X-Git-Url: http://mj.ucw.cz/gitweb/?a=blobdiff_plain;f=src%2Fbox.c;h=688bc5959532e56d8baaadd1f64b8f8996490bdc;hb=d99e7d3fac37d35fa3e4b688e91f40f4af4ae70f;hp=a2c5f683ce16af8dd2dd8d314917d7c3255054f2;hpb=e663f0222d8299a6b802cc35983858cfeca13a70;p=moe.git diff --git a/src/box.c b/src/box.c index a2c5f68..688bc59 100644 --- a/src/box.c +++ b/src/box.c @@ -91,10 +91,19 @@ msg(char *msg, ...) va_end(args); } -static const char * const syscall_tab[] = { +static void * +xmalloc(size_t size) +{ + void *p = malloc(size); + if (!p) + die("Out of memory"); + return p; +} + +static const char * const syscall_names[] = { #include "syscall-table.h" }; -#define NUM_SYSCALLS (sizeof(syscall_tab)/sizeof(syscall_tab[0])) +#define NUM_SYSCALLS ARRAY_SIZE(syscall_names) #define NUM_ACTIONS (NUM_SYSCALLS+64) enum action { @@ -210,8 +219,8 @@ static unsigned char syscall_action[NUM_ACTIONS] = { static const char * syscall_name(unsigned int id, char *buf) { - if (id < NUM_SYSCALLS && syscall_tab[id]) - return syscall_tab[id]; + if (id < NUM_SYSCALLS && syscall_names[id]) + return syscall_names[id]; else { sprintf(buf, "#%d", id); @@ -222,8 +231,8 @@ syscall_name(unsigned int id, char *buf) static int syscall_by_name(char *name) { - for (unsigned int i=0; i= (int)NUM_ACTIONS) + if (sys >= NUM_ACTIONS) die("Syscall `%s' out of range", a); syscall_action[sys] = act; return 1; @@ -277,6 +286,7 @@ static struct path_rule default_path_rules[] = { { "/usr/lib/", SC_YES }, { "/opt/lib/", SC_YES }, { "/usr/share/zoneinfo/", SC_YES }, + { "/usr/share/locale/", SC_YES }, { "/dev/null", SC_YES }, { "/dev/zero", SC_YES }, { "/proc/meminfo", SC_YES }, @@ -284,6 +294,35 @@ static struct path_rule default_path_rules[] = { { "/proc/self/exe", SC_YES }, // Needed by FPC 2.0.x runtime }; +static struct path_rule *user_path_rules; +static struct path_rule **last_path_rule = &user_path_rules; + +static int +set_path_action(char *a) +{ + char *sep = strchr(a, '='); + enum action act = SC_YES; + if (sep) + { + *sep++ = 0; + if (!strcmp(sep, "yes")) + act = SC_YES; + else if (!strcmp(sep, "no")) + act = SC_NO; + else + return 0; + } + + struct path_rule *r = xmalloc(sizeof(*r) + strlen(a)); + r->path = (char *)(r+1); + strcpy(r->path, a); + r->action = act; + r->next = NULL; + *last_path_rule = r; + last_path_rule = &r->next; + return 1; +} + static enum action match_path_rule(struct path_rule *r, char *path) { @@ -355,6 +394,10 @@ valid_filename(unsigned long addr) if (strstr(namebuf, "..")) act = SC_NO; + // Scan user rules + for (struct path_rule *r = user_path_rules; r && !act; r=r->next) + act = match_path_rule(r, namebuf); + // Scan built-in rules if (file_access >= 2) for (int i=0; i\tRedirect stdin from \n\ -m \tLimit address space to KB\n\ -o \tRedirect stdout to \n\ +-p \tPermit access to the specified path (or subtree if it ends with a `/')\n\ +-p =\tDefine action for the specified path (=yes/no)\n\ -s \tPermit the specified syscall (be careful)\n\ -s =\tDefine action for the specified syscall (=yes/no/file)\n\ -t