def main(argv=None):
"""Main entrypoint."""
if argv is None:
argv = sys.argv[1:]
opts = parse_args(argv)
parsed_arch = arch.Arch.load_from_json(opts.arch_json)
policy_compiler = compiler.PolicyCompiler(parsed_arch)
if opts.use_kill_process:
kill_action = bpf.KillProcess()
else:
kill_action = bpf.KillThread()
override_default_action = None
if opts.default_action:
parser_state = parser.ParserState('<memory>')
override_default_action = parser.PolicyParser(
parsed_arch, kill_action=bpf.KillProcess()).parse_action(
next(parser_state.tokenize([opts.default_action])))
with opts.output as outf:
outf.write(
policy_compiler.compile_file(
opts.policy.name,
optimization_strategy=opts.optimization_strategy,
kill_action=kill_action,
include_depth_limit=opts.include_depth_limit,
override_default_action=override_default_action).opcodes)
return 0
def main(argv=None):
"""Main entrypoint."""
if argv is None:
argv = sys.argv[1:]
opts, arg_parser = parse_args(argv)
if not os.path.exists(opts.arch_json):
arg_parser.error(CONSTANTS_ERR_MSG)
parsed_arch = arch.Arch.load_from_json(opts.arch_json)
policy_compiler = compiler.PolicyCompiler(parsed_arch)
# Set ret_log to true if the MINIJAIL_DEFAULT_RET_LOG environment variable
# is present.
if 'MINIJAIL_DEFAULT_RET_LOG' in os.environ:
print("""
\n**********************
Warning: MINJAIL_DEFAULT_RET_LOG is on, policy will not have any effect
**********************\n
""")
opts.use_ret_log = True
if opts.use_ret_log:
kill_action = bpf.Log()
elif opts.denylist:
# Default action for a denylist policy is return EPERM
kill_action = bpf.ReturnErrno(parsed_arch.constants['EPERM'])
elif opts.use_kill_process:
kill_action = bpf.KillProcess()
else:
kill_action = bpf.KillThread()
override_default_action = None
if opts.default_action:
parser_state = parser.ParserState('<memory>')
override_default_action = parser.PolicyParser(
parsed_arch, kill_action=bpf.KillProcess()).parse_action(
next(parser_state.tokenize([opts.default_action])))
compiled_policy = policy_compiler.compile_file(
opts.policy.name,
optimization_strategy=opts.optimization_strategy,
kill_action=kill_action,
include_depth_limit=opts.include_depth_limit,
override_default_action=override_default_action,
denylist=opts.denylist,
ret_log=opts.use_ret_log)
# Outputs the bpf binary to a c header file instead of a binary file.
if opts.output_header_file:
output_file_base = opts.output
with open(output_file_base + '.h', 'w') as output_file:
program = ', '.join('%i' % x for x in compiled_policy.opcodes)
output_file.write(
HEADER_TEMPLATE % {
'upper_name': output_file_base.upper(),
'name': output_file_base,
'program': program,
})
else:
with open(opts.output, 'wb') as outf:
outf.write(compiled_policy.opcodes)
return 0
def setUp(self):
self.arch = ARCH_64
self.compiler = compiler.PolicyCompiler(self.arch)
def setUp(self):
self.arch = ARCH_64
self.compiler = compiler.PolicyCompiler(self.arch)
self.tempdir = tempfile.mkdtemp()