/**
* Detranslate the pathname of the struct sockaddr_un currently stored
* in the @tracee memory at the given @sock_addr. See the
* documentation of read_sockaddr_un() for the meaning of the
* @size_addr and @max_size parameters. This function returns -errno
* if an error occurred, otherwise 0.
*/
int translate_socketcall_exit(Tracee *tracee, word_t sock_addr, word_t size_addr, word_t max_size)
{
struct sockaddr_un sockaddr;
bool is_truncated = false;
char path[PATH_MAX];
int status;
int size;
if (sock_addr == 0)
return 0;
size = peek_int32(tracee, size_addr);
if (errno != 0)
return -errno;
max_size = MIN(max_size, sizeof(sockaddr));
status = read_sockaddr_un(tracee, &sockaddr, max_size, path, sock_addr, size);
if (status <= 0)
return status;
status = detranslate_path(tracee, path, NULL);
if (status < 0)
return status;
/* Be careful: sun_path doesn't have to be null-terminated. */
size = offsetof_path + strlen(path) + 1;
if (size < 0 || (word_t) size > max_size) {
size = max_size;
is_truncated = true;
}
strncpy(sockaddr.sun_path, path, sizeof_path);
/* Overwrite the sockaddr and socklen parameters. */
status = write_data(tracee, sock_addr, &sockaddr, size);
if (status < 0)
return status;
/* If sockaddr is truncated (because the buffer provided is
* too small), addrlen will return a value greater than was
* supplied to the call. See man 2 accept. */
if (is_truncated)
size = max_size + 1;
poke_int32(tracee, size_addr, size);
if (errno != 0)
return -errno;
return 0;
}
/**
* Copy in @guest_path the canonicalization (see `man 3 realpath`) of
* @user_path regarding to @tracee->root. The path to canonicalize
* could be either absolute or relative to @guest_path. When the last
* component of @user_path is a link, it is dereferenced only if
* @deref_final is true -- it is useful for syscalls like lstat(2).
* The parameter @recursion_level should be set to 0 unless you know
* what you are doing. This function returns -errno if an error
* occured, otherwise it returns 0.
*/
int canonicalize(Tracee *tracee, const char *user_path, bool deref_final,
char guest_path[PATH_MAX], unsigned int recursion_level)
{
char scratch_path[PATH_MAX];
Finality finality;
const char *cursor;
int status;
/* Avoid infinite loop on circular links. */
if (recursion_level > MAXSYMLINKS)
return -ELOOP;
/* Sanity checks. */
assert(user_path != NULL);
assert(guest_path != NULL);
assert(user_path != guest_path);
if (strnlen(guest_path, PATH_MAX) >= PATH_MAX)
return -ENAMETOOLONG;
if (user_path[0] != '/') {
/* Ensure 'guest_path' contains an absolute base of
* the relative `user_path`. */
if (guest_path[0] != '/')
return -EINVAL;
}
else
strcpy(guest_path, "/");
/* Canonicalize recursely 'user_path' into 'guest_path'. */
cursor = user_path;
finality = NOT_FINAL;
while (!IS_FINAL(finality)) {
Comparison comparison;
char component[NAME_MAX];
char host_path[PATH_MAX];
finality = next_component(component, &cursor);
status = (int) finality;
if (status < 0)
return status;
if (strcmp(component, ".") == 0) {
if (IS_FINAL(finality))
finality = FINAL_DOT;
continue;
}
if (strcmp(component, "..") == 0) {
pop_component(guest_path);
if (IS_FINAL(finality))
finality = FINAL_SLASH;
continue;
}
status = join_paths(2, scratch_path, guest_path, component);
if (status < 0)
return status;
/* Resolve bindings and check that a non-final
* component exists and either is a directory or is a
* symlink. For this latter case, we check that the
* symlink points to a directory once it is
* canonicalized, at the end of this loop. */
status = substitute_binding_stat(tracee, finality, recursion_level, scratch_path, host_path);
if (status < 0)
return status;
/* Nothing special to do if it's not a link or if we
* explicitly ask to not dereference 'user_path', as
* required by syscalls like lstat(2). Obviously, this
* later condition does not apply to intermediate path
* components. Errors are explicitly ignored since
* they should be handled by the caller. */
if (status <= 0 || (finality == FINAL_NORMAL && !deref_final)) {
strcpy(scratch_path, guest_path);
