summaryrefslogtreecommitdiff
path: root/bin/systrace/policy.c
diff options
context:
space:
mode:
authorJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2002-09-17 05:10:59 +0000
committerJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2002-09-17 05:10:59 +0000
commitcc36405f9a04afabb74834583ee1b5187965a3ed (patch)
tree7e17b80a3282c25168d771f8daaee86db1866fbe /bin/systrace/policy.c
parentbb60d56d116e8e80594e340bdf8f93385d831783 (diff)
split white space and single line policy processing into separate
functions. from provos
Diffstat (limited to 'bin/systrace/policy.c')
-rw-r--r--bin/systrace/policy.c182
1 files changed, 109 insertions, 73 deletions
diff --git a/bin/systrace/policy.c b/bin/systrace/policy.c
index 1b846c80d7b..8fb71897fed 100644
--- a/bin/systrace/policy.c
+++ b/bin/systrace/policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: policy.c,v 1.18 2002/09/16 04:34:46 itojun Exp $ */
+/* $OpenBSD: policy.c,v 1.19 2002/09/17 05:10:58 itojun Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@@ -50,9 +50,13 @@ static int psccompare(struct policy_syscall *, struct policy_syscall *);
static int policycompare(struct policy *, struct policy *);
static int polnrcompare(struct policy *, struct policy *);
static char *systrace_policyfilename(char *, const char *);
+static char *systrace_policyline(char *line);
+static int systrace_policyprocess(struct policy *, char *);
static int systrace_predicatematch(char *);
static int systrace_writepolicy(struct policy *);
+int systrace_templatedir(void);
+
static int
psccompare(struct policy_syscall *a, struct policy_syscall *b)
{
@@ -372,16 +376,113 @@ systrace_predicatematch(char *p)
return (res);
}
+/* Removes trailing whitespace and comments from the input line */
+
+static char *
+systrace_policyline(char *line)
+{
+ char *p;
+
+ if ((p = strchr(line, '\n')) == NULL)
+ return (NULL);
+ *p = '\0';
+
+ /* Remove comments from the input line */
+ p = strchr(line, '#');
+ if (p != NULL) {
+ if (p != line && *(p-1) == '-')
+ p = strchr(p + 1, '#');
+ if (p != NULL)
+ *p = '\0';
+ }
+
+ /* Remove trailing white space */
+ p = line + strlen(line) - 1;
+ while (p > line) {
+ if (!isspace(*p))
+ break;
+ *p-- = '\0';
+ }
+
+ /* Ignore white space at start of line */
+ p = line;
+ p += strspn(p, " \t");
+
+ return (p);
+}
+
+/*
+ * Parse a single line from a policy and convert it into a policy filter.
+ * Predicates are matched.
+ */
+
+static int
+systrace_policyprocess(struct policy *policy, char *p)
+{
+ char *name, *emulation, *rule;
+ struct filter *filter, *parsed;
+ short action, future;
+
+ emulation = strsep(&p, "-");
+ if (p == NULL || *p == '\0')
+ return (-1);
+
+ if (strcmp(emulation, policy->emulation))
+ return (-1);
+
+ name = strsep(&p, ":");
+ if (p == NULL || *p != ' ')
+ return (-1);
+ p++;
+ rule = p;
+
+ if ((p = strrchr(p, ',')) != NULL && !strncasecmp(p, ", if", 4)) {
+ int match;
+
+ *p = '\0';
+
+ /* Process predicates */
+ p += 4;
+ p += strspn(p, " \t");
+
+ match = systrace_predicatematch(p);
+ if (match == -1)
+ return (-1);
+ /* If the predicate does not match skip rule */
+ if (!match)
+ return (0);
+ }
+
+ if (filter_parse_simple(rule, &action, &future) == -1) {
+ if (parse_filter(rule, &parsed) == -1)
+ return (-1);
+ filter_free(parsed);
+ }
+
+ filter = calloc(1, sizeof(struct filter));
+ if (filter == NULL)
+ err(1, "%s:%d: calloc", __func__, __LINE__);
+
+ filter->rule = strdup(rule);
+ if (filter->rule == NULL)
+ err(1, "%s:%d: strdup", __func__, __LINE__);
+
+ strlcpy(filter->name, name, sizeof(filter->name));
+ strlcpy(filter->emulation, emulation, sizeof(filter->emulation));
+
+ TAILQ_INSERT_TAIL(&policy->prefilters, filter, policy_next);
+
+ return (0);
+}
+
int
systrace_readpolicy(char *filename)
{
FILE *fp;
struct policy *policy;
char line[_POSIX2_LINE_MAX], *p;
+ char *emulation, *name;
int linenumber = 0;
- char *name, *emulation, *rule;
- struct filter *filter, *parsed;
- short action, future;
int res = -1;
if ((fp = fopen(filename, "r")) == NULL)
@@ -390,30 +491,13 @@ systrace_readpolicy(char *filename)
policy = NULL;
while (fgets(line, sizeof(line), fp)) {
linenumber++;
- if ((p = strchr(line, '\n')) == NULL) {
+
+ if ((p = systrace_policyline(line)) == NULL) {
fprintf(stderr, "%s:%d: input line too long.\n",
filename, linenumber);
goto out;
}
- *p = '\0';
-
- p = strchr(line, '#');
- if (p != NULL) {
- if (p != line && *(p-1) == '-')
- p = strchr(p + 1, '#');
- if (p != NULL)
- *p = '\0';
- }
- p = line + strlen(line) - 1;
- while (p > line) {
- if (!isspace(*p))
- break;
- *p-- = '\0';
- }
-
- p = line;
- p += strspn(p, " \t");
if (strlen(p) == 0)
continue;
@@ -442,55 +526,8 @@ systrace_readpolicy(char *filename)
continue;
}
- emulation = strsep(&p, "-");
- if (p == NULL || *p == '\0')
+ if (systrace_policyprocess(policy, p) == -1)
goto error;
-
- if (strcmp(emulation, policy->emulation))
- goto error;
-
- name = strsep(&p, ":");
- if (p == NULL || *p != ' ')
- goto error;
- p++;
- rule = p;
-
- if ((p = strrchr(p, ',')) != NULL &&
- !strncasecmp(p, ", if", 4)) {
- int match;
-
- *p = '\0';
-
- /* Process predicates */
- p += 4;
- p += strspn(p, " \t");
-
- match = systrace_predicatematch(p);
- if (match == -1)
- goto error;
- /* If the predicate does not match skip rule */
- if (!match)
- continue;
- }
-
- if (filter_parse_simple(rule, &action, &future) == -1) {
- if (parse_filter(rule, &parsed) == -1)
- goto error;
- filter_free(parsed);
- }
-
- filter = calloc(1, sizeof(struct filter));
- if (filter == NULL)
- err(1, "%s:%d: calloc", __func__, __LINE__);
-
- filter->rule = strdup(rule);
- if (filter->rule == NULL)
- err(1, "%s:%d: strdup", __func__, __LINE__);
-
- strlcpy(filter->name, name, sizeof(filter->name));
- strlcpy(filter->emulation,emulation,sizeof(filter->emulation));
-
- TAILQ_INSERT_TAIL(&policy->prefilters, filter, policy_next);
}
res = 0;
@@ -499,8 +536,7 @@ systrace_readpolicy(char *filename)
return (res);
error:
- fprintf(stderr, "%s:%d: syntax error.\n",
- filename, linenumber);
+ fprintf(stderr, "%s:%d: syntax error.\n", filename, linenumber);
goto out;
}