diff options
author | Cristian Toader <cristian.matei.toader@gmail.com> | 2013-07-18 18:11:47 +0300 |
---|---|---|
committer | Cristian Toader <cristian.matei.toader@gmail.com> | 2013-07-18 18:21:37 +0300 |
commit | e7e2efb717ecefbf7b6eb92760ff272cca0b6eee (patch) | |
tree | 0e4647e6d4eccca740b7ea51bd7e0a68232771b7 | |
parent | 673349c42ec5e07c0fdb54d2a45f7b104865325b (diff) | |
download | tor-e7e2efb717ecefbf7b6eb92760ff272cca0b6eee.tar.gz tor-e7e2efb717ecefbf7b6eb92760ff272cca0b6eee.zip |
Added getter for protected parameter
-rw-r--r-- | src/common/sandbox.c | 27 | ||||
-rw-r--r-- | src/common/sandbox.h | 1 |
2 files changed, 27 insertions, 1 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 56feae008d..f041012f26 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -16,6 +16,7 @@ #include "sandbox.h" #include "torlog.h" #include "orconfig.h" +#include "torint.h" #if defined(HAVE_SECCOMP_H) && defined(__linux__) #define USE_LIBSECCOMP @@ -149,6 +150,30 @@ static int general_filter[] = { SCMP_SYS(unlink) }; +char* +get_prot_param(char *param) +{ + int i, filter_size; + + if (param == NULL) + return NULL; + + if (param_filter == NULL) { + filter_size = 0; + } else { + filter_size = sizeof(param_filter) / sizeof(param_filter[0]); + } + + for (i = 0; i < filter_size; i++) { + if (param_filter[i].prot && !strncmp(param, param_filter[i].param, + MAX_PARAM_LEN)) { + return param_filter[i].param; + } + } + + return NULL; +} + static int add_param_filter(scmp_filter_ctx ctx) { @@ -189,7 +214,7 @@ add_param_filter(scmp_filter_ctx ctx) } // if not protected rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, param_filter[i].syscall, 1, - param_filter[i].param); + SCMP_A0(SCMP_CMP_EQ, (intptr_t) param_filter[i].param)); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add syscall index %d, " "received libseccomp error %d", i, rc); diff --git a/src/common/sandbox.h b/src/common/sandbox.h index cfbecebbd4..4752f1a733 100644 --- a/src/common/sandbox.h +++ b/src/common/sandbox.h @@ -58,6 +58,7 @@ typedef struct { void sandbox_set_debugging_fd(int fd); int tor_global_sandbox(void); +char* get_prot_param(char *param); #endif /* SANDBOX_H_ */ |