From 56738173ebef2e435696fda97a091afcf0e62cfa Mon Sep 17 00:00:00 2001 From: Tom Hromatka Date: Thu, 5 Mar 2020 14:04:18 -0700 Subject: [PATCH 1/2] tests: change test 53 to use syscall names rather than numbers Previously test 53, sim-binary_tree, used syscall numbers to build a large binary tree. This is problematic on architectures that have sparsely populated syscall numbers. This commit modifies the test to use syscall names to build up a realistic binary tree that should work on all architectures. Signed-off-by: Tom Hromatka --- tests/53-sim-binary_tree.c | 110 +++++++--- tests/53-sim-binary_tree.py | 55 ++++- tests/53-sim-binary_tree.tests | 377 ++++----------------------------- 3 files changed, 176 insertions(+), 366 deletions(-) diff --git a/tests/53-sim-binary_tree.c b/tests/53-sim-binary_tree.c index 2c7890e5..bf2e5535 100644 --- a/tests/53-sim-binary_tree.c +++ b/tests/53-sim-binary_tree.c @@ -1,7 +1,7 @@ /** * Seccomp Library test program * - * Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018-2020 Oracle and/or its affiliates. * Author: Tom Hromatka */ @@ -29,9 +29,61 @@ #include "util.h" -#define MAX_SYSCALL (330) +#define ARG_COUNT_MAX 2 -#include +struct syscall_errno { + int syscall; + int error; + int arg_cnt; + /* To make the test more interesting, arguments are added to several + * syscalls. To keep the test simple, the arguments always use + * SCMP_CMP_EQ. + */ + int args[ARG_COUNT_MAX]; +}; + +struct syscall_errno table[] = { + { SCMP_SYS(read), 0, 0, { 0, 0 } }, + { SCMP_SYS(write), 1, 0, { 0, 0 } }, + { SCMP_SYS(open), 2, 0, { 0, 0 } }, + { SCMP_SYS(close), 3, 2, { 100, 101 } }, + { SCMP_SYS(stat), 4, 0, { 0, 0 } }, + { SCMP_SYS(fstat), 5, 0, { 0, 0 } }, + { SCMP_SYS(lstat), 6, 0, { 0, 0 } }, + { SCMP_SYS(poll), 7, 1, { 102, 0 } }, + { SCMP_SYS(lseek), 8, 2, { 103, 104 } }, + { SCMP_SYS(mmap), 9, 0, { 0, 0 } }, + { SCMP_SYS(mprotect), 10, 0, { 0, 0 } }, + { SCMP_SYS(munmap), 11, 0, { 0, 0 } }, + { SCMP_SYS(brk), 12, 0, { 0, 0 } }, + { SCMP_SYS(rt_sigaction), 13, 0, { 0, 0 } }, + { SCMP_SYS(rt_sigprocmask), 14, 0, { 0, 0 } }, + { SCMP_SYS(rt_sigreturn), 15, 0, { 0, 0 } }, + { SCMP_SYS(ioctl), 16, 0, { 0, 0 } }, + { SCMP_SYS(pread64), 17, 1, { 105, 0 } }, + { SCMP_SYS(pwrite64), 18, 0, { 0, 0 } }, + { SCMP_SYS(readv), 19, 0, { 0, 0 } }, + { SCMP_SYS(writev), 20, 0, { 0, 0 } }, + { SCMP_SYS(access), 21, 0, { 0, 0 } }, + { SCMP_SYS(pipe), 22, 0, { 0, 0 } }, + { SCMP_SYS(select), 23, 2, { 106, 107 } }, + { SCMP_SYS(sched_yield), 24, 0, { 0, 0 } }, + { SCMP_SYS(mremap), 25, 2, { 108, 109 } }, + { SCMP_SYS(msync), 26, 0, { 0, 0 } }, + { SCMP_SYS(mincore), 27, 0, { 0, 0 } }, + { SCMP_SYS(madvise), 28, 0, { 0, 0 } }, + { SCMP_SYS(shmget), 29, 0, { 0, 0 } }, + { SCMP_SYS(shmat), 30, 1, { 110, 0 } }, + { SCMP_SYS(shmctl), 31, 1, { 111, 0 } }, + { SCMP_SYS(dup), 32, 1, { 112, 0 } }, + { SCMP_SYS(dup2), 33, 0, { 0, 0 } }, + { SCMP_SYS(pause), 34, 0, { 0, 0 } }, + { SCMP_SYS(nanosleep), 35, 0, { 0, 0 } }, + { SCMP_SYS(getitimer), 36, 0, { 0, 0 } }, + { SCMP_SYS(alarm), 37, 0, { 0, 0 } }, +}; + +const int table_size = sizeof(table) / sizeof(table[0]); int main(int argc, char *argv[]) { @@ -49,38 +101,36 @@ int main(int argc, char *argv[]) goto out; } - rc = seccomp_arch_remove(ctx, SCMP_ARCH_NATIVE); - if (rc < 0) - goto out; - rc = seccomp_arch_add(ctx, SCMP_ARCH_X86_64); - if (rc < 0) - goto out; - rc = seccomp_arch_add(ctx, SCMP_ARCH_X86); - if (rc < 0) - goto out; rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_OPTIMIZE, 2); if (rc < 0) goto out; - /* NOTE: this test is entirely fabricated and should not be - * replicated in the real world. - * - * The MAX_SYSCALL number (330) was chosen to force seccomp to - * build an unbalanced binary tree - and it happens to be less - * than the current syscall max. The syscall numbers are - * hardcoded to simplify the test. A few syscalls have - * argument chains to further complicate the filter. - */ + for (i = 0; i < table_size; i++) { + switch (table[i].arg_cnt) { + case 2: + rc = seccomp_rule_add(ctx, + SCMP_ACT_ERRNO(table[i].error), + table[i].syscall, 2, + SCMP_A0(SCMP_CMP_EQ, + table[i].args[0]), + SCMP_A1(SCMP_CMP_EQ, + table[i].args[1])); + break; + case 1: + rc = seccomp_rule_add(ctx, + SCMP_ACT_ERRNO(table[i].error), + table[i].syscall, 1, + SCMP_A0(SCMP_CMP_EQ, + table[i].args[0])); + break; + case 0: + default: + rc = seccomp_rule_add(ctx, + SCMP_ACT_ERRNO(table[i].error), + table[i].syscall, 0); + break; + } - for (i = 0; i < MAX_SYSCALL; i++) { - /* arbitrarily make the filter more complex by filtering - * on arguments for a few syscalls - */ - if (i == 10 || i == 53 || i == 61 || i == 255) - rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(i), i, 1, - SCMP_A0(SCMP_CMP_EQ, i)); - else - rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(i), i, 0); if (rc < 0) goto out; } diff --git a/tests/53-sim-binary_tree.py b/tests/53-sim-binary_tree.py index 8a17918b..3b933b97 100755 --- a/tests/53-sim-binary_tree.py +++ b/tests/53-sim-binary_tree.py @@ -28,6 +28,47 @@ from seccomp import * +table = [ + {"syscall": "read", "error": 0, "arg_cnt": 0 }, + {"syscall": "write", "error": 