mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Disallow AddPolicyForSyscalls with an empty list
PiperOrigin-RevId: 549887306 Change-Id: I05a97b39a2c92ad5ab2002c7af7e83a8184392cf
This commit is contained in:
parent
e86462db77
commit
9d1d4b7fd3
|
@ -1068,6 +1068,11 @@ PolicyBuilder& PolicyBuilder::AddPolicyOnSyscall(uint32_t num, BpfFunc f) {
|
|||
|
||||
PolicyBuilder& PolicyBuilder::AddPolicyOnSyscalls(
|
||||
absl::Span<const uint32_t> nums, absl::Span<const sock_filter> policy) {
|
||||
if (nums.empty()) {
|
||||
SetError(absl::InvalidArgumentError(
|
||||
"Cannot add a policy for empty list of syscalls"));
|
||||
return *this;
|
||||
}
|
||||
std::deque<sock_filter> out;
|
||||
// Insert and verify the policy.
|
||||
out.insert(out.end(), policy.begin(), policy.end());
|
||||
|
|
|
@ -96,7 +96,6 @@ TEST(PolicyBuilderTest, Testpolicy_size) {
|
|||
assert_increased();
|
||||
builder.AddPolicyOnSyscalls({ __NR_fchmod, __NR_chdir }, { ALLOW });
|
||||
assert_increased();
|
||||
builder.AddPolicyOnSyscalls({ }, { ALLOW }); assert_increased();
|
||||
|
||||
// This might change in the future if we implement an optimization.
|
||||
builder.AddPolicyOnSyscall(__NR_umask, { ALLOW }); assert_increased();
|
||||
|
|
Loading…
Reference in New Issue
Block a user