crtxcr/exile.h
1
0
Fork 0
Code Issues 14 Pull Requests 1 Releases Wiki Activity

check_policy_sanity(): Allow vows and syscall policies

Browse Source 
Adjust checks to allow a mixed mode between syscall policies and vows.
Check for some easy to make mistakes in such scenario.
This commit is contained in:
Albert S. 2022-06-09 09:48:25 +02:00
parent 42d44b0cc1
commit 8f38dc4480
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
exile.c
View File

@ -1410,6 +1410,11 @@ static int check_policy_sanity(struct exile_policy *policy)
{ {
if(syscall_policy->syscall == EXILE_SYSCALL_MATCH_ALL) if(syscall_policy->syscall == EXILE_SYSCALL_MATCH_ALL)
{ {
if(policy->vow_promises != 0)
{
EXILE_LOG_ERROR("It's not possible to specify a default, all matching syscall policy while also using vows\n");
return -1;
}
last_match_all = i; last_match_all = i;
match_all_policy = syscall_policy->policy; match_all_policy = syscall_policy->policy;
} }
@ -1420,7 +1425,7 @@ static int check_policy_sanity(struct exile_policy *policy)
syscall_policy = syscall_policy->next; syscall_policy = syscall_policy->next;
++i; ++i;
} }
if(last_match_all == -1 || i - last_match_all != 1) if(policy->vow_promises == 0 && (last_match_all == -1 || i - last_match_all != 1))
{ {
EXILE_LOG_ERROR("The last entry in the syscall policy list must match all syscalls (default rule)\n"); EXILE_LOG_ERROR("The last entry in the syscall policy list must match all syscalls (default rule)\n");
return -1; return -1;