Diff - d4467260de60d23ca7d2d506517caf71ef90984d^! - platform/external/minijail

commit	d4467260de60d23ca7d2d506517caf71ef90984d	[log] [tgz]
author	Jorge Lucangeli Obes <jorgelo@chromium.org>	Fri Mar 23 16:19:59 2012 -0700
committer	Gerrit <chrome-bot@google.com>	Sun Apr 29 13:24:36 2012 -0700
tree	50a0cc4bdf79c30b6e87489435a26b4c5f26af0e
parent	edb1d8e226853d56894234648601ce32d2a6e4cf [diff] [blame]

Add full seccomp BPF filter generation.

This CL uses the mechanism to generate filter sections from
policy strings and builds a complete filter by first
validating the arch and loading the syscall number, then
checking against all syscalls listed in the policy file, and
executing the argument filters if necessary.

BUG=chromium-os:25429
BUG=chromium-os:27878
TEST=syscall_filter_unittest
CQ-DEPEND=I3a4334a3c568178e19b18e7f3ed97517b03afd1b

Change-Id: I13a9b22ac8d55f02d5a77b5beedb955386b63723
Reviewed-on: https://gerrit.chromium.org/gerrit/19007
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>

diff --git a/test/invalid_syscall_name.policy b/test/invalid_syscall_name.policy
new file mode 100644
index 0000000..3e6d403
--- /dev/null
+++ b/test/invalid_syscall_name.policy

@@ -0,0 +1 @@
+notasyscall: 1