status = join_paths(2, guest_path, scratch_path, component);
if (status < 0)
return status;
continue;
}
/* It's a link, so we have to dereference *and*
* canonicalize to ensure we are not going outside the
* new root. */
comparison = compare_paths("/proc", guest_path);
switch (comparison) {
case PATHS_ARE_EQUAL:
case PATH1_IS_PREFIX:
/* Some links in "/proc" are generated
* dynamically by the kernel. PRoot has to
* emulate some of them. */
status = readlink_proc(tracee, scratch_path,
guest_path, component, comparison);
switch (status) {
case CANONICALIZE:
/* The symlink is already dereferenced,
* now canonicalize it. */
goto canon;
case DONT_CANONICALIZE:
/* If and only very final, this symlink
* shouldn't be dereferenced nor canonicalized. */
if (finality == FINAL_NORMAL) {
strcpy(guest_path, scratch_path);
return 0;
}
break;
default:
if (status < 0)
return status;
}
default:
break;
}
status = readlink(host_path, scratch_path, sizeof(scratch_path));
if (status < 0)
return status;
else if (status == sizeof(scratch_path))
return -ENAMETOOLONG;
scratch_path[status] = '\0';
/* Remove the leading "root" part if needed, it's
* useful for "/proc/self/cwd/" for instance. */
status = detranslate_path(tracee, scratch_path, host_path);
if (status < 0)
return status;
canon:
/* Canonicalize recursively the referee in case it
* is/contains a link, moreover if it is not an
* absolute link then it is relative to
* 'guest_path'. */
status = canonicalize(tracee, scratch_path, true, guest_path, recursion_level + 1);
if (status < 0)
return status;
/* Check that a non-final canonicalized/dereferenced
* symlink exists and is a directory. */
status = substitute_binding_stat(tracee, finality, recursion_level, guest_path, host_path);
if (status < 0)
return status;
/* Here, 'guest_path' shouldn't be a symlink anymore,
* unless it is a named file descriptor. */
assert(status != 1 || sscanf(guest_path, "/proc/%*d/fd/%d", &status) == 1);
}
/* At the exit stage of the first level of recursion,
* `guest_path` is fully canonicalized but a terminating '/'
* or a terminating '.' may be required to keep the initial
* semantic of `user_path`. */
if (recursion_level == 0) {
switch (finality) {
case FINAL_NORMAL:
break;
case FINAL_SLASH:
strcpy(scratch_path, guest_path);
status = join_paths(2, guest_path, scratch_path, "");
if (status < 0)
return status;
break;
case FINAL_DOT:
strcpy(scratch_path, guest_path);
status = join_paths(2, guest_path, scratch_path, ".");
if (status < 0)
return status;
break;
default:
assert(0);
}
}
return 0;
}
/**
* Translate the output arguments of the current @tracee's syscall in
* the @tracee->pid process area. This function sets the result of
* this syscall to @tracee->status if an error occured previously
* during the translation, that is, if @tracee->status is less than 0.
*/
void translate_syscall_exit(Tracee *tracee)
{
word_t syscall_number;
word_t syscall_result;
int status;
status = notify_extensions(tracee, SYSCALL_EXIT_START, 0, 0);
if (status < 0) {
poke_reg(tracee, SYSARG_RESULT, (word_t) status);
goto end;
}
if (status > 0)
return;
/* Set the tracee's errno if an error occured previously during
* the translation. */
if (tracee->status < 0) {
poke_reg(tracee, SYSARG_RESULT, (word_t) tracee->status);
goto end;
}
/* Translate output arguments:
* - break: update the syscall result register with "status"
* - goto end: nothing else to do.
*/
syscall_number = get_sysnum(tracee, ORIGINAL);
syscall_result = peek_reg(tracee, CURRENT, SYSARG_RESULT);
switch (syscall_number) {
case PR_brk:
translate_brk_exit(tracee);
goto end;
case PR_getcwd: {
char path[PATH_MAX];
size_t new_size;
size_t size;
word_t output;
size = (size_t) peek_reg(tracee, ORIGINAL, SYSARG_2);
if (size == 0) {
status = -EINVAL;
break;
}
/* Ensure cwd still exists. */
status = translate_path(tracee, path, AT_FDCWD, ".", false);
if (status < 0)
break;
new_size = strlen(tracee->fs->cwd) + 1;
if (size < new_size) {
status = -ERANGE;
break;
}
/* Overwrite the path. */
output = peek_reg(tracee, ORIGINAL, SYSARG_1);
