diff options
author | Vitaly Vi Shukela <vi0oss@gmail.com> | 2013-03-26 10:58:28 -0400 |
---|---|---|
committer | Paul Moore <pmoore@redhat.com> | 2013-03-26 10:58:28 -0400 |
commit | 10e75c277a14ce7ea4f03ba13042a915f1439060 (patch) | |
tree | 2628ea854424553cec9bff307e72f127d61ca9ef /src/api.c | |
parent | 746ee19e3e253ce7580a2aad0d03e51029d2259f (diff) | |
download | libseccomp-10e75c277a14ce7ea4f03ba13042a915f1439060.tar.gz |
api: Add array versions of seccomp_rule_add functions
Signed-off-by: Vitaly Vi Shukela <vi0oss@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'src/api.c')
-rw-r--r-- | src/api.c | 57 |
1 files changed, 51 insertions, 6 deletions
@@ -365,7 +365,8 @@ syscall_priority_failure: */ static int _seccomp_rule_add(struct db_filter_col *col, unsigned int strict, uint32_t action, int syscall, - unsigned int arg_cnt, va_list arg_list) + unsigned int arg_cnt, + const struct scmp_arg_cmp *arg_array) { int rc = 0, rc_tmp; int sc_tmp; @@ -377,6 +378,9 @@ static int _seccomp_rule_add(struct db_filter_col *col, struct db_api_arg *chain = NULL, *chain_tmp; struct scmp_arg_cmp arg_data; + if (arg_cnt > 0 && arg_array == NULL) + return -EINVAL; + if (db_col_valid(col) || _syscall_valid(syscall)) return -EINVAL; @@ -397,7 +401,7 @@ static int _seccomp_rule_add(struct db_filter_col *col, return -ENOMEM; memset(chain, 0, chain_size); for (iter = 0; iter < arg_cnt; iter++) { - arg_data = va_arg(arg_list, struct scmp_arg_cmp); + arg_data = arg_array[iter]; arg_num = arg_data.arg; if (arg_num < chain_len && chain[arg_num].valid == 0) { chain[arg_num].valid = 1; @@ -479,30 +483,71 @@ rule_add_return: } /* NOTE - function header comment in include/seccomp.h */ +int seccomp_rule_add_array(scmp_filter_ctx ctx, + uint32_t action, int syscall, unsigned int arg_cnt, + const struct scmp_arg_cmp *arg_array) +{ + if (arg_cnt < 0 || arg_cnt > ARG_COUNT_MAX) + return -EINVAL; + + return _seccomp_rule_add((struct db_filter_col *)ctx, + 0, action, syscall, arg_cnt, arg_array); +} + + +/* NOTE - function header comment in include/seccomp.h */ int seccomp_rule_add(scmp_filter_ctx ctx, uint32_t action, int syscall, unsigned int arg_cnt, ...) { int rc; + int iter; + struct scmp_arg_cmp arg_array[ARG_COUNT_MAX]; va_list arg_list; + if (arg_cnt < 0 || arg_cnt > ARG_COUNT_MAX) + return -EINVAL; + va_start(arg_list, arg_cnt); - rc = _seccomp_rule_add((struct db_filter_col *)ctx, - 0, action, syscall, arg_cnt, arg_list); + for (iter = 0; iter < arg_cnt; ++iter) + arg_array[iter] = va_arg(arg_list, struct scmp_arg_cmp); + rc = seccomp_rule_add_array(ctx, action, syscall, arg_cnt, arg_array); va_end(arg_list); return rc; } + +/* NOTE - function header comment in include/seccomp.h */ +int seccomp_rule_add_exact_array(scmp_filter_ctx ctx, + uint32_t action, int syscall, + unsigned int arg_cnt, + const struct scmp_arg_cmp *arg_array) +{ + if (arg_cnt < 0 || arg_cnt > ARG_COUNT_MAX) + return -EINVAL; + + return _seccomp_rule_add((struct db_filter_col *)ctx, + 1, action, syscall, arg_cnt, arg_array); +} + + /* NOTE - function header comment in include/seccomp.h */ int seccomp_rule_add_exact(scmp_filter_ctx ctx, uint32_t action, int syscall, unsigned int arg_cnt, ...) { int rc; + int iter; + struct scmp_arg_cmp arg_array[ARG_COUNT_MAX]; va_list arg_list; + if (arg_cnt < 0 || arg_cnt > ARG_COUNT_MAX) + return -EINVAL; + va_start(arg_list, arg_cnt); - rc = _seccomp_rule_add((struct db_filter_col *)ctx, - 1, action, syscall, arg_cnt, arg_list); + for (iter = 0; iter < arg_cnt; ++iter) + arg_array[iter] = va_arg(arg_list, struct scmp_arg_cmp); + rc = seccomp_rule_add_exact_array(ctx, + action, syscall, arg_cnt, arg_array); va_end(arg_list); return rc; |