Google Git
Sign in
gfiber / vendor / google / minijail / b0cea4351663665afc37c23b4b95fe18956f9b9a^! / .
commitb0cea4351663665afc37c23b4b95fe18956f9b9a[log] [tgz]
authorJorge Lucangeli Obes <jorgelo@chromium.org>Mon Feb 04 11:55:30 2013 -0800
committerChromeBot <chrome-bot@google.com>Mon Feb 04 12:55:51 2013 -0800
tree8d9b20e4c463897176c1a0170f0bb2697ad91885
parent8a56ec283c64512a16e4e19ae6a293ba7f543daf [diff]
Unalias |policy| variable in syscall filter code.

BUG=None
TEST=syscall_filter_unittest

Change-Id: Iaddc9d0e418529525e8cf5ecaf9bd5dd04c2b90d
Reviewed-on: https://gerrit.chromium.org/gerrit/42551
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>

diff --git a/syscall_filter.c b/syscall_filter.c
index 5597da2..e10c7bc 100644
--- a/syscall_filter.c
+++ b/syscall_filter.c

@@ -342,7 +342,7 @@
 	return head;
 }
 
-int compile_filter(FILE *policy, struct sock_fprog *prog,
+int compile_filter(FILE *policy_file, struct sock_fprog *prog,
 		int log_failures)
 {
 	char line[MAX_LINE_LENGTH];
@@ -351,7 +351,7 @@
 	struct bpf_labels labels;
 	labels.count = 0;
 
-	if (!policy)
+	if (!policy_file)
 		return -1;
 
 	struct filter_block *head = calloc(1, sizeof(struct filter_block));
@@ -383,10 +383,10 @@
 	 * Chain the filter sections together and dump them into
 	 * the final buffer at the end.
 	 */
-	while (fgets(line, sizeof(line), policy)) {
+	while (fgets(line, sizeof(line), policy_file)) {
 		++line_count;
-		char *policy = line;
-		char *syscall_name = strsep(&policy, ":");
+		char *policy_line = line;
+		char *syscall_name = strsep(&policy_line, ":");
 		int nr = -1;
 
 		syscall_name = strip(syscall_name);
@@ -395,7 +395,7 @@
 		if (*syscall_name == '#' || *syscall_name == '\0')
 			continue;
 
-		if (!policy)
+		if (!policy_line)
 			return -1;
 
 		nr = lookup_syscall(syscall_name);
@@ -405,13 +405,13 @@
 			return -1;
 		}
 
-		policy = strip(policy);
+		policy_line = strip(policy_line);
 
 		/*
 		 * For each syscall, add either a simple ALLOW,
 		 * or an arg filter block.
 		 */
-		if (strcmp(policy, "1") == 0) {
+		if (strcmp(policy_line, "1") == 0) {
 			/* Add simple ALLOW. */
 			append_allow_syscall(head, nr);
 		} else {
@@ -427,7 +427,7 @@
 
 			/* Build the arg filter block. */
 			struct filter_block *block =
-				compile_section(nr, policy, id, &labels);
+				compile_section(nr, policy_line, id, &labels);
 
 			if (!block)
 				return -1;

diff --git a/syscall_filter.h b/syscall_filter.h
index a9d83d1..4790d9f 100644
--- a/syscall_filter.h
+++ b/syscall_filter.h

@@ -27,7 +27,8 @@
 
 struct filter_block *compile_section(int nr, const char *policy_line,
 		unsigned int label_id, struct bpf_labels *labels);
-int compile_filter(FILE *policy, struct sock_fprog *prog, int log_failures);
+int compile_filter(FILE *policy_file, struct sock_fprog *prog,
+		int log_failures);
 
 int flatten_block_list(struct filter_block *head, struct sock_filter *filter,
 		size_t index, size_t cap);