Add full seccomp BPF filter generation.

This CL uses the mechanism to generate filter sections from policy strings and builds a complete filter by first validating the arch and loading the syscall number, then checking against all syscalls listed in the policy file, and executing the argument filters if necessary. BUG=chromium-os:25429 BUG=chromium-os:27878 TEST=syscall_filter_unittest CQ-DEPEND=I3a4334a3c568178e19b18e7f3ed97517b03afd1b Change-Id: I13a9b22ac8d55f02d5a77b5beedb955386b63723 Reviewed-on: https://gerrit.chromium.org/gerrit/19007 Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Will Drewry <wad@chromium.org>
author: Jorge Lucangeli Obes <jorgelo@chromium.org> 2012-03-23 16:19:59 -0700
committer: Gerrit <chrome-bot@google.com> 2012-04-29 13:24:36 -0700
commit: d4467260de60d23ca7d2d506517caf71ef90984d (patch)
tree: 50a0cc4bdf79c30b6e87489435a26b4c5f26af0e /test/invalid_arg_filter.policy
parent: edb1d8e226853d56894234648601ce32d2a6e4cf (diff)
download: minijail-d4467260de60d23ca7d2d506517caf71ef90984d.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/test/invalid_arg_filter.policy b/test/invalid_arg_filter.policy
new file mode 100644
index 0000000..b79b31a
--- /dev/null
+++ b/test/invalid_arg_filter.policy
@@ -0,0 +1 @@
+open: argnn ==
author	Jorge Lucangeli Obes <jorgelo@chromium.org>	2012-03-23 16:19:59 -0700
committer	Gerrit <chrome-bot@google.com>	2012-04-29 13:24:36 -0700
commit	d4467260de60d23ca7d2d506517caf71ef90984d (patch)
tree	50a0cc4bdf79c30b6e87489435a26b4c5f26af0e /test/invalid_arg_filter.policy
parent	edb1d8e226853d56894234648601ce32d2a6e4cf (diff)
download	minijail-d4467260de60d23ca7d2d506517caf71ef90984d.tar.gz