added bluetooth to the list of protocols allowed by seccomp

author: netblue30 <netblue30@yahoo.com> 2020-10-28 09:18:18 -0400
committer: netblue30 <netblue30@yahoo.com> 2020-10-28 09:18:18 -0400
commit: 65911742d70fbe287fc9d0e6f2c9a92e2b6657de (patch)
tree: 3e896a6d85513059c3c6322865e3f0200b28613b /src/fseccomp
parent: profile fixes (diff)
download: firejail-65911742d70fbe287fc9d0e6f2c9a92e2b6657de.tar.gz
firejail-65911742d70fbe287fc9d0e6f2c9a92e2b6657de.tar.zst
firejail-65911742d70fbe287fc9d0e6f2c9a92e2b6657de.zip
1 files changed, 3 insertions, 46 deletions
diff --git a/src/fseccomp/protocol.c b/src/fseccomp/protocol.c
index b8b30f488..4d261f9e5 100644
--- a/src/fseccomp/protocol.c
+++ b/src/fseccomp/protocol.c
@@ -57,6 +57,7 @@ static char *protocol[] = {
        "inet6",
        "netlink",
        "packet",
+        "bluetooth",
        NULL
 };
@@ -66,7 +67,8 @@ static struct sock_filter protocol_filter_command[] = {
        WHITELIST(AF_INET),
        WHITELIST(AF_INET6),
        WHITELIST(AF_NETLINK),
-        WHITELIST(AF_PACKET)
+        WHITELIST(AF_PACKET),
+        WHITELIST(AF_BLUETOOTH)
 };
 #endif
 // Note: protocol[] and protocol_filter_command are synchronized
@@ -143,22 +145,6 @@ void protocol_build_filter(const char *prlist, const char *fname) {
        memcpy(ptr, &filter_start[0], sizeof(filter_start));
        ptr += sizeof(filter_start);
-#if 0
-printf("entries %u\n", (unsigned) (sizeof(filter_start) / sizeof(struct sock_filter)));
-{
-        unsigned j;
-        unsigned char *ptr2 = (unsigned char *) &filter[0];
-        for (j = 0; j < sizeof(filter); j++, ptr2++) {
-                if ((j % (sizeof(struct sock_filter))) == 0)
-                        printf("\n%u: ", 1 + (unsigned) (j / (sizeof(struct sock_filter))));
-                printf("%02x, ", (*ptr2) & 0xff);
-        }
-        printf("\n");
-}
-printf("whitelist_len %u, struct sock_filter len %u\n", whitelist_len, (unsigned) sizeof(struct sock_filter));
-#endif
        // parse list and add commands
        char *tmplist = strdup(prlist);
        if (!tmplist)
@@ -176,22 +162,6 @@ printf("whitelist_len %u, struct sock_filter len %u\n", whitelist_len, (unsigned
                memcpy(ptr, domain, whitelist_len * sizeof(struct sock_filter));
                ptr += whitelist_len * sizeof(struct sock_filter);
                token = strtok(NULL, ",");
-#if 0
-printf("entries %u\n",  (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (unsigned) sizeof(struct sock_filter));
-{
-        unsigned j;
-        unsigned char *ptr2 = (unsigned char *) &filter[0];
-        for (j = 0; j < sizeof(filter); j++, ptr2++) {
-                if ((j % (sizeof(struct sock_filter))) == 0)
-                        printf("\n%u: ", 1 + (unsigned) (j / (sizeof(struct sock_filter))));
-                printf("%02x, ", (*ptr2) & 0xff);
-        }
-        printf("\n");
-}
-#endif
        }
        free(tmplist);
@@ -202,19 +172,6 @@ printf("entries %u\n",  (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (uns
        memcpy(ptr, &filter_end[0], sizeof(filter_end));
        ptr += sizeof(filter_end);
-#if 0
-printf("entries %u\n",  (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (unsigned) sizeof(struct sock_filter));
-{
-        unsigned j;
-        unsigned char *ptr2 = (unsigned char *) &filter[0];
-        for (j = 0; j < sizeof(filter); j++, ptr2++) {
-                if ((j % (sizeof(struct sock_filter))) == 0)
-                        printf("\n%u: ", 1 + (unsigned) (j / (sizeof(struct sock_filter))));
-                printf("%02x, ", (*ptr2) & 0xff);
-        }
-        printf("\n");
-}
-#endif
        // save filter to file
        int dst = open(fname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
        if (dst < 0) {
author	netblue30 <netblue30@yahoo.com>	2020-10-28 09:18:18 -0400
committer	netblue30 <netblue30@yahoo.com>	2020-10-28 09:18:18 -0400
commit	65911742d70fbe287fc9d0e6f2c9a92e2b6657de (patch)
tree	3e896a6d85513059c3c6322865e3f0200b28613b /src/fseccomp
