crtxcr/exile.h
1
0
Forka 0
Codice Problemi 14 Pull Requests 1 Rilasci Wiki Attività

check_policy_sanity(): Allow vows and syscall policies

Sfoglia il codice sorgente 
Adjust checks to allow a mixed mode between syscall policies and vows.
Check for some easy to make mistakes in such scenario.
This commit is contained in:
Albert S.
2022-06-09 09:48:25 +02:00
parent 42d44b0cc1
commit 8f38dc4480
1 ha cambiato i file con 6 aggiunte e 1 eliminazioni
Scarica il file Patch Scarica il file Diff Expand all files Collapse all files

7
exile.c
Vedi File

@@ -1410,6 +1410,11 @@ static int check_policy_sanity(struct exile_policy *policy)
{
if(syscall_policy->syscall == EXILE_SYSCALL_MATCH_ALL)
{
if(policy->vow_promises != 0)
{
EXILE_LOG_ERROR("It's not possible to specify a default, all matching syscall policy while also using vows\n");
return -1;
}
last_match_all = i;
match_all_policy = syscall_policy->policy;
}
@@ -1420,7 +1425,7 @@ static int check_policy_sanity(struct exile_policy *policy)
syscall_policy = syscall_policy->next;
++i;
}
if(last_match_all == -1 || i - last_match_all != 1)
if(policy->vow_promises == 0 && (last_match_all == -1 || i - last_match_all != 1))
{
EXILE_LOG_ERROR("The last entry in the syscall policy list must match all syscalls (default rule)\n");
return -1;