diff options
| author | Paul Moore <pmoore@redhat.com> | 2015-12-17 19:07:47 -0500 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2016-02-09 08:32:15 -0500 |
| commit | f16f405f61ecdbad202257b61004b85fce64d75c (patch) | |
| tree | 2f7d4969994f44bcd4dfe4bc66a72b850647e8c6 /src/arch-x86.c | |
| parent | a4478ddcd4e3b34fcd9c526dcf54f0d79b33ac16 (diff) | |
| download | libseccomp-f16f405f61ecdbad202257b61004b85fce64d75c.tar.gz | |
db: store the rules used to build the filter
This will be useful in future patches for rebuilding and manipulating
the filter.
Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'src/arch-x86.c')
| -rw-r--r-- | src/arch-x86.c | 37 |
1 files changed, 18 insertions, 19 deletions
diff --git a/src/arch-x86.c b/src/arch-x86.c index a08ffdf..4877b3c 100644 --- a/src/arch-x86.c +++ b/src/arch-x86.c @@ -65,8 +65,7 @@ int x86_syscall_rewrite(const struct arch_def *arch, int *syscall) * Rewrite a filter rule to match the architecture specifics * @param arch the architecture definition * @param strict strict flag - * @param syscall the syscall number - * @param chain the argument filter chain + * @param rule the filter rule * * Syscalls can vary across different architectures so this function handles * the necessary seccomp rule rewrites to ensure the right thing is done @@ -77,11 +76,11 @@ int x86_syscall_rewrite(const struct arch_def *arch, int *syscall) * */ int x86_filter_rewrite(const struct arch_def *arch, bool strict, - int *syscall, struct db_api_arg *chain) + struct db_api_rule_list *rule) { - int sys = *syscall; - unsigned int iter; int arg_max; + unsigned int iter; + int sys = rule->syscall; arg_max = arch_arg_count_max(arch); if (arg_max < 0) @@ -89,26 +88,26 @@ int x86_filter_rewrite(const struct arch_def *arch, bool strict, if (sys <= -100 && sys >= -117) { for (iter = 0; iter < arg_max; iter++) { - if ((chain[iter].valid != 0) && (strict)) + if ((rule->args[iter].valid != 0) && (strict)) return -EINVAL; } - chain[0].arg = 0; - chain[0].op = SCMP_CMP_EQ; - chain[0].mask = DATUM_MAX; - chain[0].datum = abs(sys) % 100; - chain[0].valid = 1; - *syscall = __x86_NR_socketcall; + rule->args[0].arg = 0; + rule->args[0].op = SCMP_CMP_EQ; + rule->args[0].mask = DATUM_MAX; + rule->args[0].datum = abs(sys) % 100; + rule->args[0].valid = 1; + rule->syscall = __x86_NR_socketcall; } else if (sys <= -200 && sys >= -211) { for (iter = 0; iter < arg_max; iter++) { - if ((chain[iter].valid != 0) && (strict)) + if ((rule->args[iter].valid != 0) && (strict)) return -EINVAL; } - chain[0].arg = 0; - chain[0].op = SCMP_CMP_EQ; - chain[0].mask = DATUM_MAX; - chain[0].datum = abs(sys) % 200; - chain[0].valid = 1; - *syscall = __x86_NR_ipc; + rule->args[0].arg = 0; + rule->args[0].op = SCMP_CMP_EQ; + rule->args[0].mask = DATUM_MAX; + rule->args[0].datum = abs(sys) % 200; + rule->args[0].valid = 1; + rule->syscall = __x86_NR_ipc; } else if (sys < 0) return -EDOM; |