diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2008-11-29 04:06:05 -0500 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2008-11-29 04:39:43 -0500 |
| commit | ce962a81797d455e4160f379c53d3432bbec36d4 (patch) | |
| tree | 9c961a0fa763c21ca1e568941ecffe168f7679d2 /libsandbox/libsandbox.h | |
| parent | libsandbox: push STRING_NAME into libsandbox.h (diff) | |
| download | sandbox-ce962a81797d455e4160f379c53d3432bbec36d4.tar.gz sandbox-ce962a81797d455e4160f379c53d3432bbec36d4.tar.bz2 sandbox-ce962a81797d455e4160f379c53d3432bbec36d4.zip | |
libsandbox: use integers rather than strings for functions
Rather than doing a buttload of strcmp's on function names, use integers.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'libsandbox/libsandbox.h')
| -rw-r--r-- | libsandbox/libsandbox.h | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/libsandbox/libsandbox.h b/libsandbox/libsandbox.h index c1b35dd..02088b8 100644 --- a/libsandbox/libsandbox.h +++ b/libsandbox/libsandbox.h @@ -14,33 +14,36 @@ #undef strdup /* Macros to check if a function should be executed */ +#define _FUNCTION_SANDBOX_SAFE(test) \ + (0 == is_sandbox_on() || 1 == (test)) + #define FUNCTION_SANDBOX_SAFE_AT(_dirfd, _path) \ - ((0 == is_sandbox_on()) || (1 == before_syscall(_dirfd, STRING_NAME, _path))) + _FUNCTION_SANDBOX_SAFE(before_syscall(_dirfd, WRAPPER_NR, STRING_NAME, _path)) #define FUNCTION_SANDBOX_SAFE(_path) \ FUNCTION_SANDBOX_SAFE_AT(AT_FDCWD, _path) #define FUNCTION_SANDBOX_SAFE_ACCESS_AT(_dirfd, _path, _flags) \ - ((0 == is_sandbox_on()) || (1 == before_syscall_access(_dirfd, STRING_NAME, _path, _flags))) + _FUNCTION_SANDBOX_SAFE(before_syscall_access(_dirfd, WRAPPER_NR, STRING_NAME, _path, _flags)) #define FUNCTION_SANDBOX_SAFE_ACCESS(_path, _flags) \ FUNCTION_SANDBOX_SAFE_ACCESS_AT(AT_FDCWD, _path, _flags) #define FUNCTION_SANDBOX_SAFE_OPEN_INT_AT(_dirfd, _path, _flags) \ - ((0 == is_sandbox_on()) || (1 == before_syscall_open_int(_dirfd, STRING_NAME, _path, _flags))) + _FUNCTION_SANDBOX_SAFE(before_syscall_open_int(_dirfd, WRAPPER_NR, STRING_NAME, _path, _flags)) #define FUNCTION_SANDBOX_SAFE_OPEN_INT(_path, _flags) \ FUNCTION_SANDBOX_SAFE_OPEN_INT_AT(AT_FDCWD, _path, _flags) #define FUNCTION_SANDBOX_SAFE_OPEN_CHAR_AT(_dirfd, _path, _mode) \ - ((0 == is_sandbox_on()) || (1 == before_syscall_open_char(_dirfd, STRING_NAME, _path, _mode))) + _FUNCTION_SANDBOX_SAFE(before_syscall_open_char(_dirfd, WRAPPER_NR, STRING_NAME, _path, _mode)) #define FUNCTION_SANDBOX_SAFE_OPEN_CHAR(_path, _mode) \ FUNCTION_SANDBOX_SAFE_OPEN_CHAR_AT(AT_FDCWD, _path, _mode) int canonicalize(const char *, char *); int is_sandbox_on(void); -int before_syscall(int, const char *, const char *); -int before_syscall_access(int, const char *, const char *, int); -int before_syscall_open_int(int, const char *, const char *, int); -int before_syscall_open_char(int, const char *, const char *, const char *); +int before_syscall(int, int, const char *, const char *); +int before_syscall_access(int, int, const char *, const char *, int); +int before_syscall_open_int(int, int, const char *, const char *, int); +int before_syscall_open_char(int, int, const char *, const char *, const char *); /* glibc modified realpath() function */ char *erealpath(const char *, char *); |