crtxcr
/
exile.h
1
0
Fork 0
Code Issues 14 Pull Requests 1 Releases Wiki Activity

pledge: Begin filter for setsockopt() args

This commit is contained in:
Albert S. 2021-12-22 10:17:48 +01:00
parent 7115ef8b4d
commit 0b0dda0de1
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
exile.h
View File

@ -666,6 +666,12 @@ static int get_pledge_argfilter(long syscall, uint64_t pledge_promises, struct s
EXILE_BPF_NOP
};
struct sock_filter setsockopt_filter[] = {
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, args[2]))),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SO_DEBUG, EXILE_SYSCALL_EXIT_BPF_NO_MATCH, 0),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SO_SNDBUFFORCE, EXILE_SYSCALL_EXIT_BPF_NO_MATCH, 0)
};
int result = 0;
int current_filter_index = 1;
switch(syscall)
@ -738,6 +744,11 @@ static int get_pledge_argfilter(long syscall, uint64_t pledge_promises, struct s
socket_filter[current_filter_index-1].jf = EXILE_SYSCALL_EXIT_BPF_NO_MATCH;
result = current_filter_index;
memcpy(filter, socket_filter, result * sizeof(struct sock_filter));
break;
case EXILE_SYS(setsockopt):
result = sizeof(setsockopt_filter)/sizeof(setsockopt_filter[0]);
memcpy(filter, setsockopt_filter, sizeof(setsockopt_filter));
break;
}
return result;
}