From 8f38dc4480d51e2bf737ef87dd4a4f408d90a8a6 Mon Sep 17 00:00:00 2001
From: Albert S <mail@quitesimple.org>
Date: Thu, 9 Jun 2022 09:48:25 +0200
Subject: [PATCH] check_policy_sanity(): Allow vows and syscall policies

Adjust checks to allow a mixed mode between syscall policies and vows.
Check for some easy to make mistakes in such scenario.
---
 exile.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/exile.c b/exile.c
index 067b7ad..a9d5e71 100644
--- a/exile.c
+++ b/exile.c
@@ -1410,6 +1410,11 @@ static int check_policy_sanity(struct exile_policy *policy)
 		{
 			if(syscall_policy->syscall == EXILE_SYSCALL_MATCH_ALL)
 			{
+				if(policy->vow_promises != 0)
+				{
+					EXILE_LOG_ERROR("It's not possible to specify a default, all matching syscall policy while also using vows\n");
+					return -1;
+				}
 				last_match_all = i;
 				match_all_policy = syscall_policy->policy;
 			}
@@ -1420,7 +1425,7 @@ static int check_policy_sanity(struct exile_policy *policy)
 			syscall_policy = syscall_policy->next;
 			++i;
 		}
-		if(last_match_all == -1 || i - last_match_all != 1)
+		if(policy->vow_promises == 0 && (last_match_all == -1 || i - last_match_all != 1))
 		{
 			EXILE_LOG_ERROR("The last entry in the syscall policy list must match all syscalls (default rule)\n");
 			return -1;