analyze-security: always save syscall name
This reverts
dd51e725df9aec2847482131ef601e0215b371a0 and fixes bugs
introduced by
1624114d74f55ad9791b7624b08d89d2339a68b3.
Previously,
- On online scan, the syscall filter was a string Hashmap, but it
might contain syscall name with errno or error action. Hence, we need
to drop the errno or error action in the string.
- On offline scan, the syscall filter was a Hashmap of syscall ID, so
hashmap_contains() with syscall name did not work. We need to convert
syscall IDs to syscall names.
- If hashmap_contains() in syscall_names_in_filter() is true, then
the syscall is allowed when the list is an allow-list, and vice versa.
Hence, the condition in syscall_names_in_filter() was errnously
inverted by
dd51e725df9aec2847482131ef601e0215b371a0.
This makes syscalls are always stored with its name, instead of ID,
and also correct the condition.
Fixes #23663.
projects / systemd / .git / commit