status = write_data(tracee, output, tracee->fs->cwd, new_size);
if (status < 0)
break;
/* The value of "status" is used to update the returned value
* in translate_syscall_exit(). */
status = new_size;
break;
}
case PR_accept:
case PR_accept4:
/* Nothing special to do if no sockaddr was specified. */
if (peek_reg(tracee, ORIGINAL, SYSARG_2) == 0)
goto end;
/* Fall through. */
case PR_getsockname:
case PR_getpeername: {
word_t sock_addr;
word_t size_addr;
word_t max_size;
/* Error reported by the kernel. */
if ((int) syscall_result < 0)
goto end;
sock_addr = peek_reg(tracee, ORIGINAL, SYSARG_2);
size_addr = peek_reg(tracee, MODIFIED, SYSARG_3);
max_size = peek_reg(tracee, MODIFIED, SYSARG_6);
status = translate_socketcall_exit(tracee, sock_addr, size_addr, max_size);
if (status < 0)
break;
/* Don't overwrite the syscall result. */
goto end;
}
#define SYSARG_ADDR(n) (args_addr + ((n) - 1) * sizeof_word(tracee))
#define POKE_WORD(addr, value) \
poke_word(tracee, addr, value); \
if (errno != 0) { \
status = -errno; \
break; \
}
#define PEEK_WORD(addr) \
peek_word(tracee, addr); \
if (errno != 0) { \
status = -errno; \
break; \
}
case PR_socketcall: {
word_t args_addr;
word_t sock_addr;
word_t size_addr;
word_t max_size;
args_addr = peek_reg(tracee, ORIGINAL, SYSARG_2);
switch (peek_reg(tracee, ORIGINAL, SYSARG_1)) {
case SYS_ACCEPT:
case SYS_ACCEPT4:
/* Nothing special to do if no sockaddr was specified. */
sock_addr = PEEK_WORD(SYSARG_ADDR(2));
if (sock_addr == 0)
goto end;
/* Fall through. */
case SYS_GETSOCKNAME:
case SYS_GETPEERNAME:
/* Handle these cases below. */
status = 1;
break;
case SYS_BIND:
case SYS_CONNECT:
/* Restore the initial parameters: this memory was
* overwritten at the enter stage. Remember: POKE_WORD
* puts -errno in status and breaks if an error
* occured. */
POKE_WORD(SYSARG_ADDR(2), peek_reg(tracee, MODIFIED, SYSARG_5));
POKE_WORD(SYSARG_ADDR(3), peek_reg(tracee, MODIFIED, SYSARG_6));
status = 0;
break;
default:
status = 0;
break;
}
/* Error reported by the kernel or there's nothing else to do. */
if ((int) syscall_result < 0 || status == 0)
goto end;
/* An error occured in SYS_BIND or SYS_CONNECT. */
if (status < 0)
break;
/* Remember: PEEK_WORD puts -errno in status and breaks if an
* error occured. */
sock_addr = PEEK_WORD(SYSARG_ADDR(2));
size_addr = PEEK_WORD(SYSARG_ADDR(3));
max_size = peek_reg(tracee, MODIFIED, SYSARG_6);
status = translate_socketcall_exit(tracee, sock_addr, size_addr, max_size);
if (status < 0)
break;
/* Don't overwrite the syscall result. */
goto end;
}
#undef SYSARG_ADDR
#undef PEEK_WORD
#undef POKE_WORD
case PR_fchdir:
case PR_chdir:
/* These syscalls are fully emulated, see enter.c for details
* (like errors). */
status = 0;
break;
case PR_rename:
case PR_renameat: {
char old_path[PATH_MAX];
char new_path[PATH_MAX];
ssize_t old_length;
ssize_t new_length;
Comparison comparison;
Reg old_reg;
Reg new_reg;
char *tmp;
/* Error reported by the kernel. */
if ((int) syscall_result < 0)
goto end;
if (syscall_number == PR_rename) {
old_reg = SYSARG_1;
new_reg = SYSARG_2;
}
else {
old_reg = SYSARG_2;
new_reg = SYSARG_4;
}
/* Get the old path, then convert it to the same
* "point-of-view" as tracee->fs->cwd (guest). */
status = read_path(tracee, old_path, peek_reg(tracee, MODIFIED, old_reg));
if (status < 0)
break;
status = detranslate_path(tracee, old_path, NULL);
if (status < 0)
break;
old_length = (status > 0 ? status - 1 : (ssize_t) strlen(old_path));
/* Nothing special to do if the moved path is not the
* current working directory. */
comparison = compare_paths(old_path, tracee->fs->cwd);
if (comparison != PATH1_IS_PREFIX && comparison != PATHS_ARE_EQUAL) {
status = 0;
break;
}
/* Get the new path, then convert it to the same
* "point-of-view" as tracee->fs->cwd (guest). */
status = read_path(tracee, new_path, peek_reg(tracee, MODIFIED, new_reg));
if (status < 0)
break;
status = detranslate_path(tracee, new_path, NULL);
if (status < 0)
break;
new_length = (status > 0 ? status - 1 : (ssize_t) strlen(new_path));
/* Sanity check. */
if (strlen(tracee->fs->cwd) >= PATH_MAX) {
