syscall_filter: Implement flag set inclusion. When filtering syscalls that take flags as an argument, we usually want to allow a small set of "safe" flags. This is hard to express with the current language. Implement this by adding a "flag set inclusion" mode using the 'in' keyword. This works by allowing the syscall as long as the passed flags, when viewed as a set, are included in the set of flags described by the policy. Also, clang-format all of bpf.c. Bug: 31997910 Test: syscall_filter_unittest Change-Id: I121af56b176bd3260904d367fd92d47a16bb3dcb

commit: fd6f8e31caec28bdd127eb97e2c2111cfcbac447 [log] [tgz]
author: Jorge Lucangeli Obes <jorgelo@google.com> Wed Oct 12 11:19:28 2016 -0400
committer: Jorge Lucangeli Obes <jorgelo@google.com> Wed Oct 12 15:17:26 2016 -0400
tree: ea5c1b0ba49ccca1528ef4a4e9d0be0ec9457264
parent: 8cc9d4adccb73c0ece2baf52bcce757628a6bc52 [diff] [blame]
diff --git a/util.c b/util.c
index b242c71..f0dc23d 100644
--- a/util.c
+++ b/util.c

@@ -108,7 +108,7 @@
 	 * Try to parse constants separated by pipes.  Note that since
 	 * |constant_str| is an atom, there can be no spaces between the
 	 * constant and the pipe.  Constants can be either a named constant
-	 * defined in libconstants.gen.c or a number parsed with strtol.
+	 * defined in libconstants.gen.c or a number parsed with strtol(3).
 	 *
 	 * If there is an error parsing any of the constants, the whole process
 	 * fails.
commit	fd6f8e31caec28bdd127eb97e2c2111cfcbac447	[log] [tgz]
author	Jorge Lucangeli Obes <jorgelo@google.com>	Wed Oct 12 11:19:28 2016 -0400
committer	Jorge Lucangeli Obes <jorgelo@google.com>	Wed Oct 12 15:17:26 2016 -0400
tree	ea5c1b0ba49ccca1528ef4a4e9d0be0ec9457264
parent	8cc9d4adccb73c0ece2baf52bcce757628a6bc52 [diff] [blame]