rusty-snake · August 11, 2024 11:54
diff --git a/seccomp_load_debug.rs b/seccomp_load_debug.rs
 // SPDX-License-Identifier: MIT

 /*
 * Copyright © 2023,2024 rusty-snake
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

 //! LD_PRELOAD library to export the seccomp-bpf filter when it is loaded.
 //!
 //! Compile with
 //!
 //! ```
 //! rustc --edition=2021 --crate-type=cdylib -Cpanic=abort -Cstrip=debuginfo -Clto=thin -Copt-level=2 -l seccomp -F unsafe_op_in_unsafe_fn seccomp_load_debug.rs
 //! ```
 //!
 //! Use with
 //!
 //! ```
 //! LD_PRELOAD=<PATH/TO/libseccomp_load_debug.so> <PROGRAM>
 //! ```
 //!
 //! To suppress errors with flatpaks, you can
 //!
 //! ```
 //! LD_PRELOAD=./libseccomp_load_debug.so flatpak run --unset-env=LD_PRELOAD <APP-ID>
 //! ```

 #![warn(rust_2018_idioms)]
 #![allow(non_camel_case_types)]

 use core::ffi::*;
 use core::mem::transmute;

 type scmp_filter_ctx = *mut c_void;

 const STDOUT_FILENO: c_int = 1;

 const RTLD_NEXT: *mut c_void = -1i64 as *mut c_void;

 extern "C" {
    fn dlsym(handle: *mut c_void, symbol: *const c_char) -> *mut c_void;

    fn seccomp_export_bpf(ctx: scmp_filter_ctx, fd: c_int) -> c_int;
 }

 #[no_mangle]
 unsafe extern "C" fn seccomp_load(ctx: scmp_filter_ctx) -> c_int {
    assert!(!ctx.is_null());

    // SAFETY: Call to FFI function.
    let _ = unsafe { seccomp_export_bpf(ctx, STDOUT_FILENO) };

    // SAFETY: Call to FFI function.
    let real_seccomp_load = unsafe { dlsym(RTLD_NEXT, c"seccomp_load".as_ptr()) };
    assert!(!real_seccomp_load.is_null());
    // SAFETY: Transmute void pointer to function pointer. Call to FFI function.
    unsafe {
        transmute::<*mut c_void, extern "C" fn(scmp_filter_ctx) -> c_int>(real_seccomp_load)(ctx)
    }
 }
	// SPDX-License-Identifier: MIT

	/*
	* Copyright © 2023,2024 rusty-snake
	*
	* Permission is hereby granted, free of charge, to any person obtaining a copy
	* of this software and associated documentation files (the "Software"), to deal
	* in the Software without restriction, including without limitation the rights
	* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	* copies of the Software, and to permit persons to whom the Software is
	* furnished to do so, subject to the following conditions:
	*
	* The above copyright notice and this permission notice shall be included in all
	* copies or substantial portions of the Software.
	*
	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	* SOFTWARE.
	*/

	//! LD_PRELOAD library to export the seccomp-bpf filter when it is loaded.
	//!
	//! Compile with
	//!
	//! ```
	//! rustc --edition=2021 --crate-type=cdylib -Cpanic=abort -Cstrip=debuginfo -Clto=thin -Copt-level=2 -l seccomp -F unsafe_op_in_unsafe_fn seccomp_load_debug.rs
	//! ```
	//!
	//! Use with
	//!
	//! ```
	//! LD_PRELOAD=<PATH/TO/libseccomp_load_debug.so> <PROGRAM>
	//! ```
	//!
	//! To suppress errors with flatpaks, you can
	//!
	//! ```
	//! LD_PRELOAD=./libseccomp_load_debug.so flatpak run --unset-env=LD_PRELOAD <APP-ID>
	//! ```

	#![warn(rust_2018_idioms)]
	#![allow(non_camel_case_types)]

	use core::ffi::*;
	use core::mem::transmute;

	type scmp_filter_ctx = *mut c_void;

	const STDOUT_FILENO: c_int = 1;

	const RTLD_NEXT: mut c_void = -1i64 as mut c_void;

	extern "C" {
	fn dlsym(handle: mut c_void, symbol: const c_char) -> *mut c_void;

	fn seccomp_export_bpf(ctx: scmp_filter_ctx, fd: c_int) -> c_int;
	}

	#[no_mangle]
	unsafe extern "C" fn seccomp_load(ctx: scmp_filter_ctx) -> c_int {
	assert!(!ctx.is_null());

	// SAFETY: Call to FFI function.
	let _ = unsafe { seccomp_export_bpf(ctx, STDOUT_FILENO) };

	// SAFETY: Call to FFI function.
	let real_seccomp_load = unsafe { dlsym(RTLD_NEXT, c"seccomp_load".as_ptr()) };
	assert!(!real_seccomp_load.is_null());
	// SAFETY: Transmute void pointer to function pointer. Call to FFI function.
	unsafe {
	transmute::<*mut c_void, extern "C" fn(scmp_filter_ctx) -> c_int>(real_seccomp_load)(ctx)
	}
	}