github.com/criyle/go-sandbox@v0.10.3/cmd/runprog/config/config_loader.go

github.com/criyle/go-sandbox@v0.10.3/cmd/runprog/config/config_loader.go (about)

     1  package config
     2  
     3  import "github.com/criyle/go-sandbox/runner/ptrace/filehandler"
     4  
     5  // GetConf return file access check set, syscall counter, allow and traced syscall arrays and new args
     6  func GetConf(pType, workPath string, args, addRead, addWrite []string,
     7  	allowProc bool) ([]string, []string, []string, *filehandler.Handler) {
     8  	var (
     9  		fs    = filehandler.NewFileSets()
    10  		sc    = filehandler.NewSyscallCounter()
    11  		allow = append(append([]string{}, defaultSyscallAllows...), archSyscallAllows...)
    12  		trace = append(append([]string{}, defaultSyscallTraces...), archSyscallTraces...)
    13  	)
    14  
    15  	fs.Readable.AddRange(defaultReadableFiles, workPath)
    16  	fs.Readable.AddRange(archReadableFiles, workPath)
    17  	fs.Writable.AddRange(defaultWritableFiles, workPath)
    18  	fs.AddFilePermission(args[0], filehandler.FilePermRead)
    19  	fs.AddFilePermission(workPath, filehandler.FilePermRead)
    20  
    21  	fs.Readable.AddRange(addRead, workPath)
    22  	fs.Writable.AddRange(addWrite, workPath)
    23  
    24  	if c, o := runptraceConfig[pType]; o {
    25  		allow = append(allow, c.Syscall.ExtraAllow...)
    26  		trace = append(trace, c.Syscall.ExtraBan...)
    27  		sc.AddRange(c.Syscall.ExtraCount)
    28  		fs.Readable.AddRange(c.FileAccess.ExtraRead, workPath)
    29  		fs.Writable.AddRange(c.FileAccess.ExtraWrite, workPath)
    30  		fs.Statable.AddRange(c.FileAccess.ExtraStat, workPath)
    31  		fs.SoftBan.AddRange(c.FileAccess.ExtraBan, workPath)
    32  		args = append(c.RunCommand, args...)
    33  	}
    34  	if allowProc {
    35  		allow = append(allow, defaultProcSyscalls...)
    36  	}
    37  	allow, trace = cleanTrace(allow, trace)
    38  
    39  	return args, allow, trace, &filehandler.Handler{
    40  		FileSet:        fs,
    41  		SyscallCounter: sc,
    42  	}
    43  }
    44  
    45  func keySetToSlice(m map[string]bool) []string {
    46  	rt := make([]string, 0, len(m))
    47  	for k := range m {
    48  		rt = append(rt, k)
    49  	}
    50  	return rt
    51  }
    52  
    53  func cleanTrace(allow, trace []string) ([]string, []string) {
    54  	// make sure allow, trace no duplicate
    55  	traceMap := make(map[string]bool)
    56  	for _, s := range trace {
    57  		traceMap[s] = true
    58  	}
    59  	allowMap := make(map[string]bool)
    60  	for _, s := range allow {
    61  		if !traceMap[s] {
    62  			allowMap[s] = true
    63  		}
    64  	}
    65  	return keySetToSlice(allowMap), keySetToSlice(traceMap)
    66  }