diff options
author | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-01-16 21:23:31 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-01-16 21:23:31 +0000 |
commit | d51b86b9f7bb241aa48c5a4fab30f7718b177448 (patch) | |
tree | 529de8412144e31d471f66c2b805691ee7baf7e9 | |
parent | 85421d890fe0e2c510907d198a78ac3626cdd9ed (diff) | |
parent | e3192673e0210c018f66272ff0cdfbf5131d5037 (diff) | |
download | minijail-d51b86b9f7bb241aa48c5a4fab30f7718b177448.tar.gz |
syscall_filter: ignore @frequency am: b1b2eba6e7 am: 58b1c17df2 am: e3192673e0
Change-Id: Ice5a1915b5b231a2fb6b05748426a45ef65ddba2
-rw-r--r-- | syscall_filter.c | 11 | ||||
-rw-r--r-- | syscall_filter_unittest.cc | 11 |
2 files changed, 21 insertions, 1 deletions
diff --git a/syscall_filter.c b/syscall_filter.c index 3b78f97..2c389ae 100644 --- a/syscall_filter.c +++ b/syscall_filter.c @@ -595,9 +595,18 @@ int compile_file(const char *filename, FILE *policy_file, continue; } - /* Allow @include statements. */ + /* Allow @include and @frequency statements. */ if (*policy_line == '@') { const char *filename = NULL; + + /* Ignore @frequency statements. */ + if (strncmp("@frequency", policy_line, + strlen("@frequency")) == 0) { + compiler_warn(&state, + "ignored @frequency statement"); + continue; + } + if (parse_include_statement(&state, policy_line, include_level, &filename) != 0) { diff --git a/syscall_filter_unittest.cc b/syscall_filter_unittest.cc index 95b38f4..771dced 100644 --- a/syscall_filter_unittest.cc +++ b/syscall_filter_unittest.cc @@ -1745,6 +1745,17 @@ TEST(FilterTest, allow_log_but_kill) { free(actual.filter); } +TEST(FilterTest, frequency) { + struct sock_fprog actual; + std::string frequency = "@frequency ./path/is/ignored.frequency\n"; + + FILE* policy_file = write_policy_to_pipe(frequency); + ASSERT_NE(policy_file, nullptr); + int res = test_compile_filter("policy", policy_file, &actual); + fclose(policy_file); + EXPECT_EQ(res, 0); +} + TEST(FilterTest, include_invalid_token) { struct sock_fprog actual; std::string invalid_token = "@unclude ./test/seccomp.policy\n"; |