status = 0;
break;
}
strcpy(old_path, tracee->fs->cwd);
/* Update the virtual current working directory. */
substitute_path_prefix(old_path, old_length, new_path, new_length);
tmp = talloc_strdup(tracee->fs, old_path);
if (tmp == NULL) {
status = -ENOMEM;
break;
}
TALLOC_FREE(tracee->fs->cwd);
tracee->fs->cwd = tmp;
status = 0;
break;
}
case PR_readlink:
case PR_readlinkat: {
char referee[PATH_MAX];
char referer[PATH_MAX];
size_t old_size;
size_t new_size;
size_t max_size;
word_t input;
word_t output;
/* Error reported by the kernel. */
if ((int) syscall_result < 0)
goto end;
old_size = syscall_result;
if (syscall_number == PR_readlink) {
output = peek_reg(tracee, ORIGINAL, SYSARG_2);
max_size = peek_reg(tracee, ORIGINAL, SYSARG_3);
input = peek_reg(tracee, MODIFIED, SYSARG_1);
}
else {
output = peek_reg(tracee, ORIGINAL, SYSARG_3);
max_size = peek_reg(tracee, ORIGINAL, SYSARG_4);
input = peek_reg(tracee, MODIFIED, SYSARG_2);
}
if (max_size > PATH_MAX)
max_size = PATH_MAX;
if (max_size == 0) {
status = -EINVAL;
break;
}
/* The kernel does NOT put the NULL terminating byte for
* readlink(2). */
status = read_data(tracee, referee, output, old_size);
if (status < 0)
break;
referee[old_size] = '\0';
/* Not optimal but safe (path is fully translated). */
status = read_path(tracee, referer, input);
if (status < 0)
break;
if (status >= PATH_MAX) {
status = -ENAMETOOLONG;
break;
}
status = detranslate_path(tracee, referee, referer);
if (status < 0)
break;
/* The original path doesn't require any transformation, i.e
* it is a symetric binding. */
if (status == 0)
goto end;
/* Overwrite the path. Note: the output buffer might be
* initialized with zeros but it was updated with the kernel
* result, and then with the detranslated result. This later
* might be shorter than the former, so it's safier to add a
* NULL terminating byte when possible. This problem was
* exposed by IDA Demo 6.3. */
if ((size_t) status < max_size) {
new_size = status - 1;
status = write_data(tracee, output, referee, status);
}
else {
new_size = max_size;
status = write_data(tracee, output, referee, max_size);
}
if (status < 0)
break;
/* The value of "status" is used to update the returned value
* in translate_syscall_exit(). */
status = new_size;
break;
}
#if defined(ARCH_X86_64)
case PR_uname: {
struct utsname utsname;
word_t address;
size_t size;
if (get_abi(tracee) != ABI_2)
goto end;
/* Error reported by the kernel. */
if ((int) syscall_result < 0)
goto end;
address = peek_reg(tracee, ORIGINAL, SYSARG_1);
status = read_data(tracee, &utsname, address, sizeof(utsname));
if (status < 0)
break;
/* Some 32-bit programs like package managers can be
* confused when the kernel reports "x86_64". */
size = sizeof(utsname.machine);
strncpy(utsname.machine, "i686", size);
utsname.machine[size - 1] = '\0';
status = write_data(tracee, address, &utsname, sizeof(utsname));
if (status < 0)
break;
status = 0;
break;
}
#endif
case PR_execve:
translate_execve_exit(tracee);
goto end;
case PR_ptrace:
status = translate_ptrace_exit(tracee);
break;
case PR_wait4:
case PR_waitpid:
if (tracee->as_ptracer.waits_in != WAITS_IN_PROOT)
goto end;
status = translate_wait_exit(tracee);
break;
case PR_setrlimit:
case PR_prlimit64:
/* Error reported by the kernel. */
if ((int) syscall_result < 0)
goto end;
status = translate_setrlimit_exit(tracee, syscall_number == PR_prlimit64);
if (status < 0)
break;
/* Don't overwrite the syscall result. */
goto end;
default:
goto end;
}
poke_reg(tracee, SYSARG_RESULT, (word_t) status);
end:
status = notify_extensions(tracee, SYSCALL_EXIT_END, status, 0);
if (status < 0)
poke_reg(tracee, SYSARG_RESULT, (word_t) status);
}
/**
* Copy in @result the equivalent of "@tracee->root + canon(@dir_fd +
* @user_path)". If @user_path is not absolute then it is relative to
* the directory referred by the descriptor @dir_fd (AT_FDCWD is for
* the current working directory). See the documentation of
* canonicalize() for the meaning of @deref_final. This function
* returns -errno if an error occured, otherwise 0.