1, "arg_cnt": 0 }, + {"syscall": "open", "error": 2, "arg_cnt": 0 }, + {"syscall": "close", "error": 3, "arg_cnt": 2, "arg1": 100, "arg2": 101 }, + {"syscall": "stat", "error": 4, "arg_cnt": 0 }, + {"syscall": "fstat", "error": 5, "arg_cnt": 0 }, + {"syscall": "lstat", "error": 6, "arg_cnt": 0 }, + {"syscall": "poll", "error": 7, "arg_cnt": 1, "arg1": 102 }, + {"syscall": "lseek", "error": 8, "arg_cnt": 2, "arg1": 103, "arg2": 104 }, + {"syscall": "mmap", "error": 9, "arg_cnt": 0 }, + {"syscall": "mprotect", "error": 10, "arg_cnt": 0 }, + {"syscall": "munmap", "error": 11, "arg_cnt": 0 }, + {"syscall": "brk", "error": 12, "arg_cnt": 0 }, + {"syscall": "rt_sigaction", "error": 13, "arg_cnt": 0 }, + {"syscall": "rt_sigprocmask", "error": 14, "arg_cnt": 0 }, + {"syscall": "rt_sigreturn", "error": 15, "arg_cnt": 0 }, + {"syscall": "ioctl", "error": 16, "arg_cnt": 0 }, + {"syscall": "pread64", "error": 17, "arg_cnt": 1, "arg1": 105 }, + {"syscall": "pwrite64", "error": 18, "arg_cnt": 0 }, + {"syscall": "readv", "error": 19, "arg_cnt": 0 }, + {"syscall": "writev", "error": 20, "arg_cnt": 0 }, + {"syscall": "access", "error": 21, "arg_cnt": 0 }, + {"syscall": "pipe", "error": 22, "arg_cnt": 0 }, + {"syscall": "select", "error": 23, "arg_cnt": 2, "arg1": 106, "arg2": 107 }, + {"syscall": "sched_yield", "error": 24, "arg_cnt": 0 }, + {"syscall": "mremap", "error": 25, "arg_cnt": 2, "arg1": 108, "arg2": 109 }, + {"syscall": "msync", "error": 26, "arg_cnt": 0 }, + {"syscall": "mincore", "error": 27, "arg_cnt": 0 }, + {"syscall": "madvise", "error": 28, "arg_cnt": 0 }, + {"syscall": "shmget", "error": 29, "arg_cnt": 0 }, + {"syscall": "shmat", "error": 30, "arg_cnt": 1, "arg1": 110 }, + {"syscall": "shmctl", "error": 31, "arg_cnt": 1, "arg1": 111 }, + {"syscall": "dup", "error": 32, "arg_cnt": 1, "arg1": 112 }, + {"syscall": "dup2", "error": 33, "arg_cnt": 0 }, + {"syscall": "pause", "error": 34, "arg_cnt": 0 }, + {"syscall": "nanosleep", "error": 35, "arg_cnt": 0 }, + {"syscall": "getitimer", "error": 36, "arg_cnt": 0 }, + {"syscall": "alarm", "error": 37, "arg_cnt": 0 }, +] + def test(args): f = SyscallFilter(ALLOW) @@ -36,11 +77,17 @@ def test(args): f.add_arch(Arch("x86")) f.set_attr(Attr.CTL_OPTIMIZE, 2) - for i in range(330): - if (i == 10 or i == 53 or i == 61 or i == 255): - f.add_rule(ERRNO(i), i, Arg(0, EQ, i)) + for entry in table: + print(entry) + if entry["arg_cnt"] == 2: + f.add_rule(ERRNO(entry["error"]), entry["syscall"], + Arg(0, EQ, entry["arg1"]), + Arg(1, EQ, entry["arg2"])) + elif entry["arg_cnt"] == 1: + f.add_rule(ERRNO(entry["error"]), entry["syscall"], + Arg(0, EQ, entry["arg1"])) else: - f.add_rule(ERRNO(i), i) + f.add_rule(ERRNO(entry["error"]), entry["syscall"]) return f diff --git a/tests/53-sim-binary_tree.tests b/tests/53-sim-binary_tree.tests index 8c896ac3..240c4db8 100644 --- a/tests/53-sim-binary_tree.tests +++ b/tests/53-sim-binary_tree.tests @@ -1,343 +1,56 @@ # # libseccomp regression test automation data # -# Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2019-2020 Oracle and/or its affiliates. # Author: Tom Hromatka # test type: bpf-sim -# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -53-sim-binary_tree all 0 N N N N N N ERRNO(0) -53-sim-binary_tree all 1 N N N N N N ERRNO(1) -53-sim-binary_tree all 2 N N N N N N ERRNO(2) -53-sim-binary_tree all 3 N N N N N N ERRNO(3) -53-sim-binary_tree all 4 N N N N N N ERRNO(4) -53-sim-binary_tree all 5 N N N N N N ERRNO(5) -53-sim-binary_tree all 6 N N N N N N ERRNO(6) -53-sim-binary_tree all 7 N N N N N N ERRNO(7) -53-sim-binary_tree all 8 N N N N N N ERRNO(8) -53-sim-binary_tree all 9 N N N N N N ERRNO(9) -53-sim-binary_tree all 10 10 N N N N N ERRNO(10) -53-sim-binary_tree all 11 N N N N N N ERRNO(11) -53-sim-binary_tree all 12 N N N N N N ERRNO(12) -53-sim-binary_tree all 13 N N N N N N ERRNO(13) -53-sim-binary_tree all 14 N N N N N N ERRNO(14) -53-sim-binary_tree all 15 N N N N N N ERRNO(15) -53-sim-binary_tree all 16 N N N N N N ERRNO(16) -53-sim-binary_tree all 17 N N N N N N ERRNO(17) -53-sim-binary_tree all 18 N N N N N N ERRNO(18) -53-sim-binary_tree all 19 N N N N N N ERRNO(19) -53-sim-binary_tree all 20 N N N N N N ERRNO(20) -53-sim-binary_tree all 21 N N N N N N ERRNO(21) -53-sim-binary_tree all 22 N N N N N N ERRNO(22) -53-sim-binary_tree all 23 N N N N N N ERRNO(23) -53-sim-binary_tree all 24 N N N N N N ERRNO(24) -53-sim-binary_tree all 25 N N N N N N ERRNO(25) -53-sim-binary_tree all 26 N N N N N N ERRNO(26) -53-sim-binary_tree all 27 N N N N N N ERRNO(27) -53-sim-binary_tree all 28 N N N N N N ERRNO(28) -53-sim-binary_tree all 29 N N N N N N ERRNO(29) -53-sim-binary_tree all 30 N N N N N N ERRNO(30) -53-sim-binary_tree all 31 N N N N N N ERRNO(31) -53-sim-binary_tree all 32 N N N N N N ERRNO(32) -53-sim-binary_tree all 33 N N N N N N ERRNO(33) -53-sim-binary_tree all 34 N N N N N N ERRNO(34) -53-sim-binary_tree all 35 N N N N N N ERRNO(35) -53-sim-binary_tree all 36 N N N N N N ERRNO(36) -53-sim-binary_tree all 37 N N N N N N ERRNO(37) -53-sim-binary_tree all 38 N N N N N N ERRNO(38) -53-sim-binary_tree all 39 N N N N N N