1*19c3b8c2SApple OSS Distributions #include <errno.h>
2*19c3b8c2SApple OSS Distributions #include <stdbool.h>
3*19c3b8c2SApple OSS Distributions #include <stdio.h>
4*19c3b8c2SApple OSS Distributions #include <stdlib.h>
5*19c3b8c2SApple OSS Distributions #include <string.h>
6*19c3b8c2SApple OSS Distributions #include <unistd.h>
7*19c3b8c2SApple OSS Distributions
8*19c3b8c2SApple OSS Distributions #include <sys/kern_debug.h>
9*19c3b8c2SApple OSS Distributions
10*19c3b8c2SApple OSS Distributions int
main(int argc,char * argv[])11*19c3b8c2SApple OSS Distributions main(int argc, char *argv[])
12*19c3b8c2SApple OSS Distributions {
13*19c3b8c2SApple OSS Distributions int opt;
14*19c3b8c2SApple OSS Distributions
15*19c3b8c2SApple OSS Distributions syscall_rejection_selector_t masks[16] = { 0 };
16*19c3b8c2SApple OSS Distributions
17*19c3b8c2SApple OSS Distributions int pos = 0;
18*19c3b8c2SApple OSS Distributions unsigned char selector = 0;
19*19c3b8c2SApple OSS Distributions bool next_is_allow = false;
20*19c3b8c2SApple OSS Distributions
21*19c3b8c2SApple OSS Distributions uint64_t flags = SYSCALL_REJECTION_FLAGS_DEFAULT;
22*19c3b8c2SApple OSS Distributions
23*19c3b8c2SApple OSS Distributions while ((opt = getopt(argc, argv, "ads:i:OF")) != -1) {
24*19c3b8c2SApple OSS Distributions switch (opt) {
25*19c3b8c2SApple OSS Distributions case 'a':
26*19c3b8c2SApple OSS Distributions next_is_allow = true;
27*19c3b8c2SApple OSS Distributions break;
28*19c3b8c2SApple OSS Distributions case 'd':
29*19c3b8c2SApple OSS Distributions next_is_allow = false;
30*19c3b8c2SApple OSS Distributions break;
31*19c3b8c2SApple OSS Distributions case 's':
32*19c3b8c2SApple OSS Distributions selector = (syscall_rejection_selector_t)atoi(optarg);
33*19c3b8c2SApple OSS Distributions break;
34*19c3b8c2SApple OSS Distributions case 'i':
35*19c3b8c2SApple OSS Distributions pos = atoi(optarg);
36*19c3b8c2SApple OSS Distributions if (next_is_allow) {
37*19c3b8c2SApple OSS Distributions // printf("%i: ALLOW %u\n", pos, (unsigned int)selector);
38*19c3b8c2SApple OSS Distributions masks[pos] = SYSCALL_REJECTION_ALLOW(selector);
39*19c3b8c2SApple OSS Distributions } else {
40*19c3b8c2SApple OSS Distributions // printf("%i: DENY %u\n", pos, (unsigned int)selector);
41*19c3b8c2SApple OSS Distributions masks[pos] = SYSCALL_REJECTION_DENY(selector);
42*19c3b8c2SApple OSS Distributions }
43*19c3b8c2SApple OSS Distributions break;
44*19c3b8c2SApple OSS Distributions case 'O':
45*19c3b8c2SApple OSS Distributions flags |= SYSCALL_REJECTION_FLAGS_ONCE;
46*19c3b8c2SApple OSS Distributions break;
47*19c3b8c2SApple OSS Distributions case 'F':
48*19c3b8c2SApple OSS Distributions flags |= SYSCALL_REJECTION_FLAGS_FORCE_FATAL;
49*19c3b8c2SApple OSS Distributions break;
50*19c3b8c2SApple OSS Distributions default:
51*19c3b8c2SApple OSS Distributions fprintf(stderr, "unknown option '%c'\n", opt);
52*19c3b8c2SApple OSS Distributions exit(2);
53*19c3b8c2SApple OSS Distributions }
54*19c3b8c2SApple OSS Distributions }
55*19c3b8c2SApple OSS Distributions
56*19c3b8c2SApple OSS Distributions debug_syscall_reject_config(masks, sizeof(masks) / sizeof(masks[0]), flags);
57*19c3b8c2SApple OSS Distributions
58*19c3b8c2SApple OSS Distributions int __unused ret = chdir("/tmp");
59*19c3b8c2SApple OSS Distributions
60*19c3b8c2SApple OSS Distributions syscall_rejection_selector_t all_allow_masks[16] = { 0 };
61*19c3b8c2SApple OSS Distributions all_allow_masks[0] = SYSCALL_REJECTION_ALLOW(SYSCALL_REJECTION_ALL);
62*19c3b8c2SApple OSS Distributions
63*19c3b8c2SApple OSS Distributions debug_syscall_reject_config(all_allow_masks, sizeof(all_allow_masks) / sizeof(all_allow_masks[0]), SYSCALL_REJECTION_FLAGS_DEFAULT);
64*19c3b8c2SApple OSS Distributions
65*19c3b8c2SApple OSS Distributions return 0;
66*19c3b8c2SApple OSS Distributions }
67