Google Git
Sign in
android / platform / external / minijail / fd6f8e31caec28bdd127eb97e2c2111cfcbac447
commitfd6f8e31caec28bdd127eb97e2c2111cfcbac447[log] [tgz]
authorJorge Lucangeli Obes <jorgelo@google.com>Wed Oct 12 11:19:28 2016 -0400
committerJorge Lucangeli Obes <jorgelo@google.com>Wed Oct 12 15:17:26 2016 -0400
treeea5c1b0ba49ccca1528ef4a4e9d0be0ec9457264
parent8cc9d4adccb73c0ece2baf52bcce757628a6bc52 [diff]
syscall_filter: Implement flag set inclusion.

When filtering syscalls that take flags as an argument, we usually want
to allow a small set of "safe" flags. This is hard to express with the
current language.

Implement this by adding a "flag set inclusion" mode using the 'in'
keyword. This works by allowing the syscall as long as the passed
flags, when viewed as a set, are included in the set of flags described
by the policy.

Also, clang-format all of bpf.c.

Bug: 31997910
Test: syscall_filter_unittest
Change-Id: I121af56b176bd3260904d367fd92d47a16bb3dcb
6 files changed
tree: ea5c1b0ba49ccca1528ef4a4e9d0be0ec9457264
  1. examples/
  2. linux-x86/
  3. test/
  4. tools/
  5. .clang-format
  6. .gitignore
  7. Android.mk
  8. arch.h
  9. bpf.c
  10. bpf.h
  11. common.mk
  12. CPPLINT.cfg
  13. elfparse.c
  14. elfparse.h
  15. gen_constants.sh
  16. gen_syscalls.sh
  17. libconstants.h
  18. libminijail-private.h
  19. libminijail.c
  20. libminijail.h
  21. libminijail.pc.in
  22. libminijail_unittest.c
  23. libminijail_unittest.cpp
  24. libminijailpreload.c
  25. libsyscalls.h
  26. Makefile
  27. minijail0.1
  28. minijail0.5
  29. minijail0.c
  30. MODULE_LICENSE_BSD
  31. NOTICE
  32. OWNERS
  33. parse_seccomp_policy.cc
  34. platform2_preinstall.sh
  35. PRESUBMIT.cfg
  36. scoped_minijail.h
  37. signal_handler.c
  38. signal_handler.h
  39. syscall_filter.c
  40. syscall_filter.h
  41. syscall_filter_unittest.c
  42. syscall_filter_unittest.cpp
  43. syscall_filter_unittest_macros.h
  44. syscall_wrapper.c
  45. syscall_wrapper.h
  46. test_harness.h
  47. util.c
  48. util.h