*/
int translate_path(Tracee *tracee, char result[PATH_MAX], int dir_fd,
const char *user_path, bool deref_final)
{
char guest_path[PATH_MAX];
int status;
/* Use "/" as the base if it is an absolute guest path. */
if (user_path[0] == '/') {
strcpy(result, "/");
}
/* It is relative to a directory referred by a descriptor, see
* openat(2) for details. */
else if (dir_fd != AT_FDCWD) {
/* /proc/@tracee->pid/fd/@dir_fd -> result. */
status = readlink_proc_pid_fd(tracee->pid, dir_fd, result);
if (status < 0)
return status;
/* Named file descriptors may reference special
* objects like pipes, sockets, inodes, ... Such
* objects do not belong to the file-system. */
if (result[0] != '/')
return -ENOTDIR;
/* Remove the leading "root" part of the base
* (required!). */
status = detranslate_path(tracee, result, NULL);
if (status < 0)
return status;
}
/* It is relative to the current working directory. */
else {
status = getcwd2(tracee, result);
if (status < 0)
return status;
}
VERBOSE(tracee, 2, "pid %d: translate(\"%s\" + \"%s\")",
tracee != NULL ? tracee->pid : 0, result, user_path);
status = notify_extensions(tracee, GUEST_PATH, (intptr_t) result, (intptr_t) user_path);
if (status < 0)
return status;
if (status > 0)
goto skip;
/* So far "result" was used as a base path, it's time to join
* it to the user path. */
assert(result[0] == '/');
status = join_paths(2, guest_path, result, user_path);
if (status < 0)
return status;
strcpy(result, "/");
/* Canonicalize regarding the new root. */
status = canonicalize(tracee, guest_path, deref_final, result, 0);
if (status < 0)
return status;
/* Final binding substitution to convert "result" into a host
* path, since canonicalize() works from the guest
* point-of-view. */
status = substitute_binding(tracee, GUEST, result);
if (status < 0)
return status;
skip:
VERBOSE(tracee, 2, "pid %d: -> \"%s\"",
tracee != NULL ? tracee->pid : 0, result);
return 0;
}
/**
* Translate the pathname of the struct sockaddr_un currently stored
* in the @tracee memory at the given @address. See the documentation
* of read_sockaddr_un() for the meaning of the @size parameter.
* Also, the new address of the translated sockaddr_un is put in the
* @address parameter. This function returns -errno if an error
* occurred, otherwise 0.
*/
int translate_socketcall_enter(Tracee *tracee, word_t *address, int size)
{
struct sockaddr_un sockaddr;
char user_path[PATH_MAX];
char host_path[PATH_MAX];
int status;
if (*address == 0)
return 0;
status = read_sockaddr_un(tracee, &sockaddr, sizeof(sockaddr), user_path, *address, size);
if (status <= 0)
return status;
status = translate_path(tracee, host_path, AT_FDCWD, user_path, true);
if (status < 0)
return status;
/* Be careful: sun_path doesn't have to be null-terminated. */
if (strlen(host_path) > sizeof_path) {
char *shorter_host_path;
Binding *binding;
/* The translated path is too long to fit the sun_path
* array, so let's bind it to a shorter path. */
shorter_host_path = create_temp_name(tracee->ctx, "proot");
if (shorter_host_path == NULL || strlen(shorter_host_path) > sizeof_path)
return -EINVAL;
(void) mktemp(shorter_host_path);
if (strlen(shorter_host_path) > sizeof_path)
return -EINVAL;
/* Ensure the guest path of this new binding is
* canonicalized, as it is always assumed. */
strcpy(user_path, host_path);
status = detranslate_path(tracee, user_path, NULL);
if (status < 0)
return -EINVAL;
/* Bing the guest path to a shorter host path. */
binding = insort_binding3(tracee, tracee->ctx, shorter_host_path, user_path);
if (binding == NULL)
return -EINVAL;
/* This temporary file (shorter_host_path) will be removed once the
* binding is destroyed. */
talloc_reparent(tracee->ctx, binding, shorter_host_path);
/* Let's use this shorter path now. */
strcpy(host_path, shorter_host_path);
}
strncpy(sockaddr.sun_path, host_path, sizeof_path);
/* Push the updated sockaddr to a newly allocated space. */
*address = alloc_mem(tracee, sizeof(sockaddr));
if (*address == 0)
return -EFAULT;
status = write_data(tracee, *address, &sockaddr, sizeof(sockaddr));
if (status < 0)
return status;
return 1;
}
/**
* Translate the input arguments of the current @tracee's syscall in the
* @tracee->pid process area. This function sets @tracee->status to
* -errno if an error occured from the tracee's point-of-view (EFAULT
* for instance), otherwise 0.
