crtxcr/exile.h
1
0
Fork 0
Code Issues 14 Pull Requests 1 Releases Wiki Activity

exile_append_path_policies(): Add sentinel macro, making *policy() version redundant

Browse Source
This commit is contained in:
Albert S. 2022-01-15 19:32:12 +01:00
parent bf29edf213
commit 4adc13215b
2 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
exile.h
View File

@ -361,7 +361,7 @@ struct exile_policy
uint64_t vow_promises; uint64_t vow_promises;
/* Do not manually add policies here, use exile_append_path_polic*() */ /* Do not manually add policies here, use exile_append_path_policies() */
struct exile_path_policy *path_policies; struct exile_path_policy *path_policies;
struct exile_path_policy **path_policies_tail; struct exile_path_policy **path_policies_tail;
@ -931,6 +931,7 @@ struct exile_policy *exile_init_policy()
return result; return result;
} }
/* Appends path policies to the exile_policy object /* Appends path policies to the exile_policy object
* The last paramater must be NULL * The last paramater must be NULL
* *
@ -976,12 +977,7 @@ int exile_append_path_policies(struct exile_policy *exile_policy, unsigned int p
return 0; return 0;
} }
int exile_append_path_policy(struct exile_policy *exile_policy, unsigned int path_policy, const char *path) #define exile_append_path_policies(e, p, ...) exile_append_path_policies(e, p, __VA_ARGS__, NULL)
{
return exile_append_path_policies(exile_policy, path_policy, path, NULL);
}
/* /*
* Fills buffer with random characters a-z. * Fills buffer with random characters a-z.

6
test.c
View File

@ -404,7 +404,7 @@ int test_landlock()
return 1; return 1;
} }
struct exile_policy *policy = exile_init_policy(); struct exile_policy *policy = exile_init_policy();
exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ, "/proc/self/fd"); exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ, "/proc/self/fd");
xexile_enable_policy(policy); xexile_enable_policy(policy);
int fd = open("/", O_RDONLY | O_CLOEXEC); int fd = open("/", O_RDONLY | O_CLOEXEC);
@ -418,7 +418,7 @@ int test_landlock()
int test_landlock_deny_write() int test_landlock_deny_write()
{ {
struct exile_policy *policy = exile_init_policy(); struct exile_policy *policy = exile_init_policy();
exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ, "/tmp/"); exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ, "/tmp/");
xexile_enable_policy(policy); xexile_enable_policy(policy);
int fd = open("/tmp/a", O_WRONLY | O_CLOEXEC); int fd = open("/tmp/a", O_WRONLY | O_CLOEXEC);
@ -533,7 +533,7 @@ int test_mkpath()
int test_fail_flags() int test_fail_flags()
{ {
struct exile_policy *policy = exile_init_policy(); struct exile_policy *policy = exile_init_policy();
exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ, "/nosuchpathexists"); exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ, "/nosuchpathexists");
int ret = exile_enable_policy(policy); int ret = exile_enable_policy(policy);
if(ret == 0) if(ret == 0)
{ {