summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>2002-06-05 16:09:21 +0000
committerNiels Provos <provos@cvs.openbsd.org>2002-06-05 16:09:21 +0000
commit77d313c8754158ee248701c5ff4bfc45e4cd1a99 (patch)
treea2edf076a790ee7ed203d5ca2e6aba0c503837b2
parentf7a3988cc804a04caf1ca135c8eab792edb05667 (diff)
inpath logic, for example, filename inpath "$CWD"
-rw-r--r--bin/systrace/filter.c31
-rw-r--r--bin/systrace/lex.l1
-rw-r--r--bin/systrace/parse.y13
3 files changed, 43 insertions, 2 deletions
diff --git a/bin/systrace/filter.c b/bin/systrace/filter.c
index 7a005211105..6dbfe3ed65c 100644
--- a/bin/systrace/filter.c
+++ b/bin/systrace/filter.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: filter.c,v 1.4 2002/06/05 15:59:52 provos Exp $ */
+/* $OpenBSD: filter.c,v 1.5 2002/06/05 16:09:20 provos Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@@ -466,6 +466,35 @@ filter_negstringmatch(struct intercept_translate *tl, struct logic *logic)
}
int
+filter_inpath(struct intercept_translate *tl, struct logic *logic)
+{
+ char *line, c;
+ int len;
+
+ if ((line = intercept_translate_print(tl)) == NULL)
+ return (0);
+
+ len = strlen(line);
+ if (len == 0 || len > strlen(logic->filterdata))
+ return (0);
+
+ /* Root is always in path */
+ if (len == 1)
+ return (line[0] == '/');
+
+ /* Complete filename needs to fit */
+ if (strncmp(line, logic->filterdata, len))
+ return (0);
+
+ /* Termination has to be \0 or / */
+ c = ((char *)logic->filterdata)[len];
+ if (c != '/' && c != '\0')
+ return (0);
+
+ return (1);
+}
+
+int
filter_true(struct intercept_translate *tl, struct logic *logic)
{
return (1);
diff --git a/bin/systrace/lex.l b/bin/systrace/lex.l
index b8828f615dc..4ac4e66abb4 100644
--- a/bin/systrace/lex.l
+++ b/bin/systrace/lex.l
@@ -77,6 +77,7 @@ eq { return EQ; }
neq { return NEQ; }
sub { return SUB; }
nsub { return NSUB; }
+inpath { return INPATH; }
true { return TRUE; }
"->" { return THEN; }
\( { return LBRACE; }
diff --git a/bin/systrace/parse.y b/bin/systrace/parse.y
index 8391b675407..9c55f398147 100644
--- a/bin/systrace/parse.y
+++ b/bin/systrace/parse.y
@@ -50,6 +50,7 @@ int filter_stringmatch(struct intercept_translate *, struct logic *);
int filter_negstringmatch(struct intercept_translate *, struct logic *);
int filter_substrmatch(struct intercept_translate *, struct logic *);
int filter_negsubstrmatch(struct intercept_translate *, struct logic *);
+int filter_inpath(struct intercept_translate *, struct logic *);
int filter_true(struct intercept_translate *, struct logic *);
struct logic *parse_newsymbol(char *, int, char *);
@@ -63,7 +64,7 @@ struct filter *myfilter;
%}
%token AND OR NOT LBRACE RBRACE LSQBRACE RSQBRACE THEN MATCH PERMIT DENY
-%token EQ NEQ TRUE SUB NSUB
+%token EQ NEQ TRUE SUB NSUB INPATH
%token <string> STRING
%token <string> CMDSTRING
%token <number> NUMBER
@@ -226,6 +227,16 @@ symbol : STRING typeoff MATCH CMDSTRING
node->filter_match = filter_negsubstrmatch;
$$ = node;
}
+ | STRING typeoff INPATH CMDSTRING
+{
+ struct logic *node;
+
+ if ((node = parse_newsymbol($1, $2, $4)) == NULL)
+ break;
+
+ node->filter_match = filter_inpath;
+ $$ = node;
+}
| TRUE
{
struct logic *node;