commit e7e2efb717ecefbf7b6eb92760ff272cca0b6eee Author: Cristian Toader cristian.matei.toader@gmail.com Date: Thu Jul 18 18:11:47 2013 +0300
Added getter for protected parameter --- src/common/sandbox.c | 27 ++++++++++++++++++++++++++- src/common/sandbox.h | 1 + 2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 56feae0..f041012 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -16,6 +16,7 @@ #include "sandbox.h" #include "torlog.h" #include "orconfig.h" +#include "torint.h"
#if defined(HAVE_SECCOMP_H) && defined(__linux__) #define USE_LIBSECCOMP @@ -149,6 +150,30 @@ static int general_filter[] = { SCMP_SYS(unlink) };
+char* +get_prot_param(char *param) +{ + int i, filter_size; + + if (param == NULL) + return NULL; + + if (param_filter == NULL) { + filter_size = 0; + } else { + filter_size = sizeof(param_filter) / sizeof(param_filter[0]); + } + + for (i = 0; i < filter_size; i++) { + if (param_filter[i].prot && !strncmp(param, param_filter[i].param, + MAX_PARAM_LEN)) { + return param_filter[i].param; + } + } + + return NULL; +} + static int add_param_filter(scmp_filter_ctx ctx) { @@ -189,7 +214,7 @@ add_param_filter(scmp_filter_ctx ctx) } // if not protected
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, param_filter[i].syscall, 1, - param_filter[i].param); + SCMP_A0(SCMP_CMP_EQ, (intptr_t) param_filter[i].param)); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add syscall index %d, " "received libseccomp error %d", i, rc); diff --git a/src/common/sandbox.h b/src/common/sandbox.h index cfbeceb..4752f1a 100644 --- a/src/common/sandbox.h +++ b/src/common/sandbox.h @@ -58,6 +58,7 @@ typedef struct {
void sandbox_set_debugging_fd(int fd); int tor_global_sandbox(void); +char* get_prot_param(char *param);
#endif /* SANDBOX_H_ */
tor-commits@lists.torproject.org