*/
int translate_syscall_enter(Tracee *tracee)
{
int flags;
int dirfd;
int olddirfd;
int newdirfd;
int status;
int status2;
char path[PATH_MAX];
char oldpath[PATH_MAX];
char newpath[PATH_MAX];
word_t syscall_number;
bool special = false;
status = notify_extensions(tracee, SYSCALL_ENTER_START, 0, 0);
if (status < 0)
goto end;
if (status > 0)
return 0;
/* Translate input arguments. */
syscall_number = get_sysnum(tracee, ORIGINAL);
switch (syscall_number) {
default:
/* Nothing to do. */
status = 0;
break;
case PR_execve:
status = translate_execve_enter(tracee);
break;
case PR_ptrace:
status = translate_ptrace_enter(tracee);
break;
case PR_wait4:
case PR_waitpid:
status = translate_wait_enter(tracee);
break;
case PR_brk:
translate_brk_enter(tracee);
status = 0;
break;
case PR_getcwd:
set_sysnum(tracee, PR_void);
status = 0;
break;
case PR_fchdir:
case PR_chdir: {
struct stat statl;
char *tmp;
/* The ending "." ensures an error will be reported if
* path does not exist or if it is not a directory. */
if (syscall_number == PR_chdir) {
status = get_sysarg_path(tracee, path, SYSARG_1);
if (status < 0)
break;
status = join_paths(2, oldpath, path, ".");
if (status < 0)
break;
dirfd = AT_FDCWD;
}
else {
strcpy(oldpath, ".");
dirfd = peek_reg(tracee, CURRENT, SYSARG_1);
}
status = translate_path(tracee, path, dirfd, oldpath, true);
if (status < 0)
break;
status = lstat(path, &statl);
if (status < 0)
break;
/* Check this directory is accessible. */
if ((statl.st_mode & S_IXUSR) == 0)
return -EACCES;
/* Sadly this method doesn't detranslate statefully,
* this means that there's an ambiguity when several
* bindings are from the same host path:
*
* $ proot -m /tmp:/a -m /tmp:/b fchdir_getcwd /a
* /b
*
* $ proot -m /tmp:/b -m /tmp:/a fchdir_getcwd /a
* /a
*
* A solution would be to follow each file descriptor
* just like it is done for cwd.
*/
status = detranslate_path(tracee, path, NULL);
if (status < 0)
break;
/* Remove the trailing "/" or "/.". */
chop_finality(path);
tmp = talloc_strdup(tracee->fs, path);
if (tmp == NULL) {
status = -ENOMEM;
break;
}
TALLOC_FREE(tracee->fs->cwd);
tracee->fs->cwd = tmp;
talloc_set_name_const(tracee->fs->cwd, "$cwd");
set_sysnum(tracee, PR_void);
status = 0;
break;
}
case PR_bind:
case PR_connect: {
word_t address;
word_t size;
address = peek_reg(tracee, CURRENT, SYSARG_2);
size = peek_reg(tracee, CURRENT, SYSARG_3);
status = translate_socketcall_enter(tracee, &address, size);
if (status <= 0)
break;
poke_reg(tracee, SYSARG_2, address);
poke_reg(tracee, SYSARG_3, sizeof(struct sockaddr_un));
status = 0;
break;
}
#define SYSARG_ADDR(n) (args_addr + ((n) - 1) * sizeof_word(tracee))
#define PEEK_WORD(addr, forced_errno) \
peek_word(tracee, addr); \
if (errno != 0) { \
status = forced_errno ?: -errno; \
break; \
}
#define POKE_WORD(addr, value) \
poke_word(tracee, addr, value); \
if (errno != 0) { \
status = -errno; \
break; \
}
case PR_accept:
case PR_accept4:
/* Nothing special to do if no sockaddr was specified. */
if (peek_reg(tracee, ORIGINAL, SYSARG_2) == 0) {
status = 0;
break;
}
special = true;
/* Fall through. */
case PR_getsockname:
case PR_getpeername:{
int size;
/* Remember: PEEK_WORD puts -errno in status and breaks if an
* error occured. */
size = (int) PEEK_WORD(peek_reg(tracee, ORIGINAL, SYSARG_3), special ? -EINVAL : 0);
/* The "size" argument is both used as an input parameter
* (max. size) and as an output parameter (actual size). The
* exit stage needs to know the max. size to not overwrite
* anything, that's why it is copied in the 6th argument
* (unused) before the kernel updates it. */
poke_reg(tracee, SYSARG_6, size);
status = 0;
break;
}
case PR_socketcall: {
word_t args_addr;
word_t sock_addr_saved;
word_t sock_addr;
word_t size_addr;
word_t size;
args_addr = peek_reg(tracee, CURRENT, SYSARG_2);
switch (peek_reg(tracee, CURRENT, SYSARG_1)) {
case SYS_BIND:
case SYS_CONNECT:
/* Handle these cases below. */
status = 1;
break;
case SYS_ACCEPT:
case SYS_ACCEPT4:
/* Nothing special to do if no sockaddr was specified. */
sock_addr = PEEK_WORD(SYSARG_ADDR(2), 0);
