2022-10-02 14:09:25 +08:00
|
|
|
#ifndef WOJ_SANDBOX_RULES_H
|
|
|
|
#define WOJ_SANDBOX_RULES_H
|
|
|
|
|
2024-01-01 17:31:21 +08:00
|
|
|
#include "../sandbox.h"
|
2022-10-02 14:09:25 +08:00
|
|
|
#include "../utils/list.h"
|
|
|
|
|
|
|
|
#include "seccomp.h"
|
|
|
|
|
2024-01-01 17:31:21 +08:00
|
|
|
#define ADD_RULE_LIST(white_list, act) \
|
|
|
|
do { \
|
|
|
|
int white_len = sizeof(white_list) / sizeof(white_list[0]); \
|
|
|
|
for (int i = 0; i < white_len; i++) add_syscall_nr(white_list[i], ctx, act); \
|
|
|
|
} while (0)
|
|
|
|
|
2022-10-02 14:09:25 +08:00
|
|
|
struct rule {
|
2023-12-28 00:58:15 +08:00
|
|
|
char *name;
|
|
|
|
void (*setup)(scmp_filter_ctx);
|
2022-10-02 14:09:25 +08:00
|
|
|
struct list_head list;
|
|
|
|
};
|
|
|
|
|
|
|
|
void register_rule(struct rule *rule);
|
2023-12-28 00:58:15 +08:00
|
|
|
void setup_rule(const char *name, scmp_filter_ctx ctx, const char *exe_path);
|
2022-10-02 14:09:25 +08:00
|
|
|
void dump_rules(void);
|
|
|
|
|
|
|
|
#endif // WOJ_SANDBOX_RULES_H
|