From 847ffac9ba2bff6558ff6bb2cbec093a029828bc Mon Sep 17 00:00:00 2001 From: Alice Frosi Date: Fri, 21 Apr 2023 11:15:02 +0200 Subject: operation: remove pid and id Pid and id are reduandant fields as the information are already included in the seccomp request --- operations.c | 21 +++++++++++--------- operations.h | 3 +-- tests/unit/test_operations.c | 46 ++++++++++++++++++++++---------------------- 3 files changed, 36 insertions(+), 34 deletions(-) diff --git a/operations.c b/operations.c index 0327e57..a7ea5fb 100644 --- a/operations.c +++ b/operations.c @@ -243,6 +243,7 @@ static void set_inject_fields(uint64_t id, void *data, const struct op *a, else memcpy(&resp->srcfd, (uint16_t *)data + old->fd_off, sizeof(resp->srcfd)); + if (old->type == IMMEDIATE) resp->srcfd = old->fd; else @@ -252,7 +253,7 @@ static void set_inject_fields(uint64_t id, void *data, const struct op *a, } int do_operations(void *data, struct op operations[], struct seccomp_notif *req, - unsigned int n_operations, int pid, int notifyfd, uint64_t id) + unsigned int n_operations, int notifyfd) { struct seccomp_notif_addfd resp_fd; struct seccomp_notif_resp resp; @@ -263,11 +264,11 @@ int do_operations(void *data, struct op operations[], struct seccomp_notif *req, for (i = 0; i < n_operations; i++) { switch (operations[i].type) { case OP_CALL: - resp.id = id; + resp.id = req->id; resp.val = 0; resp.flags = 0; c.args = &operations[i].call; - c.pid = pid; + c.pid = req->pid; if (do_call(&c) == -1) { resp.error = -1; if (send_target(&resp, notifyfd) == -1) @@ -289,7 +290,7 @@ int do_operations(void *data, struct op operations[], struct seccomp_notif *req, } break; case OP_BLOCK: - resp.id = id; + resp.id = req->id; resp.val = 0; resp.flags = 0; resp.error = operations[i].block.error; @@ -297,7 +298,7 @@ int do_operations(void *data, struct op operations[], struct seccomp_notif *req, return -1; break; case OP_RETURN: - resp.id = id; + resp.id = req->id; resp.flags = 0; resp.error = 0; if (operations[i].ret.type == IMMEDIATE) @@ -313,7 +314,7 @@ int do_operations(void *data, struct op operations[], struct seccomp_notif *req, break; case OP_CONT: - resp.id = id; + resp.id = req->id; resp.flags = SECCOMP_USER_NOTIF_FLAG_CONTINUE; resp.error = 0; resp.val = 0; @@ -321,13 +322,15 @@ int do_operations(void *data, struct op operations[], struct seccomp_notif *req, return -1; break; case OP_INJECT_A: - set_inject_fields(id, data, &operations[i], &resp_fd); + set_inject_fields(req->id, data, &operations[i], + &resp_fd); resp_fd.flags |= SECCOMP_ADDFD_FLAG_SEND; if (send_inject_target(&resp_fd, notifyfd) == -1) return -1; break; case OP_INJECT: - set_inject_fields(id, data, &operations[i], &resp_fd); + set_inject_fields(req->id, data, &operations[i], + &resp_fd); if (send_inject_target(&resp_fd, notifyfd) == -1) return -1; break; @@ -346,7 +349,7 @@ int do_operations(void *data, struct op operations[], struct seccomp_notif *req, } break; case OP_RESOLVEDFD: - ret = resolve_fd(data, &operations[i].resfd, pid); + ret = resolve_fd(data, &operations[i].resfd, req->pid); if (ret == -1) return -1; else if (ret == 1) diff --git a/operations.h b/operations.h index 3691a50..3a4caa2 100644 --- a/operations.h +++ b/operations.h @@ -21,6 +21,5 @@ struct arg_clone { int do_call(struct arg_clone *c); int do_operations(void *data, struct op operations[], struct seccomp_notif *req, - unsigned int n_operations, int tpid, int notifyfd, - uint64_t id); + unsigned int n_operations, int notifyfd); #endif /* ACTIONS_H */ diff --git a/tests/unit/test_operations.c b/tests/unit/test_operations.c index 6ef451f..f8aef76 100644 --- a/tests/unit/test_operations.c +++ b/tests/unit/test_operations.c @@ -88,8 +88,8 @@ START_TEST(test_act_continue) { .type = OP_CONT }, }; int ret = do_operations(NULL, operations, &req, - sizeof(operations) / sizeof(operations[0]), -1, notifyfd, - req.id); + sizeof(operations) / sizeof(operations[0]), + notifyfd); ck_assert_msg(ret == 