ERRNO(39) -53-sim-binary_tree all 40 N N N N N N ERRNO(40) -53-sim-binary_tree all 41 N N N N N N ERRNO(41) -53-sim-binary_tree all 42 N N N N N N ERRNO(42) -53-sim-binary_tree all 43 N N N N N N ERRNO(43) -53-sim-binary_tree all 44 N N N N N N ERRNO(44) -53-sim-binary_tree all 45 N N N N N N ERRNO(45) -53-sim-binary_tree all 46 N N N N N N ERRNO(46) -53-sim-binary_tree all 47 N N N N N N ERRNO(47) -53-sim-binary_tree all 48 N N N N N N ERRNO(48) -53-sim-binary_tree all 49 N N N N N N ERRNO(49) -53-sim-binary_tree all 50 N N N N N N ERRNO(50) -53-sim-binary_tree all 51 N N N N N N ERRNO(51) -53-sim-binary_tree all 52 N N N N N N ERRNO(52) -53-sim-binary_tree all 53 53 N N N N N ERRNO(53) -53-sim-binary_tree all 54 N N N N N N ERRNO(54) -53-sim-binary_tree all 55 N N N N N N ERRNO(55) -53-sim-binary_tree all 56 N N N N N N ERRNO(56) -53-sim-binary_tree all 57 N N N N N N ERRNO(57) -53-sim-binary_tree all 58 N N N N N N ERRNO(58) -53-sim-binary_tree all 59 N N N N N N ERRNO(59) -53-sim-binary_tree all 60 N N N N N N ERRNO(60) -53-sim-binary_tree all 61 61 N N N N N ERRNO(61) -53-sim-binary_tree all 62 N N N N N N ERRNO(62) -53-sim-binary_tree all 63 N N N N N N ERRNO(63) -53-sim-binary_tree all 64 N N N N N N ERRNO(64) -53-sim-binary_tree all 65 N N N N N N ERRNO(65) -53-sim-binary_tree all 66 N N N N N N ERRNO(66) -53-sim-binary_tree all 67 N N N N N N ERRNO(67) -53-sim-binary_tree all 68 N N N N N N ERRNO(68) -53-sim-binary_tree all 69 N N N N N N ERRNO(69) -53-sim-binary_tree all 70 N N N N N N ERRNO(70) -53-sim-binary_tree all 71 N N N N N N ERRNO(71) -53-sim-binary_tree all 72 N N N N N N ERRNO(72) -53-sim-binary_tree all 73 N N N N N N ERRNO(73) -53-sim-binary_tree all 74 N N N N N N ERRNO(74) -53-sim-binary_tree all 75 N N N N N N ERRNO(75) -53-sim-binary_tree all 76 N N N N N N ERRNO(76) -53-sim-binary_tree all 77 N N N N N N ERRNO(77) -53-sim-binary_tree all 78 N N N N N N ERRNO(78) -53-sim-binary_tree all 79 N N N N N N ERRNO(79) -53-sim-binary_tree all 80 N N N N N N ERRNO(80) -53-sim-binary_tree all 81 N N N N N N ERRNO(81) -53-sim-binary_tree all 82 N N N N N N ERRNO(82) -53-sim-binary_tree all 83 N N N N N N ERRNO(83) -53-sim-binary_tree all 84 N N N N N N ERRNO(84) -53-sim-binary_tree all 85 N N N N N N ERRNO(85) -53-sim-binary_tree all 86 N N N N N N ERRNO(86) -53-sim-binary_tree all 87 N N N N N N ERRNO(87) -53-sim-binary_tree all 88 N N N N N N ERRNO(88) -53-sim-binary_tree all 89 N N N N N N ERRNO(89) -53-sim-binary_tree all 90 N N N N N N ERRNO(90) -53-sim-binary_tree all 91 N N N N N N ERRNO(91) -53-sim-binary_tree all 92 N N N N N N ERRNO(92) -53-sim-binary_tree all 93 N N N N N N ERRNO(93) -53-sim-binary_tree all 94 N N N N N N ERRNO(94) -53-sim-binary_tree all 95 N N N N N N ERRNO(95) -53-sim-binary_tree all 96 N N N N N N ERRNO(96) -53-sim-binary_tree all 97 N N N N N N ERRNO(97) -53-sim-binary_tree all 98 N N N N N N ERRNO(98) -53-sim-binary_tree all 99 N N N N N N ERRNO(99) -53-sim-binary_tree all 100 N N N N N N ERRNO(100) -53-sim-binary_tree all 101 N N N N N N ERRNO(101) -53-sim-binary_tree all 102 N N N N N N ERRNO(102) -53-sim-binary_tree all 103 N N N N N N ERRNO(103) -53-sim-binary_tree all 104 N N N N N N ERRNO(104) -53-sim-binary_tree all 105 N N N N N N ERRNO(105) -53-sim-binary_tree all 106 N N N N N N ERRNO(106) -53-sim-binary_tree all 107 N N N N N N ERRNO(107) -53-sim-binary_tree all 108 N N N N N N ERRNO(108) -53-sim-binary_tree all 109 N N N N N N ERRNO(109) -53-sim-binary_tree all 110 N N N N N N ERRNO(110) -53-sim-binary_tree all 111 N N N N N N ERRNO(111) -53-sim-binary_tree all 112 N N N N N N ERRNO(112) -53-sim-binary_tree all 113 N N N N N N ERRNO(113) -53-sim-binary_tree all 114 N N N N N N ERRNO(114) -53-sim-binary_tree all 115 N N N N N N ERRNO(115) -53-sim-binary_tree all 116 N N N N N N ERRNO(116) -53-sim-binary_tree all 117 N N N N N N ERRNO(117) -53-sim-binary_tree all 118 N N N N N N ERRNO(118) -53-sim-binary_tree all 119 N N N N N N ERRNO(119) -53-sim-binary_tree all 120 N N N N N N ERRNO(120) -53-sim-binary_tree all 121 N N N N N N ERRNO(121) -53-sim-binary_tree all 122 N N N N N N ERRNO(122) -53-sim-binary_tree all 123 N N N N N N ERRNO(123) -53-sim-binary_tree all 124 N N N N N N ERRNO(124) -53-sim-binary_tree all 125 N N N N N N ERRNO(125) -53-sim-binary_tree all 126 N N N N N N ERRNO(126) -53-sim-binary_tree all 127 N N N N N N ERRNO(127) -53-sim-binary_tree all 128 N N N N N N ERRNO(128) -53-sim-binary_tree all 129 N N N N N N ERRNO(129) -53-sim-binary_tree all 130 N N N N N N ERRNO(130) -53-sim-binary_tree all 131 N N N N N N ERRNO(131) -53-sim-binary_tree all 132 N N N N N N ERRNO(132) -53-sim-binary_tree all 133 N N N N N N ERRNO(133) -53-sim-binary_tree all 134 N N N N N N ERRNO(134) -53-sim-binary_tree all 135 N N N N N N ERRNO(135) -53-sim-binary_tree all 136 N N N N N N ERRNO(136) -53-sim-binary_tree all 137 N N N N N N ERRNO(137) -53-sim-binary_tree all 138 N N N N N N ERRNO(138) -53-sim-binary_tree all 139 N N N N N N ERRNO(139) -53-sim-binary_tree all 140 N N N N N N ERRNO(140) -53-sim-binary_tree all 141 N N N N N N ERRNO(141) -53-sim-binary_tree all 142 N N N N N N ERRNO(142) -53-sim-binary_tree