if (sock_addr == 0) {
status = 0;
break;
}
special = true;
/* Fall through. */
case SYS_GETSOCKNAME:
case SYS_GETPEERNAME:
/* Remember: PEEK_WORD puts -errno in status and breaks
* if an error occured. */
size_addr = PEEK_WORD(SYSARG_ADDR(3), 0);
size = (int) PEEK_WORD(size_addr, special ? -EINVAL : 0);
/* See case PR_accept for explanation. */
poke_reg(tracee, SYSARG_6, size);
status = 0;
break;
default:
status = 0;
break;
}
/* An error occured or there's nothing else to do. */
if (status <= 0)
break;
/* Remember: PEEK_WORD puts -errno in status and breaks if an
* error occured. */
sock_addr = PEEK_WORD(SYSARG_ADDR(2), 0);
size = PEEK_WORD(SYSARG_ADDR(3), 0);
sock_addr_saved = sock_addr;
status = translate_socketcall_enter(tracee, &sock_addr, size);
if (status <= 0)
break;
/* These parameters are used/restored at the exit stage. */
poke_reg(tracee, SYSARG_5, sock_addr_saved);
poke_reg(tracee, SYSARG_6, size);
/* Remember: POKE_WORD puts -errno in status and breaks if an
* error occured. */
POKE_WORD(SYSARG_ADDR(2), sock_addr);
POKE_WORD(SYSARG_ADDR(3), sizeof(struct sockaddr_un));
status = 0;
break;
}
#undef SYSARG_ADDR
#undef PEEK_WORD
#undef POKE_WORD
case PR_access:
case PR_acct:
case PR_chmod:
case PR_chown:
case PR_chown32:
case PR_chroot:
case PR_getxattr:
case PR_listxattr:
case PR_mknod:
case PR_oldstat:
case PR_creat:
case PR_removexattr:
case PR_setxattr:
case PR_stat:
case PR_stat64:
case PR_statfs:
case PR_statfs64:
case PR_swapoff:
case PR_swapon:
case PR_truncate:
case PR_truncate64:
case PR_umount:
case PR_umount2:
case PR_uselib:
case PR_utime:
case PR_utimes:
status = translate_sysarg(tracee, SYSARG_1, REGULAR);
break;
case PR_open:
flags = peek_reg(tracee, CURRENT, SYSARG_2);
if ( ((flags & O_NOFOLLOW) != 0)
|| ((flags & O_EXCL) != 0 && (flags & O_CREAT) != 0))
status = translate_sysarg(tracee, SYSARG_1, SYMLINK);
else
status = translate_sysarg(tracee, SYSARG_1, REGULAR);
break;
case PR_fchownat:
case PR_fstatat64:
case PR_newfstatat:
case PR_utimensat:
case PR_name_to_handle_at:
dirfd = peek_reg(tracee, CURRENT, SYSARG_1);
status = get_sysarg_path(tracee, path, SYSARG_2);
if (status < 0)
break;
flags = ( syscall_number == PR_fchownat
|| syscall_number == PR_name_to_handle_at)
? peek_reg(tracee, CURRENT, SYSARG_5)
: peek_reg(tracee, CURRENT, SYSARG_4);
if ((flags & AT_SYMLINK_NOFOLLOW) != 0)
status = translate_path2(tracee, dirfd, path, SYSARG_2, SYMLINK);
else
status = translate_path2(tracee, dirfd, path, SYSARG_2, REGULAR);
break;
case PR_fchmodat:
case PR_faccessat:
case PR_futimesat:
case PR_mknodat:
dirfd = peek_reg(tracee, CURRENT, SYSARG_1);
status = get_sysarg_path(tracee, path, SYSARG_2);
if (status < 0)
break;
status = translate_path2(tracee, dirfd, path, SYSARG_2, REGULAR);
break;
case PR_inotify_add_watch:
flags = peek_reg(tracee, CURRENT, SYSARG_3);
if ((flags & IN_DONT_FOLLOW) != 0)
status = translate_sysarg(tracee, SYSARG_2, SYMLINK);
else
status = translate_sysarg(tracee, SYSARG_2, REGULAR);
break;
case PR_readlink:
case PR_lchown:
case PR_lchown32:
case PR_lgetxattr:
case PR_llistxattr:
case PR_lremovexattr:
case PR_lsetxattr:
case PR_lstat:
case PR_lstat64:
case PR_oldlstat:
case PR_unlink:
case PR_rmdir:
case PR_mkdir:
status = translate_sysarg(tracee, SYSARG_1, SYMLINK);
break;
case PR_pivot_root:
status = translate_sysarg(tracee, SYSARG_1, REGULAR);
if (status < 0)
break;
status = translate_sysarg(tracee, SYSARG_2, REGULAR);
break;
case PR_linkat:
olddirfd = peek_reg(tracee, CURRENT, SYSARG_1);
newdirfd = peek_reg(tracee, CURRENT, SYSARG_3);
flags = peek_reg(tracee, CURRENT, SYSARG_5);
status = get_sysarg_path(tracee, oldpath, SYSARG_2);
if (status < 0)
break;
status = get_sysarg_path(tracee, newpath, SYSARG_4);
if (status < 0)
break;
if ((flags & AT_SYMLINK_FOLLOW) != 0)
status = translate_path2(tracee, olddirfd, oldpath, SYSARG_2, REGULAR);
else
status = translate_path2(tracee, olddirfd, oldpath, SYSARG_2, SYMLINK);
if (status < 0)
break;
status = translate_path2(tracee, newdirfd, newpath, SYSARG_4, SYMLINK);
break;
case PR_mount:
