minijail: Add named constants for seccomp filters
This makes it possible to write filters using named constants (like
ENOSYS instead of 38).
BUG=chromium:516701
TEST=syscall_filter_unittest passes.
Change-Id: Ic44cbdfb6f2228f6f658b1cc48adf5a923394306
Reviewed-on: https://chromium-review.googlesource.com/290540
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Trybot-Ready: Luis Hector Chavez <lhchavez@google.com>
Tested-by: Luis Hector Chavez <lhchavez@google.com>
Commit-Queue: Luis Hector Chavez <lhchavez@google.com>
diff --git a/syscall_filter.c b/syscall_filter.c
index 9ea5dca..3335a07 100644
--- a/syscall_filter.c
+++ b/syscall_filter.c
@@ -182,7 +182,11 @@
if (argidx_ptr == argidx_str + 3)
return -1;
- long int c = strtol(constant_str, NULL, 0);
+ char *constant_str_ptr;
+ long int c = parse_constant(constant_str, &constant_str_ptr);
+ if (constant_str_ptr == constant_str)
+ return -1;
+
/*
* Looks up the label for the end of the AND statement
* this atom belongs to.
@@ -220,10 +224,9 @@
if (errno_val_str) {
char *errno_val_ptr;
- int errno_val = strtol(
- errno_val_str, &errno_val_ptr, 0);
+ int errno_val = parse_constant(errno_val_str, &errno_val_ptr);
/* Checks to see if we parsed an actual errno. */
- if (errno_val_ptr == errno_val_str)
+ if (errno_val_ptr == errno_val_str || errno_val == -1)
return -1;
append_ret_errno(head, errno_val);