Minijail: extract utility functions.
Extract utility functions and add them, together with logging,
to a separate util.(c|h) file.
BUG=chromium-os:33361
TEST=unit tests
TEST=security_Minijail0, security_Minijail_seccomp, platform_CrosDisksArchive.
Change-Id: Ied436a7b27f14ef87198b7bf007634b28cbbd480
Reviewed-on: https://gerrit.chromium.org/gerrit/29492
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
diff --git a/Makefile b/Makefile
index c81f876..ea7f8b1 100644
--- a/Makefile
+++ b/Makefile
@@ -11,10 +11,11 @@
tests : libminijail_unittest.wrapper syscall_filter_unittest
-minijail0 : libsyscalls.gen.o libminijail.o syscall_filter.o bpf.o minijail0.c
+minijail0 : libsyscalls.gen.o libminijail.o syscall_filter.o bpf.o util.o \
+ minijail0.c
$(CC) $(CFLAGS) -o $@ $^ -lcap
-libminijail.so : libminijail.o syscall_filter.o bpf.o libsyscalls.gen.o
+libminijail.so : libminijail.o syscall_filter.o bpf.o util.o libsyscalls.gen.o
$(CC) $(CFLAGS) -shared -o $@ $^ -lcap
# Allow unittests to access what are normally internal symbols.
@@ -25,11 +26,11 @@
libminijail_unittest : CFLAGS := $(filter-out -fvisibility=%,$(CFLAGS))
libminijail_unittest : libminijail_unittest.o libminijail.o \
- syscall_filter.o bpf.o libsyscalls.gen.o
+ syscall_filter.o bpf.o util.o libsyscalls.gen.o
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(filter-out $(CFLAGS_FILE),$^) -lcap
libminijailpreload.so : libminijailpreload.c libminijail.o libsyscalls.gen.o \
- syscall_filter.o bpf.o
+ syscall_filter.o bpf.o util.o
$(CC) $(CFLAGS) -shared -o $@ $^ -ldl -lcap
libminijail.o : libminijail.c libminijail.h
@@ -39,8 +40,8 @@
libsyscalls.gen.o : libsyscalls.gen.c libsyscalls.h
-syscall_filter_unittest : syscall_filter_unittest.o syscall_filter.o bpf.o \
- libsyscalls.gen.o test_harness.h
+syscall_filter_unittest : syscall_filter_unittest.o syscall_filter.o \
+ bpf.o util.o libsyscalls.gen.o test_harness.h
$(CC) $(CFLAGS) -o $@ $^
syscall_filter_unittest.o : syscall_filter_unittest.c test_harness.h
@@ -50,6 +51,8 @@
bpf.o : bpf.c bpf.h
+util.o : util.c util.h
+
# sed expression which extracts system calls that are
# defined via asm/unistd.h. It converts them from:
# #define __NR_read
@@ -98,5 +101,5 @@
@rm -f libminijail.so
@rm -f libminijail_unittest
@rm -f libsyscalls.gen.c
- @rm -f syscall_filter.o bpf.o
+ @rm -f syscall_filter.o bpf.o util.o
@rm -f syscall_filter_unittest syscall_filter_unittest.o
diff --git a/libminijail.c b/libminijail.c
index 13434f6..2c3d5b3 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -33,11 +33,10 @@
#include <unistd.h>
#include "libminijail.h"
-#include "libsyscalls.h"
#include "libminijail-private.h"
-#include "logging.h"
#include "syscall_filter.h"
+#include "util.h"
/* Until these are reliably available in linux/prctl.h */
#ifndef PR_SET_SECCOMP
diff --git a/libminijail.h b/libminijail.h
index c756141..13f9ab4 100644
--- a/libminijail.h
+++ b/libminijail.h
@@ -80,13 +80,6 @@
int minijail_bind(struct minijail *j, const char *src, const char *dest,
int writeable);
-/* Exposes minijail's name-to-int mapping for system calls for the
- * architecture it was built on. This is primarily exposed for
- * minijail_add_seccomp_filter() and testing.
- * Returns the system call number on success or -1 on failure.