all 143 N N N N N N ERRNO(143) -53-sim-binary_tree all 144 N N N N N N ERRNO(144) -53-sim-binary_tree all 145 N N N N N N ERRNO(145) -53-sim-binary_tree all 146 N N N N N N ERRNO(146) -53-sim-binary_tree all 147 N N N N N N ERRNO(147) -53-sim-binary_tree all 148 N N N N N N ERRNO(148) -53-sim-binary_tree all 149 N N N N N N ERRNO(149) -53-sim-binary_tree all 150 N N N N N N ERRNO(150) -53-sim-binary_tree all 151 N N N N N N ERRNO(151) -53-sim-binary_tree all 152 N N N N N N ERRNO(152) -53-sim-binary_tree all 153 N N N N N N ERRNO(153) -53-sim-binary_tree all 154 N N N N N N ERRNO(154) -53-sim-binary_tree all 155 N N N N N N ERRNO(155) -53-sim-binary_tree all 156 N N N N N N ERRNO(156) -53-sim-binary_tree all 157 N N N N N N ERRNO(157) -53-sim-binary_tree all 158 N N N N N N ERRNO(158) -53-sim-binary_tree all 159 N N N N N N ERRNO(159) -53-sim-binary_tree all 160 N N N N N N ERRNO(160) -53-sim-binary_tree all 161 N N N N N N ERRNO(161) -53-sim-binary_tree all 162 N N N N N N ERRNO(162) -53-sim-binary_tree all 163 N N N N N N ERRNO(163) -53-sim-binary_tree all 164 N N N N N N ERRNO(164) -53-sim-binary_tree all 165 N N N N N N ERRNO(165) -53-sim-binary_tree all 166 N N N N N N ERRNO(166) -53-sim-binary_tree all 167 N N N N N N ERRNO(167) -53-sim-binary_tree all 168 N N N N N N ERRNO(168) -53-sim-binary_tree all 169 N N N N N N ERRNO(169) -53-sim-binary_tree all 170 N N N N N N ERRNO(170) -53-sim-binary_tree all 171 N N N N N N ERRNO(171) -53-sim-binary_tree all 172 N N N N N N ERRNO(172) -53-sim-binary_tree all 173 N N N N N N ERRNO(173) -53-sim-binary_tree all 174 N N N N N N ERRNO(174) -53-sim-binary_tree all 175 N N N N N N ERRNO(175) -53-sim-binary_tree all 176 N N N N N N ERRNO(176) -53-sim-binary_tree all 177 N N N N N N ERRNO(177) -53-sim-binary_tree all 178 N N N N N N ERRNO(178) -53-sim-binary_tree all 179 N N N N N N ERRNO(179) -53-sim-binary_tree all 180 N N N N N N ERRNO(180) -53-sim-binary_tree all 181 N N N N N N ERRNO(181) -53-sim-binary_tree all 182 N N N N N N ERRNO(182) -53-sim-binary_tree all 183 N N N N N N ERRNO(183) -53-sim-binary_tree all 184 N N N N N N ERRNO(184) -53-sim-binary_tree all 185 N N N N N N ERRNO(185) -53-sim-binary_tree all 186 N N N N N N ERRNO(186) -53-sim-binary_tree all 187 N N N N N N ERRNO(187) -53-sim-binary_tree all 188 N N N N N N ERRNO(188) -53-sim-binary_tree all 189 N N N N N N ERRNO(189) -53-sim-binary_tree all 190 N N N N N N ERRNO(190) -53-sim-binary_tree all 191 N N N N N N ERRNO(191) -53-sim-binary_tree all 192 N N N N N N ERRNO(192) -53-sim-binary_tree all 193 N N N N N N ERRNO(193) -53-sim-binary_tree all 194 N N N N N N ERRNO(194) -53-sim-binary_tree all 195 N N N N N N ERRNO(195) -53-sim-binary_tree all 196 N N N N N N ERRNO(196) -53-sim-binary_tree all 197 N N N N N N ERRNO(197) -53-sim-binary_tree all 198 N N N N N N ERRNO(198) -53-sim-binary_tree all 199 N N N N N N ERRNO(199) -53-sim-binary_tree all 200 N N N N N N ERRNO(200) -53-sim-binary_tree all 201 N N N N N N ERRNO(201) -53-sim-binary_tree all 202 N N N N N N ERRNO(202) -53-sim-binary_tree all 203 N N N N N N ERRNO(203) -53-sim-binary_tree all 204 N N N N N N ERRNO(204) -53-sim-binary_tree all 205 N N N N N N ERRNO(205) -53-sim-binary_tree all 206 N N N N N N ERRNO(206) -53-sim-binary_tree all 207 N N N N N N ERRNO(207) -53-sim-binary_tree all 208 N N N N N N ERRNO(208) -53-sim-binary_tree all 209 N N N N N N ERRNO(209) -53-sim-binary_tree all 210 N N N N N N ERRNO(210) -53-sim-binary_tree all 211 N N N N N N ERRNO(211) -53-sim-binary_tree all 212 N N N N N N ERRNO(212) -53-sim-binary_tree all 213 N N N N N N ERRNO(213) -53-sim-binary_tree all 214 N N N N N N ERRNO(214) -53-sim-binary_tree all 215 N N N N N N ERRNO(215) -53-sim-binary_tree all 216 N N N N N N ERRNO(216) -53-sim-binary_tree all 217 N N N N N N ERRNO(217) -53-sim-binary_tree all 218 N N N N N N ERRNO(218) -53-sim-binary_tree all 219 N N N N N N ERRNO(219) -53-sim-binary_tree all 220 N N N N N N ERRNO(220) -53-sim-binary_tree all 221 N N N N N N ERRNO(221) -53-sim-binary_tree all 222 N N N N N N ERRNO(222) -53-sim-binary_tree all 223 N N N N N N ERRNO(223) -53-sim-binary_tree all 224 N N N N N N ERRNO(224) -53-sim-binary_tree all 225 N N N N N N ERRNO(225) -53-sim-binary_tree all 226 N N N N N N ERRNO(226) -53-sim-binary_tree all 227 N N N N N N ERRNO(227) -53-sim-binary_tree all 228 N N N N N N ERRNO(228) -53-sim-binary_tree all 229 N N N N N N ERRNO(229) -53-sim-binary_tree all 230 N N N N N N ERRNO(230) -53-sim-binary_tree all 231 N N N N N N ERRNO(231) -53-sim-binary_tree all 232 N N N N N N ERRNO(232) -53-sim-binary_tree all 233 N N N N N N ERRNO(233) -53-sim-binary_tree all 234 N N N N N N ERRNO(234) -53-sim-binary_tree all 235 N N N N N N ERRNO(235) -53-sim-binary_tree all 236 N N N N N N ERRNO(236) -53-sim-binary_tree all 237 N N N N N N ERRNO(237) -53-sim-binary_tree all 238 N N N N N N ERRNO(238) -53-sim-binary_tree all 239 N N N N N N ERRNO(239) -53-sim-binary_tree all 240 N N N N N N ERRNO(240) -53-sim-binary_tree all 241 N N N N N N ERRNO(241) -53-sim-binary_tree all 242 N N N N N N ERRNO(242) -53-sim-binary_tree all 243 N N N N N N