp_event_destroy(int fd) {
- if (close(fd) < 0) { FATAL("seccomp_event_destroy"); }
+ if (close(fd) < 0) { FFATAL("seccomp_event_destroy"); }
}
diff --git a/frida_mode/src/seccomp/seccomp_filter.c b/frida_mode/src/seccomp/seccomp_filter.c
index 0dcc4cbb..a7c0926c 100644
--- a/frida_mode/src/seccomp/seccomp_filter.c
+++ b/frida_mode/src/seccomp/seccomp_filter.c
@@ -17,8 +17,6 @@
#include <string.h>
#include <unistd.h>
- #include "debug.h"
-
#include "frida-gumjs.h"
#include "seccomp.h"
@@ -159,7 +157,7 @@ static void seccomp_filter_parent_handler(int sig, siginfo_t *info,
if (syscall(SYS_tgkill, seccomp_filter_child, seccomp_filter_child, SIGUSR1) <
0) {
- FATAL("kill");
+ FFATAL("kill");
}
@@ -172,7 +170,7 @@ void seccomp_filter_child_install(void) {
const struct sigaction sa = {.sa_sigaction = seccomp_filter_child_handler,
.sa_flags = SA_SIGINFO | SA_RESTART};
- if (sigaction(SIGUSR1, &sa, NULL) < 0) { FATAL("sigaction"); }
+ if (sigaction(SIGUSR1, &sa, NULL) < 0) { FFATAL("sigaction"); }
}
@@ -187,17 +185,17 @@ int seccomp_filter_install(pid_t child) {
.len = sizeof(filter) / sizeof(struct sock_filter), .filter = filter};
- if (sigaction(SIGUSR1, &sa, NULL) < 0) { FATAL("sigaction"); }
+ if (sigaction(SIGUSR1, &sa, NULL) < 0) { FFATAL("sigaction"); }
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
- FATAL("PR_SET_NO_NEW_PRIVS %d", errno);
+ FFATAL("PR_SET_NO_NEW_PRIVS %d", errno);
}
int fd = syscall(SYS_seccomp, SECCOMP_SET_MODE_FILTER,
SECCOMP_FILTER_FLAG_NEW_LISTENER, &filter_prog);
- if (fd < 0) { FATAL("SYS_seccomp %d", fd); }
+ if (fd < 0) { FFATAL("SYS_seccomp %d", fd); }
return fd;
@@ -211,19 +209,19 @@ void seccomp_filter_run(int fd, seccomp_filter_callback_t callback) {
if (syscall(SYS_seccomp, SECCOMP_GET_NOTIF_SIZES, 0, &sizes) == -1) {
- FATAL("seccomp-SECCOMP_GET_NOTIF_SIZES");
+ FFATAL("seccomp-SECCOMP_GET_NOTIF_SIZES");
}
if (sizes.seccomp_notif != sizeof(struct seccomp_notif)) {
- FATAL("size - seccomp_notif");
+ FFATAL("size - seccomp_notif");
}
if (sizes.seccomp_notif_resp != sizeof(struct seccomp_notif_resp)) {
- FATAL("size - seccomp_notif");
+ FFATAL("size - seccomp_notif");
}
@@ -237,7 +235,7 @@ void seccomp_filter_run(int fd, seccomp_filter_callback_t callback) {
if (ioctl(fd, SECCOMP_IOCTL_NOTIF_RECV, req) < 0) {
if (errno == EINTR) { continue; }
- FATAL("SECCOMP_IOCTL_NOTIF_RECV: %d\n", fd);
+ FFATAL("SECCOMP_IOCTL_NOTIF_RECV: %d\n", fd);
}
@@ -247,14 +245,14 @@ void seccomp_filter_run(int fd, seccomp_filter_callback_t callback) {
} else {
- if (kill(req->pid, SIGUSR1) < 0) { FATAL("kill"); }
+ if (kill(req->pid, SIGUSR1) < 0) { FFATAL("kill"); }
}
if (ioctl(fd, SECCOMP_IOCTL_NOTIF_SEND, resp) < 0) {
if (errno == ENOENT) { continue; }
- OKF("SECCOMP_IOCTL_NOTIF_SEND");
+ FOKF("SECCOMP_IOCTL_NOTIF_SEND");
