Ejemplo n.º 1
0
def convert_filter_callback(f, ios_major_version_arg, keep_builtin_filters_arg,
                            global_vars_arg, re_list, filter_id, filter_arg,
                            base_addr_arg):
    """Convert filter from binary form to string.

    Binary form consists of filter id and filter argument:
      * filter id is the index inside the filters array above
      * filter argument is an actual parameter (such as a port number),
        a file offset or a regular expression index

    The string form consists of the name of the filter (as extracted
    from the filters array above) and a string representation of the
    filter argument. The string form of the filter argument if obtained
    from the binary form through the use of the callback function (as
    extracted frm the filters array above).

    Function arguments are:
      f: the binary sandbox profile file
      regex_list: list of regular expressions
      filter_id: the binary form of the filter id
      filter_arg: the binary form of the filter argument
    """

    global regex_list
    global ios_major_version
    global keep_builtin_filters
    global global_vars
    global base_addr
    keep_builtin_filters = keep_builtin_filters_arg
    ios_major_version = ios_major_version_arg
    global_vars = global_vars_arg
    regex_list = re_list
    base_addr = base_addr_arg

    if not Filters.exists(ios_major_version, filter_id):
        logger.warn("filter_id {} not in keys".format(filter_id))
        return (None, None)
    filter = Filters.get(ios_major_version, filter_id)
    if not filter["arg_process_fn"]:
        logger.warn("no function for filter {}".format(filter_id))
        return (None, None)
    if filter["arg_process_fn"] == "get_filter_arg_string_by_offset_with_type":
        (append, result) = globals()[filter["arg_process_fn"]](f, filter_arg)
        if filter_id == 0x01 and append == "path":
            append = "subpath"
        if result == None and filter["name"] != "debug-mode":
            logger.warn(
                "result of calling string offset for filter {} is none".format(
                    filter_id))
            return (None, None)
        return (filter["name"] + append, result)
    result = globals()[filter["arg_process_fn"]](f, filter_arg)
    if result == None and not ((filter["name"] in [
            "debug-mode", "syscall-mask", "machtrap-mask",
            "kernel-mig-routine-mask"
    ]) or (filter["name"] in ["extension", "mach-extension"]
           and ios_major_version <= 5)):
        logger.warn(
            "result of calling arg_process_fn for filter {} is none".format(
                filter_id))
        return (None, None)
    return (filter["name"], result)