ERRNO(243) -53-sim-binary_tree all 244 N N N N N N ERRNO(244) -53-sim-binary_tree all 245 N N N N N N ERRNO(245) -53-sim-binary_tree all 246 N N N N N N ERRNO(246) -53-sim-binary_tree all 247 N N N N N N ERRNO(247) -53-sim-binary_tree all 248 N N N N N N ERRNO(248) -53-sim-binary_tree all 249 N N N N N N ERRNO(249) -53-sim-binary_tree all 250 N N N N N N ERRNO(250) -53-sim-binary_tree all 251 N N N N N N ERRNO(251) -53-sim-binary_tree all 252 N N N N N N ERRNO(252) -53-sim-binary_tree all 253 N N N N N N ERRNO(253) -53-sim-binary_tree all 254 N N N N N N ERRNO(254) -53-sim-binary_tree all 255 255 N N N N N ERRNO(255) -53-sim-binary_tree all 256 N N N N N N ERRNO(256) -53-sim-binary_tree all 257 N N N N N N ERRNO(257) -53-sim-binary_tree all 258 N N N N N N ERRNO(258) -53-sim-binary_tree all 259 N N N N N N ERRNO(259) -53-sim-binary_tree all 260 N N N N N N ERRNO(260) -53-sim-binary_tree all 261 N N N N N N ERRNO(261) -53-sim-binary_tree all 262 N N N N N N ERRNO(262) -53-sim-binary_tree all 263 N N N N N N ERRNO(263) -53-sim-binary_tree all 264 N N N N N N ERRNO(264) -53-sim-binary_tree all 265 N N N N N N ERRNO(265) -53-sim-binary_tree all 266 N N N N N N ERRNO(266) -53-sim-binary_tree all 267 N N N N N N ERRNO(267) -53-sim-binary_tree all 268 N N N N N N ERRNO(268) -53-sim-binary_tree all 269 N N N N N N ERRNO(269) -53-sim-binary_tree all 270 N N N N N N ERRNO(270) -53-sim-binary_tree all 271 N N N N N N ERRNO(271) -53-sim-binary_tree all 272 N N N N N N ERRNO(272) -53-sim-binary_tree all 273 N N N N N N ERRNO(273) -53-sim-binary_tree all 274 N N N N N N ERRNO(274) -53-sim-binary_tree all 275 N N N N N N ERRNO(275) -53-sim-binary_tree all 276 N N N N N N ERRNO(276) -53-sim-binary_tree all 277 N N N N N N ERRNO(277) -53-sim-binary_tree all 278 N N N N N N ERRNO(278) -53-sim-binary_tree all 279 N N N N N N ERRNO(279) -53-sim-binary_tree all 280 N N N N N N ERRNO(280) -53-sim-binary_tree all 281 N N N N N N ERRNO(281) -53-sim-binary_tree all 282 N N N N N N ERRNO(282) -53-sim-binary_tree all 283 N N N N N N ERRNO(283) -53-sim-binary_tree all 284 N N N N N N ERRNO(284) -53-sim-binary_tree all 285 N N N N N N ERRNO(285) -53-sim-binary_tree all 286 N N N N N N ERRNO(286) -53-sim-binary_tree all 287 N N N N N N ERRNO(287) -53-sim-binary_tree all 288 N N N N N N ERRNO(288) -53-sim-binary_tree all 289 N N N N N N ERRNO(289) -53-sim-binary_tree all 290 N N N N N N ERRNO(290) -53-sim-binary_tree all 291 N N N N N N ERRNO(291) -53-sim-binary_tree all 292 N N N N N N ERRNO(292) -53-sim-binary_tree all 293 N N N N N N ERRNO(293) -53-sim-binary_tree all 294 N N N N N N ERRNO(294) -53-sim-binary_tree all 295 N N N N N N ERRNO(295) -53-sim-binary_tree all 296 N N N N N N ERRNO(296) -53-sim-binary_tree all 297 N N N N N N ERRNO(297) -53-sim-binary_tree all 298 N N N N N N ERRNO(298) -53-sim-binary_tree all 299 N N N N N N ERRNO(299) -53-sim-binary_tree all 300 N N N N N N ERRNO(300) -53-sim-binary_tree all 301 N N N N N N ERRNO(301) -53-sim-binary_tree all 302 N N N N N N ERRNO(302) -53-sim-binary_tree all 303 N N N N N N ERRNO(303) -53-sim-binary_tree all 304 N N N N N N ERRNO(304) -53-sim-binary_tree all 305 N N N N N N ERRNO(305) -53-sim-binary_tree all 306 N N N N N N ERRNO(306) -53-sim-binary_tree all 307 N N N N N N ERRNO(307) -53-sim-binary_tree all 308 N N N N N N ERRNO(308) -53-sim-binary_tree all 309 N N N N N N ERRNO(309) -53-sim-binary_tree all 310 N N N N N N ERRNO(310) -53-sim-binary_tree all 311 N N N N N N ERRNO(311) -53-sim-binary_tree all 312 N N N N N N ERRNO(312) -53-sim-binary_tree all 313 N N N N N N ERRNO(313) -53-sim-binary_tree all 314 N N N N N N ERRNO(314) -53-sim-binary_tree all 315 N N N N N N ERRNO(315) -53-sim-binary_tree all 316 N N N N N N ERRNO(316) -53-sim-binary_tree all 317 N N N N N N ERRNO(317) -53-sim-binary_tree all 318 N N N N N N ERRNO(318) -53-sim-binary_tree all 319 N N N N N N ERRNO(319) -53-sim-binary_tree all 320 N N N N N N ERRNO(320) -53-sim-binary_tree all 321 N N N N N N ERRNO(321) -53-sim-binary_tree all 322 N N N N N N ERRNO(322) -53-sim-binary_tree all 323 N N N N N N ERRNO(323) -53-sim-binary_tree all 324 N N N N N N ERRNO(324) -53-sim-binary_tree all 325 N N N N N N ERRNO(325) -53-sim-binary_tree all 326 N N N N N N ERRNO(326) -53-sim-binary_tree all 327 N N N N N N ERRNO(327) -53-sim-binary_tree all 328 N N N N N N ERRNO(328) -53-sim-binary_tree all 329 N N N N N N ERRNO(329) +# Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result +53-sim-binary_tree all read N N N N N N ERRNO(0) +53-sim-binary_tree all write N N N N N N ERRNO(1) +53-sim-binary_tree all open N N N N N N ERRNO(2) +53-sim-binary_tree all close N N N N N N ALLOW +53-sim-binary_tree all close 100 1234 N N N N ALLOW +53-sim-binary_tree all close 100 101 N N N N ERRNO(3) +53-sim-binary_tree all stat N N N N N N ERRNO(4) +53-sim-binary_tree all fstat N N N N N N ERRNO(5) +53-sim-binary_tree all lstat N N N N N N ERRNO(6) +53-sim-binary_tree all poll 102 N N N N N ERRNO(7) +53-sim-binary_tree all lseek 103 104 N N N N ERRNO(8) +53-sim-binary_tree all mmap N N N N N N ERRNO(9) +53-sim-binary_tree all mprotect N N N N N N ERRNO(10) +53-sim-binary_tree all