Cross Reference: /external/minijail/bpf.c

History log of /external/minijail/bpf.c
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
45932a51abc18f3daddba7776fcfe7d3517da68c	15-Mar-2017	Jorge Lucangeli Obes <jorgelo@google.com>	syscall_filter: Refactor 'compile_file' out of 'compile_filter'. The new in-process crash dumping on Android could use functionality to include policy files in other policy files. The use case would be to add a short section of syscalls required for crash dumping to processes already using syscall filtering. The first step to do this is to extract the functionality that parses an individual file to a separate function, so that it can be called multiple times. Implementation of the include directive will be done in a follow-up CL. Bug: 36007996 Test: New unit tests, but no change in functionality. Change-Id: I4097513bf11c23af67b6741fceb5c7abe360396e /external/minijail/bpf.c
fd6f8e31caec28bdd127eb97e2c2111cfcbac447	12-Oct-2016	Jorge Lucangeli Obes <jorgelo@google.com>	syscall_filter: Implement flag set inclusion. When filtering syscalls that take flags as an argument, we usually want to allow a small set of "safe" flags. This is hard to express with the current language. Implement this by adding a "flag set inclusion" mode using the 'in' keyword. This works by allowing the syscall as long as the passed flags, when viewed as a set, are included in the set of flags described by the policy. Also, clang-format all of bpf.c. Bug: 31997910 Test: syscall_filter_unittest Change-Id: I121af56b176bd3260904d367fd92d47a16bb3dcb /external/minijail/bpf.c
8cc9d4adccb73c0ece2baf52bcce757628a6bc52	03-Oct-2016	Jorge Lucangeli Obes <jorgelo@google.com>	Fix decreasing loop. As pointed out by rickyz@, we were comparing past the beginning of the array. Also add a bunch of unit tests for the label functionality. Bug: 31955943 Test: syscall_filter_unittest Change-Id: Iece922372c6548aff36cf2f2650e37d2f25eaae7 /external/minijail/bpf.c
f16d6d177fdbf41f6d4389436dbbe5d2b84cd519	30-Sep-2016	Jorge Lucangeli Obes <jorgelo@google.com>	Fix BPF instruction count bug. We were accidentally capping the total number of BPF instructions at 256 when doing label fixup. Also add a simple binary to print a compiled policy. Bug: 31848734 Test: Policy attached to the bug works. Change-Id: I9df058e2f4888289db0219d65ca97851fac515d0 /external/minijail/bpf.c
a67bd6a31668498f3e21af49f64950ef78645515	19-Aug-2016	Jorge Lucangeli Obes <jorgelo@google.com>	Port libminijail unit tests to C++. That way they can be run on Android Platform Continuous Testing, which requires gtest for parsing of test output. Fix one issue in free_label_strings(), which was not setting \|labels->count\| to 0. Also fix some nits in test files. Bug: 30973585 Change-Id: I8bdb414329aab82e2180d412b9ecc128beab7227 /external/minijail/bpf.c
02d0654f088b5de57f49f85c5ec064e6e581c6fc	26-Sep-2013	Yunlian Jiang <yunlian@google.com>	minijail: fix undefined inline function error under clang. In C99 standard. Inline functions only make sense when you put them in a ".h" file. The whole concept is about making the function definition visible to all callers. In this case, the function 'set_bpf_instr' is declared in bpf.h and defined in bpf.c and it is called by functions from libsyscalls.gen.c When compiling libsyscalls.gen.c, it finds the 'set_bpf_instr' is a inline funtions, however, in this compilation unit, it could not find the definition, so the error pops out. BUG=chromium:298450 TEST=FEATURES="test" CC=i686-pc-linux-gnu-clang emerge-x86-generic chromeos-minijail Change-Id: I666386337379c5897bdd3772fed428f284e76661 Reviewed-on: https://chromium-review.googlesource.com/170615 Reviewed-by: Luis Lozano <llozano@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Commit-Queue: Yunlian Jiang <yunlian@chromium.org> Tested-by: Yunlian Jiang <yunlian@chromium.org> /external/minijail/bpf.c
8a56ec283c64512a16e4e19ae6a293ba7f543daf	04-Feb-2013	Jorge Lucangeli Obes <jorgelo@chromium.org>	Fix Minijail x32 compilation. BUG=chromium-os:38539 TEST=./setup_board --board=x32-generic; emerge-x32-generic chromeos-minijail Change-Id: I4ca1c78d583976a6f692a589c5b153101700beee Reviewed-on: https://gerrit.chromium.org/gerrit/42543 Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org> /external/minijail/bpf.c
ffec8919585a3a30e9f8a3551e85cf06fc62cd8a	30-Nov-2012	Jorge Lucangeli Obes <jorgelo@chromium.org>	Add BPF jset instruction support to Minijail. First step is to add support for the actual BPF instruction. Next step is to parse this in the policy files and use the functions introduced by this CL. BUG=chromium-os:36848 TEST=syscall_filter_unittest Change-Id: I172598e63413506f190ae6b4b07ae63e1198f44c Reviewed-on: https://gerrit.chromium.org/gerrit/39018 Reviewed-by: Kees Cook <keescook@chromium.org> Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> /external/minijail/bpf.c
d4467260de60d23ca7d2d506517caf71ef90984d	24-Mar-2012	Jorge Lucangeli Obes <jorgelo@chromium.org>	Add full seccomp BPF filter generation. This CL uses the mechanism to generate filter sections from policy strings and builds a complete filter by first validating the arch and loading the syscall number, then checking against all syscalls listed in the policy file, and executing the argument filters if necessary. BUG=chromium-os:25429 BUG=chromium-os:27878 TEST=syscall_filter_unittest CQ-DEPEND=I3a4334a3c568178e19b18e7f3ed97517b03afd1b Change-Id: I13a9b22ac8d55f02d5a77b5beedb955386b63723 Reviewed-on: https://gerrit.chromium.org/gerrit/19007 Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Will Drewry <wad@chromium.org> /external/minijail/bpf.c
edb1d8e226853d56894234648601ce32d2a6e4cf	26-Apr-2012	Jorge Lucangeli Obes <jorgelo@chromium.org>	Update Minijail syscall filter unit tests to work on 32 bits. BUG=chromium-os:25429 BUG=chromium-os:27878 TEST=syscall_filter_unittest Change-Id: Ib9cbee020059684ae58aa8c3ca2a2c8a4afb084d Reviewed-on: https://gerrit.chromium.org/gerrit/21261 Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Will Drewry <wad@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> /external/minijail/bpf.c
fc8ab53c3ee4697b907a35ac54f26fb9477f6e7c	20-Mar-2012	Jorge Lucangeli Obes <jorgelo@chromium.org>	Add syscall filter BPF program generator. BUG=chromium-os:25429 BUG=chromium-os:27878 TEST=syscall_filter_unittest Change-Id: I3a4334a3c568178e19b18e7f3ed97517b03afd1b Reviewed-on: https://gerrit.chromium.org/gerrit/18914 Reviewed-by: Kees Cook <keescook@chromium.org> Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> /external/minijail/bpf.c