Add syscall filter BPF program generator.
BUG=chromium-os:25429
BUG=chromium-os:27878
TEST=syscall_filter_unittest
Change-Id: I3a4334a3c568178e19b18e7f3ed97517b03afd1b
Reviewed-on: https://gerrit.chromium.org/gerrit/18914
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
diff --git a/Makefile b/Makefile
index eb94b86..7723c12 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
+# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
@@ -9,7 +9,7 @@
all : minijail0 libminijail.so libminijailpreload.so
-tests : libminijail_unittest.wrapper
+tests : libminijail_unittest.wrapper syscall_filter_unittest
minijail0 : libsyscalls.gen.o libminijail.o minijail0.c
$(CC) $(CFLAGS) -o $@ $^ -lcap
@@ -37,6 +37,17 @@
libsyscalls.gen.o : libsyscalls.gen.c libsyscalls.h
+syscall_filter_unittest : syscall_filter_unittest.o syscall_filter.o bpf.o \
+ test_harness.h
+ $(CC) $(CFLAGS) -o $@ $^
+
+syscall_filter_unittest.o : syscall_filter_unittest.c test_harness.h
+ $(CC) $(CFLAGS) -c -o $@ $<
+
+syscall_filter.o : syscall_filter.c
+
+bpf.o : bpf.c
+
# sed expression which extracts system calls that are
# defined via asm/unistd.h. It converts them from:
# #define __NR_read
@@ -85,3 +96,5 @@
@rm -f libminijail.so
@rm -f libminijail_unittest
@rm -f libsyscalls.gen.c
+ @rm -f syscall_filter.o bpf.o
+ @rm -f syscall_filter_unittest syscall_filter_unittest.o