Changes as suggested by nickm

- char* to const char* and name refactoring
- workaround for accept4 syscall
This commit is contained in:
Cristian Toader 2013-07-29 14:46:47 +03:00
parent 8f9d3da194
commit 6d5b0367f6
3 changed files with 9 additions and 10 deletions

View File

@ -125,7 +125,7 @@ tor_open_cloexec(const char *path, int flags, unsigned mode)
{ {
int fd; int fd;
#ifdef O_CLOEXEC #ifdef O_CLOEXEC
path = get_prot_param(path); path = sandbox_intern_string(path);
fd = open(path, flags|O_CLOEXEC, mode); fd = open(path, flags|O_CLOEXEC, mode);
if (fd >= 0) if (fd >= 0)
return fd; return fd;

View File

@ -49,6 +49,10 @@ static sandbox_static_cfg_t filter_static[] = {
#endif #endif
{SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGCHLD), 0}, {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGCHLD), 0},
{SCMP_SYS(time), PARAM_NUM, 0, 0, 0}, {SCMP_SYS(time), PARAM_NUM, 0, 0, 0},
#ifdef __NR_socketcall
{SCMP_SYS(socketcall), PARAM_NUM, 0, 18, 0}, // accept4 workaround
#endif
}; };
/** Variable used for storing all syscall numbers that will be allowed with the /** Variable used for storing all syscall numbers that will be allowed with the
@ -136,7 +140,7 @@ static int filter_nopar_gen[] = {
SCMP_SYS(exit), SCMP_SYS(exit),
// socket syscalls // socket syscalls
SCMP_SYS(accept4), // SCMP_SYS(accept4),
SCMP_SYS(bind), SCMP_SYS(bind),
SCMP_SYS(connect), SCMP_SYS(connect),
SCMP_SYS(getsockname), SCMP_SYS(getsockname),
@ -149,17 +153,12 @@ static int filter_nopar_gen[] = {
SCMP_SYS(setsockopt), SCMP_SYS(setsockopt),
SCMP_SYS(socket), SCMP_SYS(socket),
SCMP_SYS(socketpair), SCMP_SYS(socketpair),
#ifdef __NR_socketcall
// SCMP_SYS(socketcall),
#endif
SCMP_SYS(recvfrom), SCMP_SYS(recvfrom),
SCMP_SYS(unlink), SCMP_SYS(unlink),
}; };
char* const char*
get_prot_param(char *param) sandbox_intern_string(char *param)
{ {
int i, filter_size; int i, filter_size;
sandbox_cfg_t *elem; sandbox_cfg_t *elem;

View File

@ -80,7 +80,7 @@ typedef struct pfd_elem sandbox_cfg_t;
void sandbox_set_debugging_fd(int fd); void sandbox_set_debugging_fd(int fd);
int tor_global_sandbox(void); int tor_global_sandbox(void);
char* get_prot_param(char *param); const char* sandbox_intern_string(char *param);
sandbox_cfg_t * sandbox_cfg_new(); sandbox_cfg_t * sandbox_cfg_new();
int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file); int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file);