From 91db3ed8ce2dc73444bcd649f8003cbe96fcb227 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Sat, 18 Apr 2020 17:09:59 +0200
Subject: prog: add ignore_return and breaks_returns call attribtues

We had these hard-coded for fuchsia and linux accordingly.
Replace with call attributes.
---
 sys/linux/seccomp.txt | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

(limited to 'sys/linux/seccomp.txt')

diff --git a/sys/linux/seccomp.txt b/sys/linux/seccomp.txt
index e56332dab..3d071eb46 100644
--- a/sys/linux/seccomp.txt
+++ b/sys/linux/seccomp.txt
@@ -7,15 +7,17 @@ include <asm/ioctls.h>
 resource fd_seccomp[fd]
 resource seccomp_id[int64]
 
-seccomp$SECCOMP_SET_MODE_STRICT(op const[SECCOMP_SET_MODE_STRICT], flags const[0], arg const[0])
-seccomp$SECCOMP_SET_MODE_FILTER(op const[SECCOMP_SET_MODE_FILTER], flags flags[seccomp_flags], arg ptr[in, sock_fprog])
-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(op const[SECCOMP_SET_MODE_FILTER], flags flags[seccomp_flags_listener], arg ptr[in, sock_fprog]) fd_seccomp
-seccomp$SECCOMP_GET_ACTION_AVAIL(op const[SECCOMP_GET_ACTION_AVAIL], flags const[0], arg ptr[in, int32])
-seccomp$SECCOMP_GET_NOTIF_SIZES(op const[SECCOMP_GET_NOTIF_SIZES], flags const[0], arg ptr[out, seccomp_notif_sizes])
-
-ioctl$SECCOMP_IOCTL_NOTIF_RECV(fd fd_seccomp, cmd const[SECCOMP_IOCTL_NOTIF_RECV], arg ptr[out, seccomp_notif])
-ioctl$SECCOMP_IOCTL_NOTIF_SEND(fd fd_seccomp, cmd const[SECCOMP_IOCTL_NOTIF_SEND], arg ptr[in, seccomp_notif_resp])
-ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(fd fd_seccomp, cmd const[SECCOMP_IOCTL_NOTIF_ID_VALID], arg ptr[in, seccomp_id])
+# Only some commands break return values.
+# When/if we have stricter enforcement of arguments, we may remove some of breaks_returns attributes.
+seccomp$SECCOMP_SET_MODE_STRICT(op const[SECCOMP_SET_MODE_STRICT], flags const[0], arg const[0]) (breaks_returns)
+seccomp$SECCOMP_SET_MODE_FILTER(op const[SECCOMP_SET_MODE_FILTER], flags flags[seccomp_flags], arg ptr[in, sock_fprog]) (breaks_returns)
+seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(op const[SECCOMP_SET_MODE_FILTER], flags flags[seccomp_flags_listener], arg ptr[in, sock_fprog]) fd_seccomp (breaks_returns)
+seccomp$SECCOMP_GET_ACTION_AVAIL(op const[SECCOMP_GET_ACTION_AVAIL], flags const[0], arg ptr[in, int32]) (breaks_returns)
+seccomp$SECCOMP_GET_NOTIF_SIZES(op const[SECCOMP_GET_NOTIF_SIZES], flags const[0], arg ptr[out, seccomp_notif_sizes]) (breaks_returns)
+
+ioctl$SECCOMP_IOCTL_NOTIF_RECV(fd fd_seccomp, cmd const[SECCOMP_IOCTL_NOTIF_RECV], arg ptr[out, seccomp_notif]) (breaks_returns)
+ioctl$SECCOMP_IOCTL_NOTIF_SEND(fd fd_seccomp, cmd const[SECCOMP_IOCTL_NOTIF_SEND], arg ptr[in, seccomp_notif_resp]) (breaks_returns)
+ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(fd fd_seccomp, cmd const[SECCOMP_IOCTL_NOTIF_ID_VALID], arg ptr[in, seccomp_id]) (breaks_returns)
 
 seccomp_notif_sizes {
 	seccomp_notif		int16
-- 
cgit mrf-deployment