[gentoo-commits] proj/sandbox:master commit in: /, libsandbox/trace/linux/

Sun, 24 Oct 2021 23:23:58 -0700 

commit:     03e14b50b395669ca2ee2849230aa00826c763b2
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 24 22:02:11 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Oct 25 06:23:30 2021 +0000
URL:        https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=03e14b50

libsandbox: use PTRACE_GET_SYSCALL_INFO when available

This is a generic interface for all arches, but it only supports
reading settings currently.  We can at least detect failures which
is better than nothing.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 configure.ac                          |  1 +
 libsandbox/trace/linux/arch.c         |  2 ++
 libsandbox/trace/linux/syscall_info.c | 24 ++++++++++++++++++++++++
 3 files changed, 27 insertions(+)

diff --git a/configure.ac b/configure.ac
index f43923c..254104d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -165,6 +165,7 @@ AC_CHECK_TYPES([sighandler_t, sig_t, 
__sighandler_t],,,[#include <signal.h>])
 
 save_CPPFLAGS=$CPPFLAGS
 CPPFLAGS="-I$srcdir $CPPFLAGS"
+AC_CHECK_TYPES([struct ptrace_syscall_info],,,[#include "headers.h"])
 AC_CHECK_TYPES([struct user_regs_struct, struct pt_regs],,,[#include 
"headers.h"])
 AC_CHECK_SIZEOF([struct user_regs_struct],,[#include "headers.h"])
 AC_CHECK_SIZEOF([struct pt_regs],,[#include "headers.h"])

diff --git a/libsandbox/trace/linux/arch.c b/libsandbox/trace/linux/arch.c
index 4b3d615..fd2d0de 100644
--- a/libsandbox/trace/linux/arch.c
+++ b/libsandbox/trace/linux/arch.c
@@ -27,6 +27,8 @@
 # include "sparc.c"
 #elif defined(__x86_64__)
 # include "x86_64.c"
+#elif defined(HAVE_STRUCT_PTRACE_SYSCALL_INFO)
+# include "syscall_info.c"
 #else
 # define SB_NO_TRACE_ARCH
 #endif

diff --git a/libsandbox/trace/linux/syscall_info.c 
b/libsandbox/trace/linux/syscall_info.c
new file mode 100644
index 0000000..23cd509
--- /dev/null
+++ b/libsandbox/trace/linux/syscall_info.c
@@ -0,0 +1,24 @@
+#undef trace_regs
+#define trace_regs struct ptrace_syscall_info
+
+#define trace_reg_sysnum entry.nr
+#define trace_reg_ret exit.rval
+
+#undef trace_get_regs
+#define trace_get_regs(regs) do_ptrace(PTRACE_GET_SYSCALL_INFO, (void 
*)(uintptr_t)sizeof(trace_regs), regs)
+
+static unsigned long trace_arg(void *vregs, int num)
+{
+       trace_regs *regs = vregs;
+       if (num < 7)
+               return regs->entry.args[num - 1];
+       else
+               return -1;
+}
+
+#undef trace_set_regs
+static long trace_set_regs(void *vregs)
+{
+       sb_ewarn("sandbox: Unable to block violation\n");
+       return 0;
+}

Reply via email to