From ace464e5066c9f30a13d77d267d9392ce84b3e73 Mon Sep 17 00:00:00 2001 From: Alice Frosi Date: Tue, 21 Feb 2023 15:21:52 +0100 Subject: actions: add reference for the fds --- actions.c | 35 ++++++++++++++++++++++++----------- gluten.h | 14 ++++++++++++-- tests/unit/test_actions.c | 6 ++++-- 3 files changed, 40 insertions(+), 15 deletions(-) diff --git a/actions.c b/actions.c index bb603af..35d8e07 100644 --- a/actions.c +++ b/actions.c @@ -164,6 +164,27 @@ int do_call(struct arg_clone *c) return 0; } +static void set_inject_fields(uint64_t id, void *data, + const struct action *a,struct seccomp_notif_addfd *resp) +{ + const struct fd_type *new = &(a->inj).newfd; + const struct fd_type *old = &(a->inj).oldfd; + + resp->flags = SECCOMP_ADDFD_FLAG_SETFD; + resp->id = id; + if (new->type == IMMEDIATE) + resp->newfd = new->fd; + else + memcpy(&resp->srcfd, (uint16_t *)data + old->fd_off, + sizeof(resp->srcfd)); + if (old->type == IMMEDIATE) + resp->srcfd = old->fd; + else + memcpy(&resp->srcfd, (uint16_t *)data + old->fd_off, + sizeof(resp->srcfd)); + resp->newfd_flags = 0; +} + int do_actions(void *data, struct action actions[], unsigned int n_actions, int pid, int notifyfd, uint64_t id) { @@ -231,21 +252,13 @@ int do_actions(void *data, struct action actions[], unsigned int n_actions, int return -1; break; case A_INJECT_A: - resp_fd.id = id; - resp_fd.flags = SECCOMP_ADDFD_FLAG_SEND; - resp_fd.newfd = actions[i].inj.newfd; - resp_fd.srcfd = actions[i].inj.oldfd; - resp_fd.flags |= SECCOMP_ADDFD_FLAG_SETFD; - resp_fd.newfd_flags = 0; + set_inject_fields(id, data, &actions[i], &resp_fd); + resp_fd.flags |= SECCOMP_ADDFD_FLAG_SEND; if (send_inject_target(&resp_fd, notifyfd) == -1) return -1; break; case A_INJECT: - resp_fd.id = id; - resp_fd.newfd = actions[i].inj.newfd; - resp_fd.srcfd = actions[i].inj.oldfd; - resp_fd.flags = SECCOMP_ADDFD_FLAG_SETFD; - resp_fd.newfd_flags = 0; + set_inject_fields(id, data, &actions[i], &resp_fd); if (send_inject_target(&resp_fd, notifyfd) == -1) return -1; break; diff --git a/gluten.h b/gluten.h index 760f82b..c25ec97 100644 --- a/gluten.h +++ b/gluten.h @@ -66,6 +66,7 @@ struct act_call { }; struct act_block { + enum value_type type; int32_t error; }; @@ -81,9 +82,18 @@ struct act_return { }; }; +struct fd_type { + enum value_type type; + union { + uint32_t fd; + uint16_t fd_off; + }; + +}; + struct act_inject { - uint32_t newfd; - uint32_t oldfd; + struct fd_type newfd; + struct fd_type oldfd; }; struct action { diff --git a/tests/unit/test_actions.c b/tests/unit/test_actions.c index e648063..0913133 100644 --- a/tests/unit/test_actions.c +++ b/tests/unit/test_actions.c @@ -312,8 +312,10 @@ static void test_inject(struct action actions[], int n) fd_inj = create_test_fd(); ck_assert_int_ge(fd_inj,0); - actions[0].inj.newfd = fd_inj; - actions[0].inj.oldfd = test_fd; + actions[0].inj.newfd.fd = fd_inj; + actions[0].inj.newfd.type = IMMEDIATE; + actions[0].inj.oldfd.fd = test_fd; + actions[0].inj.oldfd.type = IMMEDIATE; ret = do_actions(NULL, actions, n, -1, notifyfd, req.id); ck_assert_msg(ret == 0, strerror(errno)); -- cgit v1.2.3