From: <da...@us...> - 2003-03-26 20:16:50
|
Update of /cvsroot/cerber/cerb-ng/kcerb In directory sc8-pr-cvs1:/tmp/cvs-serv28172/kcerb Modified Files: cerb_action.c cerb_globals.h cerb_macros.h cerb_operations.master Log Message: - Added operations: + null() + setprison() + getprison() - Added policy: jailed-icmp. Requested by: Pawel Malachowski <pa...@zi...> - Documented isnull() operation. Index: cerb_action.c =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_action.c,v retrieving revision 1.98 retrieving revision 1.99 diff -C2 -d -r1.98 -r1.99 *** cerb_action.c 25 Mar 2003 12:58:56 -0000 1.98 --- cerb_action.c 26 Mar 2003 20:16:37 -0000 1.99 *************** *** 428,432 **** #endif ! if (nargs > 0) { args = fcb_malloc("syscall arguments", sizeof(register_t) * nargs); --- 428,434 ---- #endif ! if (nargs <= 0) ! args = NULL; ! else { args = fcb_malloc("syscall arguments", sizeof(register_t) * nargs); *************** *** 434,444 **** fcb_argreg_set(th, &tmpv, v[i + 1], CB_USR_ZONE); args[i] = tmpv.v_val; } - printf("validaddr: %u.\n", MCB_VALIDADDR((void *)args[0])); - } else { - args = NULL; } printf("Calling syscall %s\n", syscallnames[scallno]); retv->v_ret = tcb_oldscall[scallno](th->thd_proc, args); } --- 436,446 ---- fcb_argreg_set(th, &tmpv, v[i + 1], CB_USR_ZONE); args[i] = tmpv.v_val; + printf("validaddr: %p %u.\n", tmpv.v_ptr, MCB_VALIDADDR(tmpv.v_ptr)); } } printf("Calling syscall %s\n", syscallnames[scallno]); + printf("validuap: %p %u.\n", (void *)th->thd_uap[0], MCB_VALIDADDR((void *)th->thd_uap[0])); retv->v_ret = tcb_oldscall[scallno](th->thd_proc, args); + printf("validuap: %p %u.\n", (void *)th->thd_uap[0], MCB_VALIDADDR((void *)th->thd_uap[0])); } *************** *** 735,738 **** --- 737,749 ---- retv->v_type = CB_UDEFPTR_T; break; + case CB_SETPRISON_O: + if (val->v_type != CB_ST_PRISON_T) { + MCB_XCONFERR(th, EINVAL, "Invalid type of argument %u: " + "%s (should be %s).", nvals - 1, + tcb_typename[val->v_type], + tcb_typename[CB_ST_PRISON_T]); + } + retv->v_type = CB_ST_PRISON_T; + break; default: if (!MCB_ISVAL(val->v_type)) { *************** *** 929,932 **** --- 940,960 ---- proc->p_retval[1] = val->v_uval; return; + case CB_SETPRISON_O: + retv->v_type = CB_ST_PRISON_T; + retv->v_prison = proc->p_prison; + if (val->v_prison == NULL) + proc->p_flag &= ~P_JAILED; + else { + val->v_prison->pr_ref++; + proc->p_flag |= P_JAILED; + } + proc->p_prison = val->v_prison; + if (retv->v_prison == NULL) + retv->v_size = 0; + else { + retv->v_prison->pr_ref--; + retv->v_size = sizeof(struct prison); + } + return; } MCB_ASSERT(0, "Invalid operation here: %s.", tcb_opname[fun]); *************** *** 945,948 **** --- 973,980 ---- retv->v_uvalp = NULL; return; + case CB_SETPRISON_O: + retv->v_type = CB_ST_PRISON_T; + retv->v_prison = NULL; + return; } retv->v_type = CB_DEF_T; *************** *** 1044,1047 **** --- 1076,1087 ---- retv->v_ret = proc->p_retval[1]; return; + case CB_GETPRISON_O: + retv->v_type = CB_ST_PRISON_T; + retv->v_prison = proc->p_prison; + if (proc->p_prison == NULL) + retv->v_size = 0; + else + retv->v_size = sizeof(struct prison); + return; } MCB_ASSERT(0, "Invalid operation here: %s.", tcb_opname[fun]); *************** *** 1552,1555 **** --- 1592,1621 ---- retv->v_type = CB_UDEF_T; retv->v_uval = (v[0]->v_ptr == NULL ? 1 : 0); + retv->v_size = 0; + } + + /* + * This function returns NULL of specified type. + */ + void + fcb_op_null(CB_OPARGS) + { + + if (nvals != 1) { + MCB_XCONFERR(th, EINVAL, "Invalid number of arguments: %u " + "(should be %u).", nvals, 1); + } + if (!MCB_ISVAL(v[0]->v_type)) { + MCB_XCONFERR(th, EINVAL, "Invalid type of argument %u: %s " + "(should be pointer).", 0, tcb_typename[v[0]->v_type]); + } + if (!MCB_ISPTR(v[0]->v_uval)) { + MCB_XCONFERR(th, EINVAL, "Invalid value, pointer type " + "expected."); + } + + retv->v_id = ECB_CONST_I; + retv->v_type = v[0]->v_uval; + retv->v_ptr = NULL; retv->v_size = 0; } Index: cerb_globals.h =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_globals.h,v retrieving revision 1.42 retrieving revision 1.43 diff -C2 -d -r1.42 -r1.43 *** cerb_globals.h 25 Mar 2003 12:58:57 -0000 1.42 --- cerb_globals.h 26 Mar 2003 20:16:39 -0000 1.43 *************** *** 92,95 **** --- 92,98 ---- #undef CB_DEBUG_GETVAL /* debug for fcb_getval() function */ #undef CB_DEBUG_OPERR /* debug for operations errors */ + + /* Invariants. */ + #define CB_INVARIANTS #endif /* _CERB_GLOBALS_H_ */ Index: cerb_macros.h =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_macros.h,v retrieving revision 1.30 retrieving revision 1.31 diff -C2 -d -r1.30 -r1.31 *** cerb_macros.h 16 Mar 2003 15:52:21 -0000 1.30 --- cerb_macros.h 26 Mar 2003 20:16:39 -0000 1.31 *************** *** 11,14 **** --- 11,15 ---- #define _CERB_MACROS_H_ + #include "cerb_globals.h" #include "cerb_sysctl.h" *************** *** 141,144 **** --- 142,146 ---- * Macro for assertions. */ + #ifdef CB_INVARIANTS #define MCB_ASSERT(expr, fmt, args...) do { \ if (!(expr)) { \ *************** *** 147,150 **** --- 149,155 ---- } \ } while(0) + #else + #define MCB_ASSERT() + #endif /* Index: cerb_operations.master =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_operations.master,v retrieving revision 1.29 retrieving revision 1.30 diff -C2 -d -r1.29 -r1.30 *** cerb_operations.master 25 Mar 2003 12:58:57 -0000 1.29 --- cerb_operations.master 26 Mar 2003 20:16:39 -0000 1.30 *************** *** 90,93 **** --- 90,95 ---- "getpretval1" getpinfo GETPRETVAL1 "setpretval1" setpinfo SETPRETVAL1 + "getprison" getpinfo GETPRISON + "setprison" setpinfo SETPRISON "isjailed" jailinfo ISJAILED "getjailhost" jailinfo GETJAILHOST *************** *** 117,120 **** --- 119,123 ---- "sysctl" sysctl SYSCTL "sysctlname" sysctlname SYSCTLNAME + "null" null NULL "isnull" isnull ISNULL "rmenv" rmenv RMENV |