munmap N N N N N N ERRNO(11) +53-sim-binary_tree all brk N N N N N N ERRNO(12) +53-sim-binary_tree all rt_sigaction N N N N N N ERRNO(13) +53-sim-binary_tree all rt_sigprocmask N N N N N N ERRNO(14) +53-sim-binary_tree all rt_sigreturn N N N N N N ERRNO(15) +53-sim-binary_tree all ioctl N N N N N N ERRNO(16) +53-sim-binary_tree all pread64 105 N N N N N ERRNO(17) +53-sim-binary_tree all pwrite64 N N N N N N ERRNO(18) +53-sim-binary_tree all readv N N N N N N ERRNO(19) +53-sim-binary_tree all writev N N N N N N ERRNO(20) +53-sim-binary_tree all access N N N N N N ERRNO(21) +53-sim-binary_tree all pipe N N N N N N ERRNO(22) +53-sim-binary_tree all select N N N N N N ALLOW +53-sim-binary_tree all select 106 107 N N N N ERRNO(23) +53-sim-binary_tree all sched_yield N N N N N N ERRNO(24) +53-sim-binary_tree all mremap N N N N N N ALLOW +53-sim-binary_tree all mremap 108 109 N N N N ERRNO(25) +53-sim-binary_tree all msync N N N N N N ERRNO(26) +53-sim-binary_tree all mincore N N N N N N ERRNO(27) +53-sim-binary_tree all madvise N N N N N N ERRNO(28) +53-sim-binary_tree all shmget N N N N N N ERRNO(29) +53-sim-binary_tree all shmat 110 N N N N N ERRNO(30) +53-sim-binary_tree all shmctl 111 N N N N N ERRNO(31) +53-sim-binary_tree all dup 112 N N N N N ERRNO(32) +53-sim-binary_tree all dup 5678 N N N N N ALLOW +53-sim-binary_tree all dup2 N N N N N N ERRNO(33) +53-sim-binary_tree all pause N N N N N N ERRNO(34) +53-sim-binary_tree all nanosleep N N N N N N ERRNO(35) +53-sim-binary_tree all getitimer N N N N N N ERRNO(36) +53-sim-binary_tree all alarm N N N N N N ERRNO(37) test type: bpf-valgrind From 0d71c8245bc49727bd6606a313d61e91162dc979 Mon Sep 17 00:00:00 2001 From: Tom Hromatka Date: Thu, 5 Mar 2020 15:01:15 -0700 Subject: [PATCH 2/2] tests: change test 55 to use syscall names rather than numbers Previously test 55, basic-pfc_binary_tree, used syscall numbers to build a large binary tree. This is problematic on architectures that have sparsely populated syscall numbers. This commit modifies the test to use syscall names to build up a realistic binary tree that should work on all architectures. Signed-off-by: Tom Hromatka --- tests/55-basic-pfc_binary_tree.c | 85 +- tests/55-basic-pfc_binary_tree.pfc | 1330 ++++------------------------ 2 files changed, 233 insertions(+), 1182 deletions(-) diff --git a/tests/55-basic-pfc_binary_tree.c b/tests/55-basic-pfc_binary_tree.c index 6a45cece..e364fd6b 100644 --- a/tests/55-basic-pfc_binary_tree.c +++ b/tests/55-basic-pfc_binary_tree.c @@ -1,7 +1,7 @@ /** * Seccomp Library test program * - * Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018-2020 Oracle and/or its affiliates. * Author: Tom Hromatka */ @@ -29,9 +29,42 @@ #include "util.h" -#define MAX_SYSCALL (330) +#define ARG_COUNT_MAX 2 -#include +struct syscall_errno { + int syscall; + int error; + int arg_cnt; + /* To make the test more interesting, arguments are added to several + * syscalls. To keep the test simple, the arguments always use + * SCMP_CMP_EQ. + */ + int args[ARG_COUNT_MAX]; +}; + +struct syscall_errno table[] = { + { SCMP_SYS(read), 0, 2, { 100, 101 } }, + { SCMP_SYS(write), 1, 1, { 102, 0 } }, + { SCMP_SYS(open), 2, 0, { 0, 0 } }, + { SCMP_SYS(close), 3, 0, { 0, 0 } }, + { SCMP_SYS(stat), 4, 0, { 0, 0 } }, + { SCMP_SYS(fstat), 5, 1, { 103, 0 } }, + { SCMP_SYS(lstat), 6, 0, { 0, 0 } }, + { SCMP_SYS(poll), 7, 0, { 0, 0 } }, + { SCMP_SYS(lseek), 8, 1, { 104, 0 } }, + { SCMP_SYS(mmap), 9, 0, { 0, 0 } }, + { SCMP_SYS(mprotect), 10, 1, { 105, 0 } }, + { SCMP_SYS(munmap), 11, 0, { 0, 0 } }, + { SCMP_SYS(brk), 12, 0, { 0, 0 } }, + { SCMP_SYS(rt_sigaction), 13, 0, { 0, 0 } }, + { SCMP_SYS(rt_sigprocmask), 14, 0, { 0, 0 } }, + { SCMP_SYS(rt_sigreturn), 15, 0, { 0, 0 } }, + { SCMP_SYS(ioctl), 16, 0, { 0, 0 } }, + { SCMP_SYS(pread64), 17, 1, { 106, 0 } }, + { SCMP_SYS(pwrite64), 18, 2, { 107, 108 } }, +}; + +const int table_size = sizeof(table) / sizeof(table[0]); int main(int argc, char *argv[]) { @@ -51,31 +84,41 @@ int main(int argc, char *argv[]) if (rc < 0) goto out; rc = seccomp_arch_add(ctx, SCMP_ARCH_X86_64); + if (rc < 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_AARCH64); if (rc < 0) goto out; rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_OPTIMIZE, 2); if (rc < 0) goto out; - /* NOTE: this test is entirely fabricated and should not be - * replicated in the real world. - * - * The MAX_SYSCALL number (330) was chosen to force seccomp to - * build an unbalanced binary tree - and it happens to be less - * than the current syscall max. The syscall numbers are - * hardcoded to simplify the test. A few syscalls have - * argument chains to further complicate the filter. - */ + for (i = 0; i < table_size; i++) { + switch (table[i].arg_cnt) { + case 2: + rc = seccomp_rule_add(ctx, + SCMP_ACT_ERRNO(table[i].error), + table[i].syscall, 2, + SCMP_A0(SCMP_CMP_EQ, + table[i].args[0]), + SCMP_A1(SCMP_CMP_EQ, + table[i].args[1])); + break; + case 1: + rc = seccomp_rule_add(ctx, + SCMP_ACT_ERRNO(table[i].error), + table[i].syscall, 1, + SCMP_A0(SCMP_CMP_EQ, + table[i].args[0])); + break; + case 0: + default: + rc = seccomp_rule_add(ctx, + SCMP_ACT_ERRNO(table[i].error), + table[i].syscall, 0); + break; + } - for (i = 0; i < MAX_SYSCALL; i++) { - /* arbitrarily make the filter more complex by filtering - * on arguments for a few syscalls - */ - if (i == 10 || i == 53 || i == 61 || i == 255) - rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(i), i, 1, - SCMP_A0(SCMP_CMP_EQ, i)); - else - rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(i), i, 0); if (rc < 0) goto out; } diff --git a/tests/55-basic-pfc_binary_tree.pfc b/tests/55-basic-pfc_binary_tree.pfc index 10b4f870..ba3244c4 100644 --- a/tests/55-basic-pfc_binary_tree.pfc +++ b/tests/55-basic-pfc_binary_tree.pfc @@ -3,1168 +3,176 @@ # # filter for arch x86_64 (3221225534) if ($arch == 3221225534) - if ($syscall > 73) - if ($syscall > 201) - if ($syscall > 265) - if ($syscall > 297) - if ($syscall > 313) - if ($syscall > 321) - if ($syscall > 325) - # filter for syscall "pkey_mprotect" (329) [priority: 65535] - if ($syscall == 329) - action ERRNO(329); - # filter for syscall "pwritev2" (328) [priority: 65535] - if ($syscall == 328) - action ERRNO(328); - # filter for syscall "preadv2" (327) [priority: 65535] - if ($syscall == 327) - action ERRNO(327); - # filter for syscall "copy_file_range" (326) [priority: 65535] - if ($syscall == 326) - action ERRNO(326); - else # ($syscall <= 325) - # filter for syscall "mlock2" (325) [priority: 65535] - if ($syscall == 325) - action ERRNO(325); - # filter for syscall "membarrier" (324) [priority: 65535] - if ($syscall == 324) - action ERRNO(324); - # filter for syscall "userfaultfd" (323) [priority: 65535] - if ($syscall == 323) - action ERRNO(323); - # filter for syscall "execveat" (322) [priority: 65535] - if ($syscall == 322) - action ERRNO(322); - else # ($syscall <= 321) - if ($syscall > 317) - # filter for syscall "bpf" (321) [priority: 65535] - if ($syscall == 321) - action ERRNO(321); - # filter for syscall "kexec_file_load" (320) [priority: 65535] - if ($syscall == 320) - action ERRNO(320); - # filter for syscall "memfd_create" (319) [priority: 65535] - if ($syscall == 319) - action ERRNO(319); - # filter for syscall "getrandom" (318) [priority: 65535] - if ($syscall == 318) - action ERRNO(318); - else # ($syscall <= 317) - # filter for syscall "seccomp" (317) [priority: 65535] - if ($syscall == 317) - action ERRNO(317); - # filter for syscall "renameat2" (316) [priority: 65535] - if ($syscall == 316) - action ERRNO(316); - # filter for syscall "sched_getattr" (315) [priority: 65535] - if ($syscall == 315) - action ERRNO(315); - # filter for syscall "sched_setattr" (314) [priority: 65535] - if ($syscall == 314) - action ERRNO(314); - else # ($syscall <= 313) - if ($syscall > 305) - if ($syscall > 309) - # filter for syscall "finit_module" (313) [priority: 65535] - if ($syscall == 313) - action ERRNO(313); - # filter for syscall "kcmp" (312) [priority: 65535] - if ($syscall == 312) - action ERRNO(312); - # filter for syscall "process_vm_writev" (311) [priority: 65535] - if ($syscall == 311) - action ERRNO(311); - # filter for syscall "process_vm_readv" (310) [priority: 65535] - if ($syscall == 310) - action ERRNO(310); - else # ($syscall <= 309) - # filter for syscall "getcpu" (309) [priority: 65535] - if ($syscall == 309) - action ERRNO(309); - # filter for syscall "setns" (308) [priority: 65535] - if ($syscall == 308) - action ERRNO(308); - # filter for syscall "sendmmsg" (307) [priority: 65535] - if ($syscall == 307) - action ERRNO(307); - # filter for syscall "syncfs" (306) [priority: 65535] - if ($syscall == 306) - action ERRNO(306); - else # ($syscall <= 305) - if ($syscall > 301) - # filter for syscall "clock_adjtime" (305) [priority: 65535] - if ($syscall == 305) - action ERRNO(305); - # filter for syscall "open_by_handle_at" (304) [priority: 65535] - if ($syscall == 304) - action ERRNO(304); - # filter for syscall "name_to_handle_at" (303) [priority: 65535] - if ($syscall == 303) - action ERRNO(303); - # filter for syscall "prlimit64" (302) [priority: 65535] - if ($syscall == 302) - action ERRNO(302); - else # ($syscall <= 301) - # filter for syscall "fanotify_mark" (301) [priority: 65535] - if ($syscall == 301) - action ERRNO(301); - # filter for syscall "fanotify_init" (300) [priority: 65535] - if ($syscall == 300) - action ERRNO(300); - # filter for syscall "recvmmsg" (299) [priority: 65535] - if ($syscall == 299) - action ERRNO(299); - # filter for syscall "perf_event_open" (298) [priority: 65535] - if ($syscall == 298) - action ERRNO(298); - else # ($syscall <= 297) - if ($syscall > 281) - if ($syscall > 289) - if ($syscall > 293) - # filter for syscall "rt_tgsigqueueinfo" (297) [priority: 65535] - if ($syscall == 297) - action ERRNO(297); - # filter for syscall "pwritev" (296) [priority: 65535] - if ($syscall == 296) - action ERRNO(296); - # filter for syscall "preadv" (295) [priority: 65535] - if ($syscall == 295) - action ERRNO(295); - # filter for syscall "inotify_init1" (294) [priority: 65535] - if ($syscall == 294) - action ERRNO(294); - else # ($syscall <= 293) - # filter for syscall "pipe2" (293) [priority: 65535] - if ($syscall == 293) - action