Added getter for protected parameter

diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 56feae008de25cc6c8171463e6763e9bfa0bb83f..f041012f264b8cb61eedd075a008a856f797852c 100644 (file)
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -16,6 +16,7 @@
 #include "sandbox.h"
 #include "torlog.h"
 #include "orconfig.h"
+#include "torint.h"
 
 #if defined(HAVE_SECCOMP_H) && defined(__linux__)
 #define USE_LIBSECCOMP
@@ -149,6 +150,30 @@ static int general_filter[] = {
     SCMP_SYS(unlink)
 };
 
+char*
+get_prot_param(char *param)
+{
+  int i, filter_size;
+
+  if (param == NULL)
+    return NULL;
+
+  if (param_filter == NULL) {
+    filter_size = 0;
+  } else {
+    filter_size = sizeof(param_filter) / sizeof(param_filter[0]);
+  }
+
+  for (i = 0; i < filter_size; i++) {
+    if (param_filter[i].prot && !strncmp(param, param_filter[i].param,
+        MAX_PARAM_LEN)) {
+      return param_filter[i].param;
+    }
+  }
+
+  return NULL;
+}
+
 static int
 add_param_filter(scmp_filter_ctx ctx)
 {
@@ -189,7 +214,7 @@ add_param_filter(scmp_filter_ctx ctx)
     } // if not protected
 
     rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, param_filter[i].syscall, 1,
-        param_filter[i].param);
+        SCMP_A0(SCMP_CMP_EQ, (intptr_t) param_filter[i].param));
     if (rc != 0) {
       log_err(LD_BUG,"(Sandbox) failed to add syscall index %d, "
           "received libseccomp error %d", i, rc);

diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index cfbecebbd476bdb58a4b1c2562649546a0f83a3e..4752f1a733d8ae788c58426b52b7332bda89fc01 100644 (file)
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -58,6 +58,7 @@ typedef struct {
 
 void sandbox_set_debugging_fd(int fd);
 int tor_global_sandbox(void);
+char* get_prot_param(char *param);
 
 #endif /* SANDBOX_H_ */