- */
-int minijail_lookup_syscall(const char *name);
-
/* Lock this process into the given minijail. Note that this procedure cannot fail,
* since there is no way to undo privilege-dropping; therefore, if any part of
* the privilege-drop fails, minijail_enter() will abort the entire process.
diff --git a/logging.h b/logging.h
deleted file mode 100644
index a8aa284..0000000
--- a/logging.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-#ifndef _LOGGING_H_
-#define _LOGGING_H_
-
-#include <stdlib.h>
-#include <syslog.h>
-
-#define die(_msg, ...) do { \
- syslog(LOG_ERR, "libminijail: " _msg, ## __VA_ARGS__); \
- abort(); \
-} while (0)
-
-#define pdie(_msg, ...) \
- die(_msg ": %s", ## __VA_ARGS__, strerror(errno))
-
-#define warn(_msg, ...) \
- syslog(LOG_WARNING, "libminijail: " _msg, ## __VA_ARGS__)
-
-#define info(_msg, ...) \
- syslog(LOG_INFO, "libminijail: " _msg, ## __VA_ARGS__)
-
-#endif /* _LOGGING_H_ */
diff --git a/syscall_filter.c b/syscall_filter.c
index c075d66..e96ad60 100644
--- a/syscall_filter.c
+++ b/syscall_filter.c
@@ -1,22 +1,19 @@
-/* parser.c
- * Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
- *
- * Syscall filter syntax parser.
*/
-#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "syscall_filter.h"
-#include "libsyscalls.h"
-#include "logging.h"
+#include "util.h"
#define MAX_LINE_LENGTH 1024
+#define ONE_INSTR 1
+#define TWO_INSTRS 2
int str_to_op(const char *op_str)
{
@@ -29,9 +26,6 @@
}
}
-#define ONE_INSTR 1
-#define TWO_INSTRS 2
-
struct sock_filter *new_instr_buf(size_t count)
{
struct sock_filter *buf = calloc(count, sizeof(struct sock_filter));
@@ -317,27 +311,6 @@
return head;
}
-int lookup_syscall(const char *name)
-{
- const struct syscall_entry *entry = syscall_table;
- for (; entry->name && entry->nr >= 0; ++entry)
- if (!strcmp(entry->name, name))
- return entry->nr;
- return -1;
-}
-
-char *strip(char *s)
-{
- char *end;
- while (*s && isblank(*s))
- s++;
- end = s + strlen(s) - 1;
- while (end >= s && *end && (isblank(*end) || *end == '\n'))
- end--;
- *(end + 1) = '\0';
- return s;
-}
-
int compile_filter(FILE *policy, struct sock_fprog *prog)
{
char line[MAX_LINE_LENGTH];
diff --git a/util.c b/util.c
new file mode 100644
index 0000000..ea3c722
--- /dev/null
+++ b/util.c
@@ -0,0 +1,41 @@
+/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include <ctype.h>
+#include <string.h>
+
+#include "util.h"
+
+#include "libsyscalls.h"
+
+int lookup_syscall(const char *name)
+{
+ const struct syscall_entry *entry = syscall_table;
+ for (; entry->name && entry->nr >= 0; ++entry)
+ if (!strcmp(entry->name, name))
+ return entry->nr;
+ return -1;
+}
+
+const char *lookup_syscall_name(int nr)
+{
+ const struct syscall_entry *entry = syscall_table;
+ for (; entry->name && entry->nr >= 0; ++entry)
+ if (entry->nr == nr)
+ return entry->name;
+ return NULL;
+}
+
+char *strip(char *s)
+{
+ char *end;
+ while (*s && isblank(*s))
+ s++;
+ end = s + strlen(s) - 1;
+ while (end >= s && *end && (isblank(*end) || *end == '\n'))
+ end--;
+ *(end + 1) = '\0';
+ return s;
+}
diff --git a/util.h b/util.h
new file mode 100644
index 0000000..8f0fa7b
--- /dev/null
+++ b/util.h
@@ -0,0 +1,33 @@
+/* util.h
+ * Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Logging and other utility functions.
+ */
+
+#ifndef _UTIL_H_
+#define _UTIL_H_
+
+#include <stdlib.h>
+#include <syslog.h>
+
+#define die(_msg, ...) do { \
+ syslog(LOG_ERR, "libminijail: " _msg, ## __VA_ARGS__); \
+ abort(); \
+} while (0)
+
+#define pdie(_msg, ...) \
+ die(_msg ": %s", ## __VA_ARGS__, strerror(errno))
+
+#define warn(_msg, ...) \
+ syslog(LOG_WARNING, "libminijail: " _msg, ## __VA_ARGS__)
+
+#define info(_msg, ...) \
+ syslog(LOG_INFO, "libminijail: " _msg, ## __VA_ARGS__)
+
+int lookup_syscall(const char *name);
+const char *lookup_syscall_name(int nr);
+char *strip(char *s);
+
+#endif /* _UTIL_H_ */