diff options
| author | Niels Provos <provos@cvs.openbsd.org> | 2002-07-09 15:22:28 +0000 |
|---|---|---|
| committer | Niels Provos <provos@cvs.openbsd.org> | 2002-07-09 15:22:28 +0000 |
| commit | a130bc95bf8f7bf341fce48bb49ae75d32acdc38 (patch) | |
| tree | 73e20d2459d45f601c39ee4160ebc062076a0774 /bin/systrace/filter.c | |
| parent | 4fd5221df774f98cc0ecff162ebc6476cd362c21 (diff) | |
support for system call aliasing. stat/fstat/readlink/access etc... gets
grouped into fsread, unlink/rmdir/mkdir goes to fswrite. open switches
back between fsread and fswrite depending on oflags parameter.
Diffstat (limited to 'bin/systrace/filter.c')
| -rw-r--r-- | bin/systrace/filter.c | 38 |
1 files changed, 32 insertions, 6 deletions
diff --git a/bin/systrace/filter.c b/bin/systrace/filter.c index d45af898ff2..1f9743b9938 100644 --- a/bin/systrace/filter.c +++ b/bin/systrace/filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filter.c,v 1.13 2002/06/19 16:31:07 provos Exp $ */ +/* $OpenBSD: filter.c,v 1.14 2002/07/09 15:22:27 provos Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -46,6 +46,7 @@ #include "systrace.h" extern int allow; +extern int noalias; extern int connected; extern char cwd[]; @@ -256,6 +257,34 @@ filter_parse_simple(char *rule, short *paction, short *pfuture) return (NULL); } +void +filter_modifypolicy(int fd, int policynr, char *emulation, char *name, + short future) +{ + struct systrace_revalias *reverse = NULL; + + if (!noalias) + reverse = systrace_find_reverse(emulation, name); + if (reverse == NULL) { + if (systrace_modifypolicy(fd, policynr, name, future) == -1) + errx(1, "%s:%d: modify policy for %s-%s", + __func__, __LINE__, emulation, name); + } else { + struct systrace_alias *alias; + + /* For every system call associated with this alias + * set the permanent in-kernel policy. + */ + TAILQ_FOREACH(alias, &reverse->revl, next) { + if(systrace_modifypolicy(fd, policynr, + alias->name, future) == -1) + errx(1, "%s:%d: modify policy for %s-%s", + __func__, __LINE__, + emulation, alias->name); + } + } +} + int filter_prepolicy(int fd, struct policy *policy) { @@ -285,11 +314,8 @@ filter_prepolicy(int fd, struct policy *policy) filter->name); TAILQ_INSERT_TAIL(fls, parsed, next); } else { - res = systrace_modifypolicy(fd, policy->policynr, - filter->name, future); - if (res == -1) - errx(1, "%s:%d: modify policy for \"%s\"", - __func__, __LINE__, filter->rule); + filter_modifypolicy(fd, policy->policynr, + policy->emulation, filter->name, future); } filter_policyrecord(policy, parsed, policy->emulation, filter->name, filter->rule); |