rusty-snake/seccomp_init_btree.rs

## seccomp_init_btree.rs
// SPDX-License-Identifier: MIT

/*
 * Copyright © 2023 rusty-snake
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

//! LD_PRELOAD library to change the default optimization level of libseccomp to build btree
//! optimized filters.
//!
//! Compile with
//!
//! ```
//! rustc --edition=2021 --crate-type=cdylib -Cpanic=abort -Cstrip=debuginfo -Clto=thin -Copt-level=2 -l seccomp -F unsafe_op_in_unsafe_fn seccomp_init_btree.rs
//! ```
//!
//! Use with
//!
//! ```
//! LD_PRELOAD=<PATH/TO/libseccomp_init_btree.so> <PROGRAM>
//! ```
//!
//! To supress errors with flatpaks, you can
//!
//! ```
//! LD_PRELOAD=./libseccomp_init_btree.so flatpak run --unset-env=LD_PRELOAD <APP-ID>
//! ```

#![warn(rust_2018_idioms)]
#![allow(non_camel_case_types)]

use core::ffi::*;
use core::mem::transmute;

macro_rules! cstr {
    ($bytes:literal) => {
        ::core::ffi::CStr::from_bytes_with_nul($bytes)
            .unwrap()
            .as_ptr()
    };
}

type scmp_filter_ctx = *mut c_void;

#[repr(C)]
enum scmp_filter_attr {
    SCMP_FLTATR_CTL_OPTIMIZE = 8,
}

const RTLD_NEXT: *mut c_void = -1i64 as *mut c_void;

extern "C" {
    fn dlsym(handle: *mut c_void, symbol: *const c_char) -> *mut c_void;

    fn seccomp_attr_set(ctx: scmp_filter_ctx, attr: scmp_filter_attr, value: u32) -> c_int;
}

#[no_mangle]
unsafe extern "C" fn seccomp_init(def_action: u32) -> scmp_filter_ctx {
    // SAFETY: Call to FFI function.
    let real_seccomp_init = unsafe { dlsym(RTLD_NEXT, cstr!(b"seccomp_init\0")) };
    assert!(!real_seccomp_init.is_null());
    // SAFETY: Transmute void pointer to function pointer. Call to FFI function.
    let ctx = unsafe {
        transmute::<*mut c_void, extern "C" fn(u32) -> scmp_filter_ctx>(real_seccomp_init)(
            def_action,
        )
    };
    if !ctx.is_null() {
        // SAFETY: Call to FFI function.
        let r = unsafe { seccomp_attr_set(ctx, scmp_filter_attr::SCMP_FLTATR_CTL_OPTIMIZE, 2) };
        if r != 0 {
            eprintln!("seccomp_attr_set returned a non-zero value: {r}");
        }
    }
    ctx
}
	// SPDX-License-Identifier: MIT

	/*
	* Copyright © 2023 rusty-snake
	*
	* Permission is hereby granted, free of charge, to any person obtaining a copy
	* of this software and associated documentation files (the "Software"), to deal
	* in the Software without restriction, including without limitation the rights
	* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	* copies of the Software, and to permit persons to whom the Software is
	* furnished to do so, subject to the following conditions:
	*
	* The above copyright notice and this permission notice shall be included in all
	* copies or substantial portions of the Software.
	*
	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	* SOFTWARE.
	*/

	//! LD_PRELOAD library to change the default optimization level of libseccomp to build btree
	//! optimized filters.
	//!
	//! Compile with
	//!
	//! ```
	//! rustc --edition=2021 --crate-type=cdylib -Cpanic=abort -Cstrip=debuginfo -Clto=thin -Copt-level=2 -l seccomp -F unsafe_op_in_unsafe_fn seccomp_init_btree.rs
	//! ```
	//!
	//! Use with
	//!
	//! ```
	//! LD_PRELOAD=<PATH/TO/libseccomp_init_btree.so> <PROGRAM>
	//! ```
	//!
	//! To supress errors with flatpaks, you can
	//!
	//! ```
	//! LD_PRELOAD=./libseccomp_init_btree.so flatpak run --unset-env=LD_PRELOAD <APP-ID>
	//! ```

	#![warn(rust_2018_idioms)]
	#![allow(non_camel_case_types)]

	use core::ffi::*;
	use core::mem::transmute;

	macro_rules! cstr {
	($bytes:literal) => {
	::core::ffi::CStr::from_bytes_with_nul($bytes)
	.unwrap()
	.as_ptr()
	};
	}

	type scmp_filter_ctx = *mut c_void;

	#[repr(C)]
	enum scmp_filter_attr {
	SCMP_FLTATR_CTL_OPTIMIZE = 8,
	}

	const RTLD_NEXT: mut c_void = -1i64 as mut c_void;

	extern "C" {
	fn dlsym(handle: mut c_void, symbol: const c_char) -> *mut c_void;

	fn seccomp_attr_set(ctx: scmp_filter_ctx, attr: scmp_filter_attr, value: u32) -> c_int;
	}

	#[no_mangle]
	unsafe extern "C" fn seccomp_init(def_action: u32) -> scmp_filter_ctx {
	// SAFETY: Call to FFI function.
	let real_seccomp_init = unsafe { dlsym(RTLD_NEXT, cstr!(b"seccomp_init\0")) };
	assert!(!real_seccomp_init.is_null());
	// SAFETY: Transmute void pointer to function pointer. Call to FFI function.
	let ctx = unsafe {
	transmute::<*mut c_void, extern "C" fn(u32) -> scmp_filter_ctx>(real_seccomp_init)(
	def_action,
	)
	};
	if !ctx.is_null() {
	// SAFETY: Call to FFI function.
	let r = unsafe { seccomp_attr_set(ctx, scmp_filter_attr::SCMP_FLTATR_CTL_OPTIMIZE, 2) };
	if r != 0 {
	eprintln!("seccomp_attr_set returned a non-zero value: {r}");
	}
	}
	ctx
	}