From e7e2efb717ecefbf7b6eb92760ff272cca0b6eee Mon Sep 17 00:00:00 2001 From: Cristian Toader Date: Thu, 18 Jul 2013 18:11:47 +0300 Subject: [PATCH] Added getter for protected parameter --- src/common/sandbox.c | 27 ++++++++++++++++++++++++++- src/common/sandbox.h | 1 + 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 56feae008d..f041012f26 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -16,6 +16,7 @@ #include "sandbox.h" #include "torlog.h" #include "orconfig.h" +#include "torint.h" #if defined(HAVE_SECCOMP_H) && defined(__linux__) #define USE_LIBSECCOMP @@ -149,6 +150,30 @@ static int general_filter[] = { SCMP_SYS(unlink) }; +char* +get_prot_param(char *param) +{ + int i, filter_size; + + if (param == NULL) + return NULL; + + if (param_filter == NULL) { + filter_size = 0; + } else { + filter_size = sizeof(param_filter) / sizeof(param_filter[0]); + } + + for (i = 0; i < filter_size; i++) { + if (param_filter[i].prot && !strncmp(param, param_filter[i].param, + MAX_PARAM_LEN)) { + return param_filter[i].param; + } + } + + return NULL; +} + static int add_param_filter(scmp_filter_ctx ctx) { @@ -189,7 +214,7 @@ add_param_filter(scmp_filter_ctx ctx) } // if not protected rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, param_filter[i].syscall, 1, - param_filter[i].param); + SCMP_A0(SCMP_CMP_EQ, (intptr_t) param_filter[i].param)); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add syscall index %d, " "received libseccomp error %d", i, rc); diff --git a/src/common/sandbox.h b/src/common/sandbox.h index cfbecebbd4..4752f1a733 100644 --- a/src/common/sandbox.h +++ b/src/common/sandbox.h @@ -58,6 +58,7 @@ typedef struct { void sandbox_set_debugging_fd(int fd); int tor_global_sandbox(void); +char* get_prot_param(char *param); #endif /* SANDBOX_H_ */