crtxcr/exile.h
1
0
Fork 0
Code Issues 14 Pull Requests 1 Releases Wiki Activity

pledge: Begin filter for setsockopt() args

Browse Source
This commit is contained in:
Albert S. 2021-12-22 10:17:48 +01:00
parent 7115ef8b4d
commit 0b0dda0de1
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
exile.h
View File

@ -666,6 +666,12 @@ static int get_pledge_argfilter(long syscall, uint64_t pledge_promises, struct s
EXILE_BPF_NOP EXILE_BPF_NOP
}; };
struct sock_filter setsockopt_filter[] = {
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, args[2]))),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SO_DEBUG, EXILE_SYSCALL_EXIT_BPF_NO_MATCH, 0),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SO_SNDBUFFORCE, EXILE_SYSCALL_EXIT_BPF_NO_MATCH, 0)
};
int result = 0; int result = 0;
int current_filter_index = 1; int current_filter_index = 1;
switch(syscall) switch(syscall)
@ -738,6 +744,11 @@ static int get_pledge_argfilter(long syscall, uint64_t pledge_promises, struct s
socket_filter[current_filter_index-1].jf = EXILE_SYSCALL_EXIT_BPF_NO_MATCH; socket_filter[current_filter_index-1].jf = EXILE_SYSCALL_EXIT_BPF_NO_MATCH;
result = current_filter_index; result = current_filter_index;
memcpy(filter, socket_filter, result * sizeof(struct sock_filter)); memcpy(filter, socket_filter, result * sizeof(struct sock_filter));
break;
case EXILE_SYS(setsockopt):
result = sizeof(setsockopt_filter)/sizeof(setsockopt_filter[0]);
memcpy(filter, setsockopt_filter, sizeof(setsockopt_filter));
break;
} }
return result; return result;
} }