From: Robert Swiecki <robert@swiecki.net>
Date: Mon, 12 Feb 2018 02:05:21 +0000 (+0100)
Subject: sandbox: simplify policy parsing
X-Git-Tag: 2.5~21
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5f35a0d2e05388ca4592b503f0f0efe7fc87d6e1;p=platform%2Fupstream%2Fnsjail.git

sandbox: simplify policy parsing
---

diff --git a/cmdline.cc b/cmdline.cc
index 49be6f0..33179bd 100644
--- a/cmdline.cc
+++ b/cmdline.cc
@@ -425,7 +425,8 @@ std::unique_ptr<nsjconf_t> parseArgs(int argc, char* argv[]) {
 			nsjconf->logfile = optarg;
 			break;
 		case 'L':
-			nsjconf->logfile = "/dev/fd/" + std::to_string(std::strtol(optarg, NULL, 10));
+			nsjconf->logfile =
+			    "/dev/fd/" + std::to_string(std::strtol(optarg, NULL, 10));
 			break;
 		case 'd':
 			nsjconf->daemonize = true;
diff --git a/sandbox.cc b/sandbox.cc
index e98faa4..59d0ab2 100644
--- a/sandbox.cc
+++ b/sandbox.cc
@@ -61,26 +61,29 @@ bool preparePolicy(nsjconf_t* nsjconf) {
 	if (nsjconf->kafel_file_path.empty() && nsjconf->kafel_string.empty()) {
 		return true;
 	}
-	FILE* f = NULL;
-	if (!nsjconf->kafel_file_path.empty() &&
-	    !(f = fopen(nsjconf->kafel_file_path.c_str(), "r"))) {
-		PLOG_W("Couldn't open the kafel seccomp policy file '%s'",
-		    nsjconf->kafel_file_path.c_str());
+	if (!nsjconf->kafel_file_path.empty() && !nsjconf->kafel_string.empty()) {
+		LOG_E(
+		    "You specified both kafel seccomp policy, and kafel seccomp file. Specify one "
+		    "only");
 		return false;
 	}
 
 	kafel_ctxt_t ctxt = kafel_ctxt_create();
 
-	if (f) {
+	if (!nsjconf->kafel_file_path.empty()) {
+		FILE* f = fopen(nsjconf->kafel_file_path.c_str(), "r");
+		if (!f) {
+			PLOG_W("Couldn't open the kafel seccomp policy file '%s'",
+			    nsjconf->kafel_file_path.c_str());
+			kafel_ctxt_destroy(&ctxt);
+			return false;
+		}
 		LOG_D("Compiling seccomp policy from file: '%s'", nsjconf->kafel_file_path.c_str());
 		kafel_set_input_file(ctxt, f);
-	} else if (!nsjconf->kafel_string.empty()) {
+	}
+	if (!nsjconf->kafel_string.empty()) {
 		LOG_D("Compiling seccomp policy from string: '%s'", nsjconf->kafel_string.c_str());
 		kafel_set_input_string(ctxt, nsjconf->kafel_string.c_str());
-	} else {
-		LOG_F(
-		    "No kafel seccomp-bpf config file available, nor policy as a string was "
-		    "defined");
 	}
 
 	if (kafel_compile(ctxt, &nsjconf->seccomp_fprog) != 0) {