status = get_sysarg_path(tracee, path, SYSARG_1);
if (status < 0)
break;
/* The following check covers only 90% of the cases. */
if (path[0] == '/' || path[0] == '.') {
status = translate_path2(tracee, AT_FDCWD, path, SYSARG_1, REGULAR);
if (status < 0)
break;
}
status = translate_sysarg(tracee, SYSARG_2, REGULAR);
break;
case PR_openat:
dirfd = peek_reg(tracee, CURRENT, SYSARG_1);
flags = peek_reg(tracee, CURRENT, SYSARG_3);
status = get_sysarg_path(tracee, path, SYSARG_2);
if (status < 0)
break;
if ( ((flags & O_NOFOLLOW) != 0)
|| ((flags & O_EXCL) != 0 && (flags & O_CREAT) != 0))
status = translate_path2(tracee, dirfd, path, SYSARG_2, SYMLINK);
else
status = translate_path2(tracee, dirfd, path, SYSARG_2, REGULAR);
break;
case PR_readlinkat:
case PR_unlinkat:
case PR_mkdirat:
dirfd = peek_reg(tracee, CURRENT, SYSARG_1);
status = get_sysarg_path(tracee, path, SYSARG_2);
if (status < 0)
break;
status = translate_path2(tracee, dirfd, path, SYSARG_2, SYMLINK);
break;
case PR_link:
case PR_rename:
status = translate_sysarg(tracee, SYSARG_1, SYMLINK);
if (status < 0)
break;
status = translate_sysarg(tracee, SYSARG_2, SYMLINK);
break;
case PR_renameat:
olddirfd = peek_reg(tracee, CURRENT, SYSARG_1);
newdirfd = peek_reg(tracee, CURRENT, SYSARG_3);
status = get_sysarg_path(tracee, oldpath, SYSARG_2);
if (status < 0)
break;
status = get_sysarg_path(tracee, newpath, SYSARG_4);
if (status < 0)
break;
status = translate_path2(tracee, olddirfd, oldpath, SYSARG_2, SYMLINK);
if (status < 0)
break;
status = translate_path2(tracee, newdirfd, newpath, SYSARG_4, SYMLINK);
break;
case PR_symlink:
status = translate_sysarg(tracee, SYSARG_2, SYMLINK);
break;
case PR_symlinkat:
newdirfd = peek_reg(tracee, CURRENT, SYSARG_2);
status = get_sysarg_path(tracee, newpath, SYSARG_3);
if (status < 0)
break;
status = translate_path2(tracee, newdirfd, newpath, SYSARG_3, SYMLINK);
break;
}
end:
status2 = notify_extensions(tracee, SYSCALL_ENTER_END, status, 0);
if (status2 < 0)
status = status2;
return status;
}
/**
* Copy in @host_path the equivalent of "@tracee->root +
* canonicalize(@dir_fd + @guest_path)". If @guest_path is not
* absolute then it is relative to the directory referred by the
* descriptor @dir_fd (AT_FDCWD is for the current working directory).
* See the documentation of canonicalize() for the meaning of
* @deref_final. This function returns -errno if an error occured,
* otherwise 0.
*/
int translate_path(Tracee *tracee, char host_path[PATH_MAX],
int dir_fd, const char *guest_path, bool deref_final)
{
int status;
/* Use "/" as the base if it is an absolute guest path. */
if (guest_path[0] == '/') {
strcpy(host_path, "/");
}
/* It is relative to the current working directory or to a
* directory referred by a descriptors, see openat(2) for
* details. */
else if (dir_fd == AT_FDCWD) {
status = getcwd2(tracee, host_path);
if (status < 0)
return status;
}
else {
struct stat statl;
/* /proc/@tracee->pid/fd/@dir_fd -> host_path. */
status = readlink_proc_pid_fd(tracee->pid, dir_fd, host_path);
if (status < 0)
return status;
/* Ensure it points to a directory. */
status = stat(host_path, &statl);
if (status < 0)
return -errno;
if (!S_ISDIR(statl.st_mode))
return -ENOTDIR;
/* Remove the leading "root" part of the base
* (required!). */
status = detranslate_path(tracee, host_path, NULL);
if (status < 0)
return status;
}
VERBOSE(tracee, 2, "pid %d: translate(\"%s\" + \"%s\")",
tracee != NULL ? tracee->pid : 0, host_path, guest_path);
status = notify_extensions(tracee, GUEST_PATH, (intptr_t)host_path, (intptr_t)guest_path);
if (status < 0)
return status;
if (status > 0)
goto skip;
/* Canonicalize regarding the new root. */
status = canonicalize(tracee, guest_path, deref_final, host_path, 0);
if (status < 0)
return status;
/* Final binding substitution to convert "host_path" into a host
* path, since canonicalize() works from the guest
* point-of-view. */
status = substitute_binding(tracee, GUEST, host_path);
if (status < 0)
return status;
skip:
VERBOSE(tracee, 2, "pid %d: -> \"%s\"",
tracee != NULL ? tracee->pid : 0, host_path);
return 0;
}
