summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCristian Toader <cristian.matei.toader@gmail.com>2013-07-18 18:11:47 +0300
committerCristian Toader <cristian.matei.toader@gmail.com>2013-07-18 18:21:37 +0300
commite7e2efb717ecefbf7b6eb92760ff272cca0b6eee (patch)
tree0e4647e6d4eccca740b7ea51bd7e0a68232771b7
parent673349c42ec5e07c0fdb54d2a45f7b104865325b (diff)
downloadtor-e7e2efb717ecefbf7b6eb92760ff272cca0b6eee.tar.gz
tor-e7e2efb717ecefbf7b6eb92760ff272cca0b6eee.zip
Added getter for protected parameter
-rw-r--r--src/common/sandbox.c27
-rw-r--r--src/common/sandbox.h1
2 files changed, 27 insertions, 1 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 56feae008d..f041012f26 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -16,6 +16,7 @@
#include "sandbox.h"
#include "torlog.h"
#include "orconfig.h"
+#include "torint.h"
#if defined(HAVE_SECCOMP_H) && defined(__linux__)
#define USE_LIBSECCOMP
@@ -149,6 +150,30 @@ static int general_filter[] = {
SCMP_SYS(unlink)
};
+char*
+get_prot_param(char *param)
+{
+ int i, filter_size;
+
+ if (param == NULL)
+ return NULL;
+
+ if (param_filter == NULL) {
+ filter_size = 0;
+ } else {
+ filter_size = sizeof(param_filter) / sizeof(param_filter[0]);
+ }
+
+ for (i = 0; i < filter_size; i++) {
+ if (param_filter[i].prot && !strncmp(param, param_filter[i].param,
+ MAX_PARAM_LEN)) {
+ return param_filter[i].param;
+ }
+ }
+
+ return NULL;
+}
+
static int
add_param_filter(scmp_filter_ctx ctx)
{
@@ -189,7 +214,7 @@ add_param_filter(scmp_filter_ctx ctx)
} // if not protected
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, param_filter[i].syscall, 1,
- param_filter[i].param);
+ SCMP_A0(SCMP_CMP_EQ, (intptr_t) param_filter[i].param));
if (rc != 0) {
log_err(LD_BUG,"(Sandbox) failed to add syscall index %d, "
"received libseccomp error %d", i, rc);
diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index cfbecebbd4..4752f1a733 100644
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -58,6 +58,7 @@ typedef struct {
void sandbox_set_debugging_fd(int fd);
int tor_global_sandbox(void);
+char* get_prot_param(char *param);
#endif /* SANDBOX_H_ */