syscall_filter: Fix whitespace handling.
Typos of the form "syscallname :1" were triggering compilation
failures. Fix by stripping |syscall_name| before looking up the
syscall.
Bug: 37753889
Test: New unit test.
Change-Id: I653b8f1f9995a5269129ccca330a3ea2e7245722
diff --git a/syscall_filter.c b/syscall_filter.c
index 9a66d17..5a3ef21 100644
--- a/syscall_filter.c
+++ b/syscall_filter.c
@@ -550,6 +550,7 @@
goto free_line;
}
+ syscall_name = strip(syscall_name);
int nr = lookup_syscall(syscall_name);
if (nr < 0) {
warn("compile_file: nonexistent syscall '%s'",
diff --git a/syscall_filter_unittest.cc b/syscall_filter_unittest.cc
index 85c8a55..12389f8 100644
--- a/syscall_filter_unittest.cc
+++ b/syscall_filter_unittest.cc
@@ -1169,6 +1169,24 @@
free(actual.filter);
}
+TEST(FilterTest, misplaced_whitespace) {
+ struct sock_fprog actual;
+ const char *policy = "open :1\n";
+
+ FILE *policy_file = write_policy_to_pipe(policy, strlen(policy));
+ ASSERT_NE(policy_file, nullptr);
+
+ int res = compile_filter(policy_file, &actual, USE_RET_KILL, NO_LOGGING);
+ fclose(policy_file);
+
+ /* Checks return value and filter length. */
+ ASSERT_EQ(res, 0);
+ EXPECT_EQ(actual.len,
+ ARCH_VALIDATION_LEN + 1 /* load syscall nr */ + ALLOW_SYSCALL_LEN +
+ 1 /* ret kill */);
+ free(actual.filter);
+}
+
TEST(FilterTest, missing_atom) {
struct sock_fprog actual;
const char* policy = "open:\n";
