Google Git
Sign in
gfiber / vendor / google / minijail / 0118059277f91e2eee4e901b3fff456c2cab9213^! / .
commit0118059277f91e2eee4e901b3fff456c2cab9213[log] [tgz]
authorJorge Lucangeli Obes <jorgelo@chromium.org>Wed Jun 13 21:43:40 2012 -0700
committerGerrit <chrome-bot@google.com>Thu Jun 14 18:12:15 2012 -0700
tree0344d669623996dfd1990c43c2228e41276e1ad0
parenta05d7bbb4072142e2bfb34310ad08c9dfb1ebbbf [diff]
Replace duplicated RET_KILL code with existing function.

BUG=None
TEST=syscall_filter_unittest

Change-Id: I810b99b85cb039db8bd313ca08119d22ff2554ba
Reviewed-on: https://gerrit.chromium.org/gerrit/25277
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>

diff --git a/syscall_filter.c b/syscall_filter.c
index 1372193..01bab5d 100644
--- a/syscall_filter.c
+++ b/syscall_filter.c

@@ -434,9 +434,7 @@
 	}
 
 	/* If none of the syscalls match, fall back to KILL. */
-	struct sock_filter *kill_filter = new_instr_buf(ONE_INSTR);
-	set_bpf_ret_kill(kill_filter);
-	append_filter_block(head, kill_filter, ONE_INSTR);
+	append_ret_kill(head);
 
 	/* Allocate the final buffer, now that we know its size. */
 	size_t final_filter_len = head->total_len +