Auto merge of #2233 - devnexen:linux_seccomp, r=JohnTitor

linux/android adding seccomp filter and data types.

Author: bors

libc-test/semver/android.txt

@@ -1777,9 +1777,25 @@ SCM_CREDENTIALS
 SCM_RIGHTS
 SCM_TIMESTAMP
 
+SECCOMP_FILTER_FLAG_LOG
+SECCOMP_FILTER_FLAG_NEW_LISTENER
+SECCOMP_FILTER_FLAG_SPEC_ALLOW
+SECCOMP_FILTER_FLAG_TSYNC
 SECCOMP_MODE_DISABLED
 SECCOMP_MODE_FILTER
 SECCOMP_MODE_STRICT
+SECCOMP_RET_ACTION
+SECCOMP_RET_ACTION_FULL
+SECCOMP_RET_ALLOW
+SECCOMP_RET_DATA
+SECCOMP_RET_ERRNO
+SECCOMP_RET_KILL
+SECCOMP_RET_KILL_PROCESS
+SECCOMP_RET_KILL_THREAD
+SECCOMP_RET_LOG
+SECCOMP_RET_TRACE
+SECCOMP_RET_TRAP
+SECCOMP_RET_USER_NOTIF
 SEEK_CUR
 SEEK_DATA
 SEEK_END
@@ -3048,6 +3064,7 @@ sched_setaffinity
 sched_setparam
 sched_setscheduler
 sched_yield
+seccomp_data
 seekdir
 select
 sem_close
@@ -3121,6 +3138,8 @@ size_t
 sleep
 snprintf
 sock_extended_err
+sock_filter
+sock_fprog
 sockaddr
 sockaddr_alg
 sockaddr_in

libc-test/semver/linux.txt

@@ -1934,9 +1934,23 @@ SCM_CREDENTIALS
 SCM_RIGHTS
 SCM_TIMESTAMP
 SCM_TIMESTAMPING
+SECCOMP_FILTER_FLAG_LOG
+SECCOMP_FILTER_FLAG_SPEC_ALLOW
+SECCOMP_FILTER_FLAG_TSYNC
 SECCOMP_MODE_DISABLED
 SECCOMP_MODE_FILTER
 SECCOMP_MODE_STRICT
+SECCOMP_RET_ACTION
+SECCOMP_RET_ACTION_FULL
+SECCOMP_RET_ALLOW
+SECCOMP_RET_DATA
+SECCOMP_RET_ERRNO
+SECCOMP_RET_KILL
+SECCOMP_RET_KILL_PROCESS
+SECCOMP_RET_KILL_THREAD
+SECCOMP_RET_LOG
+SECCOMP_RET_TRACE
+SECCOMP_RET_TRAP
 SEEK_DATA
 SEEK_HOLE
 SEM_FAILED
@@ -2939,6 +2953,7 @@ sched_rr_get_interval
 sched_setaffinity
 sched_setparam
 sched_setscheduler
+seccomp_data
 seekdir
 sem_close
 sem_destroy
@@ -2990,6 +3005,8 @@ sigtimedwait
 sigwait
 sigwaitinfo
 sock_extended_err
+sock_filter
+sock_fprog
 sockaddr_alg
 sockaddr_can
 sockaddr_ll

src/unix/linux_like/android/b32/mod.rs

@@ -8,6 +8,7 @@ pub type off64_t = ::c_longlong;
 pub type sigset_t = ::c_ulong;
 pub type socklen_t = i32;
 pub type time64_t = i64;
+pub type __u64 = ::c_ulonglong;
 
 s! {
     pub struct sigaction {

src/unix/linux_like/android/b64/aarch64/mod.rs

@@ -1,5 +1,6 @@
 pub type c_char = u8;
 pub type wchar_t = u32;
+pub type __u64 = ::c_ulonglong;
 
 s! {
     pub struct stat {

src/unix/linux_like/android/b64/x86_64/mod.rs

@@ -1,6 +1,7 @@
 pub type c_char = i8;
 pub type wchar_t = i32;
 pub type greg_t = i64;
+pub type __u64 = ::c_ulonglong;
 
 s! {
     pub struct stat {

src/unix/linux_like/android/mod.rs

@@ -26,6 +26,12 @@ pub type loff_t = ::c_longlong;
 pub type __kernel_loff_t = ::c_longlong;
 pub type __kernel_pid_t = ::c_int;
 
+pub type __u8 = ::c_uchar;
+pub type __u16 = ::c_ushort;
+pub type __s16 = ::c_short;
+pub type __u32 = ::c_uint;
+pub type __s32 = ::c_int;
+
 // linux/elf.h
 
 pub type Elf32_Addr = u32;
@@ -321,6 +327,27 @@ s! {
         pub dlpi_tls_modid: ::size_t,
         pub dlpi_tls_data: *mut ::c_void,
     }
+
+    // linux/filter.h
+    pub struct sock_filter {
+        pub code: ::__u16,
+        pub jt: ::__u8,
+        pub jf: ::__u8,
+        pub k: ::__u32,
+    }
+
+    pub struct sock_fprog {
+        pub len: ::c_ushort,
+        pub filter: *mut sock_filter,
+    }
+
+    // linux/seccomp.h
+    pub struct seccomp_data {
+        pub nr: ::c_int,
+        pub arch: ::__u32,
+        pub instruction_pointer: ::__u64,
+        pub args: [::__u64; 6],
+    }
 }
 
 s_no_extra_traits! {
@@ -1741,6 +1768,25 @@ pub const SECCOMP_MODE_DISABLED: ::c_uint = 0;
 pub const SECCOMP_MODE_STRICT: ::c_uint = 1;
 pub const SECCOMP_MODE_FILTER: ::c_uint = 2;
 
