minijail: Check for repeat syscall definitions Add an option that allows for checking for duplicate syscall definitions. Add as a compile-time option and filter_option. If this option is on: Maintain a data structure throughout seccomp policy syscall filter parsing that keeps track of syscalls that have already been encountered and where they were defined. Use this structure to tell when there are duplicate syscall policy definitions and warn the user. Write a unit test that checks that compile_file will return -1 if there is a repeat syscall policy definition. Also change existing tests to reflect this behavior. Bug: None TEST=built and ran unit tests Change-Id: I3f5da9f926006dc7498d4a6510dda5aa5aedd1a3

commit: bcc8cfd29efa4bce53e539a4f3fe55e49be70eab [log] [tgz]
author: Nicole Anderson-Au <nvaa@google.com> Tue Nov 10 20:33:27 2020 +0000
committer: Treehugger Robot <treehugger-gerrit@google.com> Wed Nov 11 13:24:48 2020 +0000
tree: 8fc8e009012cb5582a620940e774efa79f6cc653
parent: d23ad7927113a86d4b023e18660aabe9697c4a71 [diff] [blame]
diff --git a/Makefile b/Makefile
index a7c4357..ce240a7 100644
--- a/Makefile
+++ b/Makefile

@@ -37,6 +37,11 @@
 CPPFLAGS += -DUSE_EXIT_ON_DIE
 endif
 
+# Setting this flag allows duplicate syscalls definitions for seccomp filters.
+ifeq ($(ALLOW_DUPLICATE_SYSCALLS),yes)
+CPPFLAGS += -DALLOW_DUPLICATE_SYSCALLS
+endif
+
 MJ_COMMON_FLAGS = -Wunused-parameter -Wextra -Wno-missing-field-initializers
 CFLAGS += $(MJ_COMMON_FLAGS)
 CXXFLAGS += $(MJ_COMMON_FLAGS)
commit	bcc8cfd29efa4bce53e539a4f3fe55e49be70eab	[log] [tgz]
author	Nicole Anderson-Au <nvaa@google.com>	Tue Nov 10 20:33:27 2020 +0000
committer	Treehugger Robot <treehugger-gerrit@google.com>	Wed Nov 11 13:24:48 2020 +0000
tree	8fc8e009012cb5582a620940e774efa79f6cc653
parent	d23ad7927113a86d4b023e18660aabe9697c4a71 [diff] [blame]