From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 24 Jun 2024 20:08:17 +0000 (+0900)
Subject: seccomp-util: split out seccomp_filter_set_add_by_name()
X-Git-Tag: v257-rc1~1053^2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b89a262eb57f18c2dbf6c1ee7427b6f6fd8203cf;p=thirdparty%2Fsystemd.git

seccomp-util: split out seccomp_filter_set_add_by_name()
---

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 2469e242534..d31d6b494bc 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -2030,39 +2030,43 @@ int parse_syscall_archs(char **l, Set **ret_archs) {
         return 0;
 }
 
-int seccomp_filter_set_add(Hashmap *filter, bool add, const SyscallFilterSet *set) {
-        int r;
+int seccomp_filter_set_add_by_name(Hashmap *filter, bool add, const char *name) {
+        assert(filter);
+        assert(name);
 
-        assert(set);
+        if (name[0] == '@') {
+                const SyscallFilterSet *more;
 
-        NULSTR_FOREACH(i, set->value) {
+                more = syscall_filter_set_find(name);
+                if (!more)
+                        return -ENXIO;
 
-                if (i[0] == '@') {
-                        const SyscallFilterSet *more;
+                return seccomp_filter_set_add(filter, add, more);
+        }
 
-                        more = syscall_filter_set_find(i);
-                        if (!more)
-                                return -ENXIO;
+        int id = seccomp_syscall_resolve_name(name);
+        if (id == __NR_SCMP_ERROR) {
+                log_debug("System call %s is not known, ignoring.", name);
+                return 0;
+        }
 
-                        r = seccomp_filter_set_add(filter, add, more);
-                        if (r < 0)
-                                return r;
-                } else {
-                        int id;
+        if (add)
+                return hashmap_put(filter, INT_TO_PTR(id + 1), INT_TO_PTR(-1));
 
-                        id = seccomp_syscall_resolve_name(i);
-                        if (id == __NR_SCMP_ERROR) {
-                                log_debug("System call %s is not known, ignoring.", i);
-                                continue;
-                        }
+        (void) hashmap_remove(filter, INT_TO_PTR(id + 1));
+        return 0;
+}
 
-                        if (add) {
-                                r = hashmap_put(filter, INT_TO_PTR(id + 1), INT_TO_PTR(-1));
-                                if (r < 0)
-                                        return r;
-                        } else
-                                (void) hashmap_remove(filter, INT_TO_PTR(id + 1));
-                }
+int seccomp_filter_set_add(Hashmap *filter, bool add, const SyscallFilterSet *set) {
+        int r;
+
+        assert(filter);
+        assert(set);
+
+        NULSTR_FOREACH(i, set->value) {
+                r = seccomp_filter_set_add_by_name(filter, add, i);
+                if (r < 0)
+                        return r;
         }
 
         return 0;
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h
index fbf85556690..64deb5fd5dd 100644
--- a/src/shared/seccomp-util.h
+++ b/src/shared/seccomp-util.h
@@ -70,6 +70,7 @@ extern const SyscallFilterSet syscall_filter_sets[];
 
 const SyscallFilterSet *syscall_filter_set_find(const char *name);
 
+int seccomp_filter_set_add_by_name(Hashmap *s, bool b, const char *name);
 int seccomp_filter_set_add(Hashmap *s, bool b, const SyscallFilterSet *set);
 
 int seccomp_add_syscall_filter_item(