+pub const SECCOMP_FILTER_FLAG_TSYNC: ::c_ulong = 1;
+pub const SECCOMP_FILTER_FLAG_LOG: ::c_ulong = 2;
+pub const SECCOMP_FILTER_FLAG_SPEC_ALLOW: ::c_ulong = 4;
+pub const SECCOMP_FILTER_FLAG_NEW_LISTENER: ::c_ulong = 8;
+
+pub const SECCOMP_RET_ACTION_FULL: ::c_uint = 0xffff0000;
+pub const SECCOMP_RET_ACTION: ::c_uint = 0x7fff0000;
+pub const SECCOMP_RET_DATA: ::c_uint = 0x0000ffff;
+
+pub const SECCOMP_RET_KILL_PROCESS: ::c_uint = 0x80000000;
+pub const SECCOMP_RET_KILL_THREAD: ::c_uint = 0x00000000;
+pub const SECCOMP_RET_KILL: ::c_uint = SECCOMP_RET_KILL_THREAD;
+pub const SECCOMP_RET_TRAP: ::c_uint = 0x00030000;
+pub const SECCOMP_RET_ERRNO: ::c_uint = 0x00050000;
+pub const SECCOMP_RET_USER_NOTIF: ::c_uint = 0x7fc00000;
+pub const SECCOMP_RET_TRACE: ::c_uint = 0x7ff00000;
+pub const SECCOMP_RET_LOG: ::c_uint = 0x7ffc0000;
+pub const SECCOMP_RET_ALLOW: ::c_uint = 0x7fff0000;
+
 pub const NLA_F_NESTED: ::c_int = 1 << 15;
 pub const NLA_F_NET_BYTEORDER: ::c_int = 1 << 14;
 pub const NLA_TYPE_MASK: ::c_int = !(NLA_F_NESTED | NLA_F_NET_BYTEORDER);

src/unix/linux_like/linux/mod.rs

@@ -541,6 +541,27 @@ s! {
         pub can_id: canid_t,
         pub can_mask: canid_t,
     }
+
+    // linux/filter.h
+    pub struct sock_filter {
+        pub code: ::__u16,
+        pub jt: ::__u8,
+        pub jf: ::__u8,
+        pub k: ::__u32,
+    }
+
+    pub struct sock_fprog {
+        pub len: ::c_ushort,
+        pub filter: *mut sock_filter,
+    }
+
+    // linux/seccomp.h
+    pub struct seccomp_data {
+        pub nr: ::c_int,
+        pub arch: ::__u32,
+        pub instruction_pointer: ::__u64,
+        pub args: [::__u64; 6],
+    }
 }
 
 s_no_extra_traits! {
@@ -1704,6 +1725,23 @@ pub const SECCOMP_MODE_DISABLED: ::c_uint = 0;
 pub const SECCOMP_MODE_STRICT: ::c_uint = 1;
 pub const SECCOMP_MODE_FILTER: ::c_uint = 2;
 
+pub const SECCOMP_FILTER_FLAG_TSYNC: ::c_ulong = 1;
+pub const SECCOMP_FILTER_FLAG_LOG: ::c_ulong = 2;
+pub const SECCOMP_FILTER_FLAG_SPEC_ALLOW: ::c_ulong = 4;
+
+pub const SECCOMP_RET_KILL_PROCESS: ::c_uint = 0x80000000;
+pub const SECCOMP_RET_KILL_THREAD: ::c_uint = 0x00000000;
+pub const SECCOMP_RET_KILL: ::c_uint = SECCOMP_RET_KILL_THREAD;
+pub const SECCOMP_RET_TRAP: ::c_uint = 0x00030000;
+pub const SECCOMP_RET_ERRNO: ::c_uint = 0x00050000;
+pub const SECCOMP_RET_TRACE: ::c_uint = 0x7ff00000;
+pub const SECCOMP_RET_LOG: ::c_uint = 0x7ffc0000;
+pub const SECCOMP_RET_ALLOW: ::c_uint = 0x7fff0000;
+
+pub const SECCOMP_RET_ACTION_FULL: ::c_uint = 0xffff0000;
+pub const SECCOMP_RET_ACTION: ::c_uint = 0x7fff0000;
+pub const SECCOMP_RET_DATA: ::c_uint = 0x0000ffff;
+
 pub const ITIMER_REAL: ::c_int = 0;
 pub const ITIMER_VIRTUAL: ::c_int = 1;
 pub const ITIMER_PROF: ::c_int = 2;