Log syscall failures due to blocked syscall arguments.
Currently, when logging is enabled, only failures due to blocked
syscalls are logged.
Bug: 28795233
Test: syscall_filter_unittest.c (logging tests for argfilter).
Change-Id: I32c026dc7f5a8ae424cf6c39ee4cf6d043a1fb9c
diff --git a/syscall_filter.c b/syscall_filter.c
index 0857f4b..3fcbe4f 100644
--- a/syscall_filter.c
+++ b/syscall_filter.c
@@ -229,7 +229,8 @@
return 0;
}
-int compile_errno(struct filter_block *head, char *ret_errno)
+int compile_errno(struct filter_block *head, char *ret_errno,
+ int log_failures)
{
char *errno_ptr;
@@ -249,14 +250,18 @@
append_ret_errno(head, errno_val);
} else {
- append_ret_kill(head);
+ if (!log_failures)
+ append_ret_kill(head);
+ else
+ append_ret_trap(head);
}
return 0;
}
struct filter_block *compile_section(int nr, const char *policy_line,
unsigned int entry_lbl_id,
- struct bpf_labels *labels)
+ struct bpf_labels *labels,
+ int log_failures)
{
/*
* |policy_line| should be an expression of the form:
@@ -318,7 +323,7 @@
/* Checks whether we're unconditionally blocking this syscall. */
if (strncmp(line, "return", strlen("return")) == 0) {
- if (compile_errno(head, line) < 0)
+ if (compile_errno(head, line, log_failures) < 0)
return NULL;
free(line);
return head;
@@ -366,10 +371,13 @@
* otherwise just kill the task.
*/
if (ret_errno) {
- if (compile_errno(head, ret_errno) < 0)
+ if (compile_errno(head, ret_errno, log_failures) < 0)
return NULL;
} else {
- append_ret_kill(head);
+ if (!log_failures)
+ append_ret_kill(head);
+ else
+ append_ret_trap(head);
}
/*
@@ -480,7 +488,8 @@
/* Build the arg filter block. */
struct filter_block *block =
- compile_section(nr, policy_line, id, &labels);
+ compile_section(nr, policy_line, id, &labels,
+ log_failures);
if (!block)
return -1;