1 #include <errno.h>
2 #include <stdbool.h>
3 #include <stdio.h>
4 #include <stdlib.h>
5 #include <string.h>
6 #include <unistd.h>
7
8 #include <sys/kern_debug.h>
9
10 int
main(int argc,char * argv[])11 main(int argc, char *argv[])
12 {
13 int opt;
14
15 syscall_rejection_selector_t masks[16] = { 0 };
16
17 int pos = 0;
18 unsigned char selector = 0;
19 bool next_is_allow = false;
20
21 uint64_t flags = SYSCALL_REJECTION_FLAGS_DEFAULT;
22
23 while ((opt = getopt(argc, argv, "ads:i:OF")) != -1) {
24 switch (opt) {
25 case 'a':
26 next_is_allow = true;
27 break;
28 case 'd':
29 next_is_allow = false;
30 break;
31 case 's':
32 selector = (syscall_rejection_selector_t)atoi(optarg);
33 break;
34 case 'i':
35 pos = atoi(optarg);
36 if (next_is_allow) {
37 // printf("%i: ALLOW %u\n", pos, (unsigned int)selector);
38 masks[pos] = SYSCALL_REJECTION_ALLOW(selector);
39 } else {
40 // printf("%i: DENY %u\n", pos, (unsigned int)selector);
41 masks[pos] = SYSCALL_REJECTION_DENY(selector);
42 }
43 break;
44 case 'O':
45 flags |= SYSCALL_REJECTION_FLAGS_ONCE;
46 break;
47 case 'F':
48 flags |= SYSCALL_REJECTION_FLAGS_FORCE_FATAL;
49 break;
50 default:
51 fprintf(stderr, "unknown option '%c'\n", opt);
52 exit(2);
53 }
54 }
55
56 debug_syscall_reject_config(masks, sizeof(masks) / sizeof(masks[0]), flags);
57
58 int __unused ret = chdir("/tmp");
59
60 syscall_rejection_selector_t all_allow_masks[16] = { 0 };
61 all_allow_masks[0] = SYSCALL_REJECTION_ALLOW(SYSCALL_REJECTION_ALL);
62
63 debug_syscall_reject_config(all_allow_masks, sizeof(all_allow_masks) / sizeof(all_allow_masks[0]), SYSCALL_REJECTION_FLAGS_DEFAULT);
64
65 return 0;
66 }
67