commit 3f829a529ddb9ca40b0dfcb43d5cf668b829a7db
author Zach Reizner <zachr@google.com> Thu Feb 28 16:16:26 2019 -0800
committer android-build-merger <android-build-merger@google.com> Thu Feb 28 16:16:26 2019 -0800
tree 18f30adb4030c8f102289ff73850c057757c4fa6
parent 837b105bca6df80764389544084bd76672ed5f53
parent ad91170cdd2e6ef6c91a1086099baa0bfd048b87

syscall_filter: allow more than one @include per syscall filter am: e926051b48
am: ad91170cdd

Change-Id: I1322d9fe51e1e3c1445ba1f41271e546d45c1b77

syscall_filter.c

diff --git a/syscall_filter.c b/syscall_filter.c
index 29f250e..c1526a4 100644
--- a/syscall_filter.c
+++ b/syscall_filter.c
@@ -557,7 +557,7 @@
 			if (compile_file(filename, included_file, head,
 					 arg_blocks, labels, use_ret_trap,
 					 allow_logging,
-					 ++include_level) == -1) {
+					 include_level + 1) == -1) {
 				compiler_warn(&state, "'@include %s' failed",
 					      filename);
 				fclose(included_file);

syscall_filter_unittest.cc

diff --git a/syscall_filter_unittest.cc b/syscall_filter_unittest.cc
index 7b38b84..cf01d3f 100644
--- a/syscall_filter_unittest.cc
+++ b/syscall_filter_unittest.cc
@@ -1744,6 +1744,25 @@
   free(actual.filter);
 }
 
+TEST(FilterTest, include_two) {
+  struct sock_fprog actual;
+  std::string policy =
+      "@include " + source_path("test/seccomp.policy") + "\n" +
+      "@include " + source_path("test/seccomp.policy") + "\n";
+
+  FILE* policy_file = write_policy_to_pipe(policy);
+  ASSERT_NE(policy_file, nullptr);
+
+  int res = test_compile_filter("policy", policy_file, &actual);
+  fclose(policy_file);
+
+  ASSERT_EQ(res, 0);
+  EXPECT_EQ(actual.len,
+            ARCH_VALIDATION_LEN + 1 /* load syscall nr */ +
+                2 * 8 /* check syscalls twice */ + 1 /* filter return */);
+  free(actual.filter);
+}
+
 TEST(FilterTest, include_invalid_policy) {
   struct sock_fprog actual;
   std::string policy =