Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/bin/systrace split white space and single line policy proces...
details: https://anonhg.NetBSD.org/src/rev/62eb7165eedc
branches: trunk
changeset: 536498:62eb7165eedc
user: itojun <itojun%NetBSD.org@localhost>
date: Tue Sep 17 05:07:21 2002 +0000
description:
split white space and single line policy processing into separate
functions. from provos
diffstat:
bin/systrace/policy.c | 184 +++++++++++++++++++++++++++++--------------------
1 files changed, 110 insertions(+), 74 deletions(-)
diffs (249 lines):
diff -r 5d68fbe60d1f -r 62eb7165eedc bin/systrace/policy.c
--- a/bin/systrace/policy.c Tue Sep 17 04:54:36 2002 +0000
+++ b/bin/systrace/policy.c Tue Sep 17 05:07:21 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: policy.c,v 1.5 2002/09/16 04:31:46 itojun Exp $ */
+/* $NetBSD: policy.c,v 1.6 2002/09/17 05:07:21 itojun Exp $ */
/* $OpenBSD: policy.c,v 1.15 2002/08/07 00:34:17 vincent Exp $ */
/*
* Copyright 2002 Niels Provos <provos%citi.umich.edu@localhost>
@@ -30,7 +30,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: policy.c,v 1.5 2002/09/16 04:31:46 itojun Exp $");
+__RCSID("$NetBSD: policy.c,v 1.6 2002/09/17 05:07:21 itojun Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -53,9 +53,13 @@
static int policycompare(struct policy *, struct policy *);
static int polnrcompare(struct policy *, struct policy *);
static char *systrace_policyfilename(char *, const char *);
+static char *systrace_policyline(char *line);
+static int systrace_policyprocess(struct policy *, char *);
static int systrace_predicatematch(char *);
static int systrace_writepolicy(struct policy *);
+int systrace_templatedir(void);
+
static int
psccompare(struct policy_syscall *a, struct policy_syscall *b)
{
@@ -375,16 +379,113 @@
return (res);
}
+/* Removes trailing whitespace and comments from the input line */
+
+static char *
+systrace_policyline(char *line)
+{
+ char *p;
+
+ if ((p = strchr(line, '\n')) == NULL)
+ return (NULL);
+ *p = '\0';
+
+ /* Remove comments from the input line */
+ p = strchr(line, '#');
+ if (p != NULL) {
+ if (p != line && *(p-1) == '-')
+ p = strchr(p + 1, '#');
+ if (p != NULL)
+ *p = '\0';
+ }
+
+ /* Remove trailing white space */
+ p = line + strlen(line) - 1;
+ while (p > line) {
+ if (!isspace(*p))
+ break;
+ *p-- = '\0';
+ }
+
+ /* Ignore white space at start of line */
+ p = line;
+ p += strspn(p, " \t");
+
+ return (p);
+}
+
+/*
+ * Parse a single line from a policy and convert it into a policy filter.
+ * Predicates are matched.
