diff options
Diffstat (limited to 'src/fseccomp/protocol.c')
-rw-r--r-- | src/fseccomp/protocol.c | 49 |
1 files changed, 3 insertions, 46 deletions
diff --git a/src/fseccomp/protocol.c b/src/fseccomp/protocol.c index b8b30f488..4d261f9e5 100644 --- a/src/fseccomp/protocol.c +++ b/src/fseccomp/protocol.c | |||
@@ -57,6 +57,7 @@ static char *protocol[] = { | |||
57 | "inet6", | 57 | "inet6", |
58 | "netlink", | 58 | "netlink", |
59 | "packet", | 59 | "packet", |
60 | "bluetooth", | ||
60 | NULL | 61 | NULL |
61 | }; | 62 | }; |
62 | 63 | ||
@@ -66,7 +67,8 @@ static struct sock_filter protocol_filter_command[] = { | |||
66 | WHITELIST(AF_INET), | 67 | WHITELIST(AF_INET), |
67 | WHITELIST(AF_INET6), | 68 | WHITELIST(AF_INET6), |
68 | WHITELIST(AF_NETLINK), | 69 | WHITELIST(AF_NETLINK), |
69 | WHITELIST(AF_PACKET) | 70 | WHITELIST(AF_PACKET), |
71 | WHITELIST(AF_BLUETOOTH) | ||
70 | }; | 72 | }; |
71 | #endif | 73 | #endif |
72 | // Note: protocol[] and protocol_filter_command are synchronized | 74 | // Note: protocol[] and protocol_filter_command are synchronized |
@@ -143,22 +145,6 @@ void protocol_build_filter(const char *prlist, const char *fname) { | |||
143 | memcpy(ptr, &filter_start[0], sizeof(filter_start)); | 145 | memcpy(ptr, &filter_start[0], sizeof(filter_start)); |
144 | ptr += sizeof(filter_start); | 146 | ptr += sizeof(filter_start); |
145 | 147 | ||
146 | #if 0 | ||
147 | printf("entries %u\n", (unsigned) (sizeof(filter_start) / sizeof(struct sock_filter))); | ||
148 | { | ||
149 | unsigned j; | ||
150 | unsigned char *ptr2 = (unsigned char *) &filter[0]; | ||
151 | for (j = 0; j < sizeof(filter); j++, ptr2++) { | ||
152 | if ((j % (sizeof(struct sock_filter))) == 0) | ||
153 | printf("\n%u: ", 1 + (unsigned) (j / (sizeof(struct sock_filter)))); | ||
154 | printf("%02x, ", (*ptr2) & 0xff); | ||
155 | } | ||
156 | printf("\n"); | ||
157 | } | ||
158 | printf("whitelist_len %u, struct sock_filter len %u\n", whitelist_len, (unsigned) sizeof(struct sock_filter)); | ||
159 | #endif | ||
160 | |||
161 | |||
162 | // parse list and add commands | 148 | // parse list and add commands |
163 | char *tmplist = strdup(prlist); | 149 | char *tmplist = strdup(prlist); |
164 | if (!tmplist) | 150 | if (!tmplist) |
@@ -176,22 +162,6 @@ printf("whitelist_len %u, struct sock_filter len %u\n", whitelist_len, (unsigned | |||
176 | memcpy(ptr, domain, whitelist_len * sizeof(struct sock_filter)); | 162 | memcpy(ptr, domain, whitelist_len * sizeof(struct sock_filter)); |
177 | ptr += whitelist_len * sizeof(struct sock_filter); | 163 | ptr += whitelist_len * sizeof(struct sock_filter); |
178 | token = strtok(NULL, ","); | 164 | token = strtok(NULL, ","); |
179 | |||
180 | #if 0 | ||
181 | printf("entries %u\n", (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (unsigned) sizeof(struct sock_filter)); | ||
182 | { | ||
183 | unsigned j; | ||
184 | unsigned char *ptr2 = (unsigned char *) &filter[0]; | ||
185 | for (j = 0; j < sizeof(filter); j++, ptr2++) { | ||
186 | if ((j % (sizeof(struct sock_filter))) == 0) | ||
187 | printf("\n%u: ", 1 + (unsigned) (j / (sizeof(struct sock_filter)))); | ||
188 | printf("%02x, ", (*ptr2) & 0xff); | ||
189 | } | ||
190 | printf("\n"); | ||
191 | } | ||
192 | #endif | ||
193 | |||
194 | |||
195 | } | 165 | } |
196 | free(tmplist); | 166 | free(tmplist); |
197 | 167 | ||
@@ -202,19 +172,6 @@ printf("entries %u\n", (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (uns | |||
202 | memcpy(ptr, &filter_end[0], sizeof(filter_end)); | 172 | memcpy(ptr, &filter_end[0], sizeof(filter_end)); |
203 | ptr += sizeof(filter_end); | 173 | ptr += sizeof(filter_end); |
204 | 174 | ||
205 | #if 0 | ||
206 | printf("entries %u\n", (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (unsigned) sizeof(struct sock_filter)); | ||
207 | { | ||
208 | unsigned j; | ||
209 | unsigned char *ptr2 = (unsigned char *) &filter[0]; | ||
210 | for (j = 0; j < sizeof(filter); j++, ptr2++) { | ||
211 | if ((j % (sizeof(struct sock_filter))) == 0) | ||
212 | printf("\n%u: ", 1 + (unsigned) (j / (sizeof(struct sock_filter)))); | ||
213 | printf("%02x, ", (*ptr2) & 0xff); | ||
214 | } | ||
215 | printf("\n"); | ||
216 | } | ||
217 | #endif | ||
218 | // save filter to file | 175 | // save filter to file |
219 | int dst = open(fname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); | 176 | int dst = open(fname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
220 | if (dst < 0) { | 177 | if (dst < 0) { |