0, strerror(errno)); ck_assert_int_eq(at->err, 0); } @@ -104,8 +104,8 @@ START_TEST(test_act_block) }, }; int ret = do_operations(NULL, operations, &req, - sizeof(operations) / sizeof(operations[0]), -1, notifyfd, - req.id); + sizeof(operations) / sizeof(operations[0]), + notifyfd); ck_assert_msg(ret == 0, strerror(errno)); /* * The tests use getpid that returns the error with ret and it is always @@ -124,8 +124,8 @@ START_TEST(test_act_return) }, }; int ret = do_operations(NULL, operations, &req, - sizeof(operations) / sizeof(operations[0]), -1, notifyfd, - req.id); + sizeof(operations) / sizeof(operations[0]), + notifyfd); ck_assert_msg(ret == 0, strerror(errno)); check_target_result(1, 0, false); } @@ -144,8 +144,8 @@ START_TEST(test_act_return_ref) memcpy((uint16_t *)&tmp_data + offset, &v, sizeof(v)); int ret = do_operations(&tmp_data, operations, &req, - sizeof(operations) / sizeof(operations[0]), -1, notifyfd, - req.id); + sizeof(operations) / sizeof(operations[0]), + notifyfd); ck_assert_msg(ret == 0, strerror(errno)); check_target_result(v, 0, false); } @@ -161,8 +161,8 @@ START_TEST(test_act_call) { .type = OP_CONT }, }; int ret = do_operations(NULL, operations, &req, - sizeof(operations) / sizeof(operations[0]), -1, notifyfd, - req.id); + sizeof(operations) / sizeof(operations[0]), + notifyfd); ck_assert_msg(ret == 0, strerror(errno)); check_target_result(1, 0, true); } @@ -180,8 +180,8 @@ START_TEST(test_act_call_ret) { .type = OP_CONT }, }; int ret = do_operations(&tmp_data, operations, &req, - sizeof(operations) / sizeof(operations[0]), -1, notifyfd, - req.id); + sizeof(operations) / sizeof(operations[0]), + notifyfd); long r; ck_assert_msg(ret == 0, strerror(errno)); check_target_result(1, 0, true); @@ -216,7 +216,7 @@ static void test_inject(struct op operations[], int n, bool reference) operations[0].inj.oldfd.type = IMMEDIATE; } - ret = do_operations(&tmp_data, operations, &req,n, -1, notifyfd, req.id); + ret = do_operations(&tmp_data, operations, &req, n, notifyfd); ck_assert_msg(ret == 0, strerror(errno)); check_target_fd(pid, test_fd); } @@ -276,8 +276,8 @@ START_TEST(test_op_copy) .type = IMMEDIATE, .size = sizeof(socklen_t) }; ret = do_operations(&tmp_data, operations, &req, - sizeof(operations) / sizeof(operations[0]), -1, - notifyfd, req.id); + sizeof(operations) / sizeof(operations[0]), + notifyfd); ck_assert_msg(ret == 0, strerror(errno)); check_target_result(0, 0, false); addr = (struct sockaddr_un *)(tmp_data + o->args[1].args_off); @@ -309,8 +309,8 @@ START_TEST(test_op_cmp_eq) memcpy((uint16_t *)&tmp_data + operations[0].cmp.s2_off, &s, sizeof(s)); ret = do_operations(&tmp_data, operations, &req, - sizeof(operations) / sizeof(operations[0]), -1, - notifyfd, req.id); + sizeof(operations) / sizeof(operations[0]), + notifyfd); ck_assert_msg(ret == 0, strerror(errno)); ck_assert_int_eq(at->err, 0); } @@ -338,8 +338,8 @@ START_TEST(test_op_cmp_neq) sizeof(s2)); ret = do_operations(&tmp_data, operations, &req, - sizeof(operations) / sizeof(operations[0]), -1, - notifyfd, req.id); + sizeof(operations) / sizeof(operations[0]), + notifyfd); ck_assert_msg(ret == 0, strerror(errno)); check_target_result(-1, 1, false); } @@ -363,8 +363,8 @@ START_TEST(test_op_resolvedfd_eq) memcpy((uint16_t *)&tmp_data + operations[0].resfd.path_off, &path, sizeof(path)); int ret = do_operations(&tmp_data, operations, &req, - sizeof(operations) / sizeof(operations[0]), pid, - notifyfd, req.id); + sizeof(operations) / sizeof(operations[0]), + notifyfd); ck_assert_msg(ret == 0, strerror(errno)); check_target_result(-1, 1, false); } @@ -388,8 +388,8 @@ START_TEST(test_op_resolvedfd_neq) memcpy((uint16_t *)&tmp_data + operations[0].resfd.path_off, &path2, sizeof(path2)); int ret = do_operations(&tmp_data, operations, &req, - sizeof(operations) / sizeof(operations[0]), pid, - notifyfd, req.id); + sizeof(operations) / sizeof(operations[0]), + notifyfd); ck_assert_msg(ret == 0, strerror(errno)); } END_TEST -- cgit v1.2.3