def __call__(self, e, a):
# handle SYSCALL/SYSRET events with local rules
if e.type in (S_EVENT_SYSCALL, S_EVENT_SYSRET):
if machine == 'x86_64' and e.ext0 != 0:
return self._KILL_RF(e, a)
return self.sc_table[e.data](e, a)
# bypass other events to base class
return SandboxPolicy.__call__(self, e, a)
def __call__(self, e, a):
# handle SYSCALL/SYSRET events with local handlers
if e.type in (S_EVENT_SYSCALL, S_EVENT_SYSRET):
if MACHINE is 'x86_64' and e.ext0 is not 0:
a.type, a.data = S_ACTION_KILL, S_RESULT_RF
return a
if e.type is 4 and e.data not in self.sc_safe[MACHINE]:
self.sc_table[e.data] = self.sc_table.get(e.data, 0) + 1
a.type = S_ACTION_CONT
return a
# bypass other events to base class
return SandboxPolicy.__call__(self, e, a)