parent	profile fixes (diff)
download	firejail-65911742d70fbe287fc9d0e6f2c9a92e2b6657de.tar.gz firejail-65911742d70fbe287fc9d0e6f2c9a92e2b6657de.tar.zst firejail-65911742d70fbe287fc9d0e6f2c9a92e2b6657de.zip

diff --git a/src/fseccomp/protocol.c b/src/fseccomp/protocol.c index b8b30f488..4d261f9e5 100644 --- a/src/fseccomp/protocol.c +++ b/src/fseccomp/protocol.c
@@ -57,6 +57,7 @@ static char *protocol[] = {
57	"inet6",	57	"inet6",
58	"netlink",	58	"netlink",
59	"packet",	59	"packet",
		60	"bluetooth",
60	NULL	61	NULL
61	};	62	};
62		63
@@ -66,7 +67,8 @@ static struct sock_filter protocol_filter_command[] = {
66	WHITELIST(AF_INET),	67	WHITELIST(AF_INET),
67	WHITELIST(AF_INET6),	68	WHITELIST(AF_INET6),
68	WHITELIST(AF_NETLINK),	69	WHITELIST(AF_NETLINK),
69	WHITELIST(AF_PACKET)	70	WHITELIST(AF_PACKET),
		71	WHITELIST(AF_BLUETOOTH)
70	};	72	};
71	#endif	73	#endif
72	// Note: protocol[] and protocol_filter_command are synchronized	74	// Note: protocol[] and protocol_filter_command are synchronized
@@ -143,22 +145,6 @@ void protocol_build_filter(const char prlist, const char fname) {
143	memcpy(ptr, &filter_start[0], sizeof(filter_start));	145	memcpy(ptr, &filter_start[0], sizeof(filter_start));
144	ptr += sizeof(filter_start);	146	ptr += sizeof(filter_start);
145		147
146	#if 0
147	printf("entries %u\n", (unsigned) (sizeof(filter_start) / sizeof(struct sock_filter)));
148	{
149	unsigned j;
150	unsigned char ptr2 = (unsigned char ) &filter[0];
151	for (j = 0; j < sizeof(filter); j++, ptr2++) {
152	if ((j % (sizeof(struct sock_filter))) == 0)
153	printf("\n%u: ", 1 + (unsigned) (j / (sizeof(struct sock_filter))));
154	printf("%02x, ", (*ptr2) & 0xff);
155	}
156	printf("\n");
157	}
158	printf("whitelist_len %u, struct sock_filter len %u\n", whitelist_len, (unsigned) sizeof(struct sock_filter));
159	#endif
160
161
162	// parse list and add commands	148	// parse list and add commands
163	char *tmplist = strdup(prlist);	149	char *tmplist = strdup(prlist);
164	if (!tmplist)	150	if (!tmplist)
@@ -176,22 +162,6 @@ printf("whitelist_len %u, struct sock_filter len %u\n", whitelist_len, (unsigned
176	memcpy(ptr, domain, whitelist_len * sizeof(struct sock_filter));	162	memcpy(ptr, domain, whitelist_len * sizeof(struct sock_filter));
177	ptr += whitelist_len * sizeof(struct sock_filter);	163	ptr += whitelist_len * sizeof(struct sock_filter);
178	token = strtok(NULL, ",");	164	token = strtok(NULL, ",");
179
180	#if 0
181	printf("entries %u\n", (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (unsigned) sizeof(struct sock_filter));
182	{
183	unsigned j;
184	unsigned char ptr2 = (unsigned char ) &filter[0];
185	for (j = 0; j < sizeof(filter); j++, ptr2++) {
186	if ((j % (sizeof(struct sock_filter))) == 0)
187	printf("\n%u: ", 1 + (unsigned) (j / (sizeof(struct sock_filter))));
188	printf("%02x, ", (*ptr2) & 0xff);
189	}
190	printf("\n");
191	}
192	#endif
193
194
195	}	165	}
196	free(tmplist);	166	free(tmplist);
197		167
@@ -202,19 +172,6 @@ printf("entries %u\n", (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (uns
202	memcpy(ptr, &filter_end[0], sizeof(filter_end));	172	memcpy(ptr, &filter_end[0], sizeof(filter_end));
203	ptr += sizeof(filter_end);	173	ptr += sizeof(filter_end);
204		174
205	#if 0
206	printf("entries %u\n", (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (unsigned) sizeof(struct sock_filter));
207	{
208	unsigned j;
209	unsigned char ptr2 = (unsigned char ) &filter[0];
210	for (j = 0; j < sizeof(filter); j++, ptr2++) {
211	if ((j % (sizeof(struct sock_filter))) == 0)
212	printf("\n%u: ", 1 + (unsigned) (j / (sizeof(struct sock_filter))));
213	printf("%02x, ", (*ptr2) & 0xff);
214	}
215	printf("\n");
216	}
217	#endif
218	// save filter to file	175	// save filter to file
219	int dst = open(fname, O_CREAT\|O_WRONLY\|O_TRUNC, S_IRUSR \| S_IWUSR \| S_IRGRP \| S_IROTH);	176	int dst = open(fname, O_CREAT\|O_WRONLY\|O_TRUNC, S_IRUSR \| S_IWUSR \| S_IRGRP \| S_IROTH);
220	if (dst < 0) {	177	if (dst < 0) {