continue;
}
diff --git a/frida_mode/src/seccomp/seccomp_socket.c b/frida_mode/src/seccomp/seccomp_socket.c
index ef937420..a01e88ee 100644
--- a/frida_mode/src/seccomp/seccomp_socket.c
+++ b/frida_mode/src/seccomp/seccomp_socket.c
@@ -5,9 +5,8 @@
#include <sys/socket.h>
#include <unistd.h>
- #include "debug.h"
-
#include "seccomp.h"
+ #include "util.h"
union cmsg {
@@ -21,31 +20,31 @@ void seccomp_socket_create(int *sock) {
int tmp_sock[2] = {-1, -1};
if (socketpair(AF_UNIX, SOCK_STREAM, 0, tmp_sock) < 0) {
- FATAL("socketpair");
+ FFATAL("socketpair");
}
if (dup2(tmp_sock[STDIN_FILENO], SECCOMP_SOCKET_RECV_FD) < 0) {
- FATAL("seccomp_socket_create - dup2 (1)");
+ FFATAL("seccomp_socket_create - dup2 (1)");
}
if (dup2(tmp_sock[STDOUT_FILENO], SECCOMP_SOCKET_SEND_FD) < 0) {
- FATAL("seccomp_socket_create - dup2 (1)");
+ FFATAL("seccomp_socket_create - dup2 (1)");
}
if (close(tmp_sock[STDIN_FILENO]) < 0) {
- FATAL("seccomp_socket_create - close (1)");
+ FFATAL("seccomp_socket_create - close (1)");
}
if (close(tmp_sock[STDOUT_FILENO]) < 0) {
- FATAL("seccomp_socket_create - close (2)");
+ FFATAL("seccomp_socket_create - close (2)");
}
@@ -76,7 +75,7 @@ void seccomp_socket_send(int sockfd, int fd) {
memcpy(CMSG_DATA(&control_msg.hdr), &fd, sizeof(int));
- if (sendmsg(sockfd, &message, 0) == -1) { FATAL("sendmsg"); }
+ if (sendmsg(sockfd, &message, 0) == -1) { FFATAL("sendmsg"); }
}
@@ -95,23 +94,23 @@ int seccomp_socket_recv(int sockfd) {
int fd;
- if (recvmsg(sockfd, &message, 0) < 0) { FATAL("recvmsg"); }
+ if (recvmsg(sockfd, &message, 0) < 0) { FFATAL("recvmsg"); }
if (control_msg.hdr.cmsg_len != CMSG_LEN(sizeof(int))) {
- FATAL("control_msg.hdr.cmsg_len");
+ FFATAL("control_msg.hdr.cmsg_len");
}
if (control_msg.hdr.cmsg_level != SOL_SOCKET) {
- FATAL("control_msg.hdr.cmsg_level");
+ FFATAL("control_msg.hdr.cmsg_level");
}
if (control_msg.hdr.cmsg_type != SCM_RIGHTS) {
- FATAL("control_msg.hdr.cmsg_type");
+ FFATAL("control_msg.hdr.cmsg_type");
}
diff --git a/frida_mode/src/seccomp/seccomp_syscall.c b/frida_mode/src/seccomp/seccomp_syscall.c
index 8335b93c..2eac1af3 100644
--- a/frida_mode/src/seccomp/seccomp_syscall.c
+++ b/frida_mode/src/seccomp/seccomp_syscall.c
@@ -3,9 +3,8 @@
#include <limits.h>
#include <stdio.h>
- #include "debug.h"
-
#include "seccomp.h"
+ #include "util.h"
typedef struct {
@@ -324,10 +323,10 @@ static syscall_entry_t seccomp_syscall_table[] = {
char *seccomp_syscall_lookup(int id) {
- if (id < 0) { FATAL("Invalid id: %d", id); }
+ if (id < 0) { FFATAL("Invalid id: %d", id); }
if ((uint32_t)id >= sizeof(seccomp_syscall_table) / sizeof(syscall_entry_t)) {
- FATAL("Invalid id: %d", id);
+ FFATAL("Invalid id: %d", id);
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-23 17:28:42 +0000