+ */
+
+static int
+systrace_policyprocess(struct policy *policy, char *p)
+{
+ char *name, *emulation, *rule;
+ struct filter *filter, *parsed;
+ short action, future;
+
+ emulation = strsep(&p, "-");
+ if (p == NULL || *p == '\0')
+ return (-1);
+
+ if (strcmp(emulation, policy->emulation))
+ return (-1);
+
+ name = strsep(&p, ":");
+ if (p == NULL || *p != ' ')
+ return (-1);
+ p++;
+ rule = p;
+
+ if ((p = strrchr(p, ',')) != NULL && !strncasecmp(p, ", if", 4)) {
+ int match;
+
+ *p = '\0';
+
+ /* Process predicates */
+ p += 4;
+ p += strspn(p, " \t");
+
+ match = systrace_predicatematch(p);
+ if (match == -1)
+ return (-1);
+ /* If the predicate does not match skip rule */
+ if (!match)
+ return (0);
+ }
+
+ if (filter_parse_simple(rule, &action, &future) == -1) {
+ if (parse_filter(rule, &parsed) == -1)
+ return (-1);
+ filter_free(parsed);
+ }
+
+ filter = calloc(1, sizeof(struct filter));
+ if (filter == NULL)
+ err(1, "%s:%d: calloc", __func__, __LINE__);
+
+ filter->rule = strdup(rule);
+ if (filter->rule == NULL)
+ err(1, "%s:%d: strdup", __func__, __LINE__);
+
+ strlcpy(filter->name, name, sizeof(filter->name));
+ strlcpy(filter->emulation, emulation, sizeof(filter->emulation));
+
+ TAILQ_INSERT_TAIL(&policy->prefilters, filter, policy_next);
+
+ return (0);
+}
+
int
systrace_readpolicy(char *filename)
{
FILE *fp;
struct policy *policy;
char line[_POSIX2_LINE_MAX], *p;
+ char *emulation, *name;
int linenumber = 0;
- char *name, *emulation, *rule;
- struct filter *filter, *parsed;
- short action, future;
int res = -1;
if ((fp = fopen(filename, "r")) == NULL)
@@ -393,30 +494,13 @@
policy = NULL;
while (fgets(line, sizeof(line), fp)) {
linenumber++;
- if ((p = strchr(line, '\n')) == NULL) {
+
+ if ((p = systrace_policyline(line)) == NULL) {
fprintf(stderr, "%s:%d: input line too long.\n",
filename, linenumber);
goto out;
}
- *p = '\0';
- p = strchr(line, '#');
- if (p != NULL) {
- if (p != line && *(p-1) == '-')
- p = strchr(p + 1, '#');
- if (p != NULL)
- *p = '\0';
- }
-
- p = line + strlen(line) - 1;
- while (p > line) {
- if (!isspace(*p))
- break;
- *p-- = '\0';
- }
-
- p = line;
- p += strspn(p, " \t");
if (strlen(p) == 0)
continue;
@@ -445,55 +529,8 @@
continue;
}
- emulation = strsep(&p, "-");
- if (p == NULL || *p == '\0')
- goto error;
-
- if (strcmp(emulation, policy->emulation))
- goto error;
-
- name = strsep(&p, ":");
- if (p == NULL || *p != ' ')
+ if (systrace_policyprocess(policy, p) == -1)
goto error;
- p++;
- rule = p;
-
- if ((p = strrchr(p, ',')) != NULL &&
- !strncasecmp(p, ", if", 4)) {
- int match;
-
- *p = '\0';
-
- /* Process predicates */
- p += 4;
- p += strspn(p, " \t");
-
- match = systrace_predicatematch(p);
- if (match == -1)
- goto error;
- /* If the predicate does not match skip rule */
- if (!match)
- continue;
- }
-
- if (filter_parse_simple(rule, &action, &future) == -1) {
- if (parse_filter(rule, &parsed) == -1)
- goto error;
- filter_free(parsed);
- }
-
- filter = calloc(1, sizeof(struct filter));
- if (filter == NULL)
- err(1, "%s:%d: calloc", __func__, __LINE__);
-
- filter->rule = strdup(rule);
- if (filter->rule == NULL)
- err(1, "%s:%d: strdup", __func__, __LINE__);
-
- strlcpy(filter->name, name, sizeof(filter->name));
- strlcpy(filter->emulation,emulation,sizeof(filter->emulation));
-
- TAILQ_INSERT_TAIL(&policy->prefilters, filter, policy_next);
}
res = 0;
@@ -502,8 +539,7 @@
return (res);
error:
- fprintf(stderr, "%s:%d: syntax error.\n",
- filename, linenumber);
+ fprintf(stderr, "%s:%d: syntax error.\n", filename, linenumber);
goto out;
}
Home |
Main Index |
Thread Index |
Old Index