ERRNO(293); - # filter for syscall "dup3" (292) [priority: 65535] - if ($syscall == 292) - action ERRNO(292); - # filter for syscall "epoll_create1" (291) [priority: 65535] - if ($syscall == 291) - action ERRNO(291); - # filter for syscall "eventfd2" (290) [priority: 65535] - if ($syscall == 290) - action ERRNO(290); - else # ($syscall <= 289) - if ($syscall > 285) - # filter for syscall "signalfd4" (289) [priority: 65535] - if ($syscall == 289) - action ERRNO(289); - # filter for syscall "accept4" (288) [priority: 65535] - if ($syscall == 288) - action ERRNO(288); - # filter for syscall "timerfd_gettime" (287) [priority: 65535] - if ($syscall == 287) - action ERRNO(287); - # filter for syscall "timerfd_settime" (286) [priority: 65535] - if ($syscall == 286) - action ERRNO(286); - else # ($syscall <= 285) - # filter for syscall "fallocate" (285) [priority: 65535] - if ($syscall == 285) - action ERRNO(285); - # filter for syscall "eventfd" (284) [priority: 65535] - if ($syscall == 284) - action ERRNO(284); - # filter for syscall "timerfd_create" (283) [priority: 65535] - if ($syscall == 283) - action ERRNO(283); - # filter for syscall "signalfd" (282) [priority: 65535] - if ($syscall == 282) - action ERRNO(282); - else # ($syscall <= 281) - if ($syscall > 273) - if ($syscall > 277) - # filter for syscall "epoll_pwait" (281) [priority: 65535] - if ($syscall == 281) - action ERRNO(281); - # filter for syscall "utimensat" (280) [priority: 65535] - if ($syscall == 280) - action ERRNO(280); - # filter for syscall "move_pages" (279) [priority: 65535] - if ($syscall == 279) - action ERRNO(279); - # filter for syscall "vmsplice" (278) [priority: 65535] - if ($syscall == 278) - action ERRNO(278); - else # ($syscall <= 277) - # filter for syscall "sync_file_range" (277) [priority: 65535] - if ($syscall == 277) - action ERRNO(277); - # filter for syscall "tee" (276) [priority: 65535] - if ($syscall == 276) - action ERRNO(276); - # filter for syscall "splice" (275) [priority: 65535] - if ($syscall == 275) - action ERRNO(275); - # filter for syscall "get_robust_list" (274) [priority: 65535] - if ($syscall == 274) - action ERRNO(274); - else # ($syscall <= 273) - if ($syscall > 269) - # filter for syscall "set_robust_list" (273) [priority: 65535] - if ($syscall == 273) - action ERRNO(273); - # filter for syscall "unshare" (272) [priority: 65535] - if ($syscall == 272) - action ERRNO(272); - # filter for syscall "ppoll" (271) [priority: 65535] - if ($syscall == 271) - action ERRNO(271); - # filter for syscall "pselect6" (270) [priority: 65535] - if ($syscall == 270) - action ERRNO(270); - else # ($syscall <= 269) - # filter for syscall "faccessat" (269) [priority: 65535] - if ($syscall == 269) - action ERRNO(269); - # filter for syscall "fchmodat" (268) [priority: 65535] - if ($syscall == 268) - action ERRNO(268); - # filter for syscall "readlinkat" (267) [priority: 65535] - if ($syscall == 267) - action ERRNO(267); - # filter for syscall "symlinkat" (266) [priority: 65535] - if ($syscall == 266) - action ERRNO(266); - else # ($syscall <= 265) - if ($syscall > 233) - if ($syscall > 249) - if ($syscall > 257) - if ($syscall > 261) - # filter for syscall "linkat" (265) [priority: 65535] - if ($syscall == 265) - action ERRNO(265); - # filter for syscall "renameat" (264) [priority: 65535] - if ($syscall == 264) - action ERRNO(264); - # filter for syscall "unlinkat" (263) [priority: 65535] - if ($syscall == 263) - action ERRNO(263); - # filter for syscall "newfstatat" (262) [priority: 65535] - if ($syscall == 262) - action ERRNO(262); - else # ($syscall <= 261) - # filter for syscall "futimesat" (261) [priority: 65535] - if ($syscall == 261) - action ERRNO(261); - # filter for syscall "fchownat" (260) [priority: 65535] - if ($syscall == 260) - action ERRNO(260); - # filter for syscall "mknodat" (259) [priority: 65535] - if ($syscall == 259) - action ERRNO(259); - # filter for syscall "mkdirat" (258) [priority: 65535] - if ($syscall == 258) - action ERRNO(258); - else # ($syscall <= 257) - if ($syscall > 253) - # filter for syscall "openat" (257) [priority: 65535] - if ($syscall == 257) - action ERRNO(257); - # filter for syscall "migrate_pages" (256) [priority: 65535] - if ($syscall == 256) - action ERRNO(256); - # filter for syscall "inotify_rm_watch" (255) [priority: 65533] - if ($syscall == 255) - if ($a0.hi32 == 0) - if ($a0.lo32 == 255) - action ERRNO(255); - # filter for syscall "inotify_add_watch" (254) [priority: 65535] - if ($syscall == 254) - action ERRNO(254); - else # ($syscall <= 253) - # filter for syscall "inotify_init" (253) [priority: 65535] - if ($syscall == 253) - action ERRNO(253); - # filter for syscall "ioprio_get" (252) [priority: 65535] - if ($syscall == 252) - action ERRNO(252); - # filter for syscall "ioprio_set" (251) [priority: 65535] - if ($syscall == 251) - action ERRNO(251); - # filter for syscall "keyctl" (250) [priority: 65535] - if ($syscall == 250) - action ERRNO(250); - else # ($syscall <= 249) - if ($syscall > 241) - if ($syscall > 245) - # filter for syscall "request_key" (249) [priority: 65535] - if ($syscall == 249) - action ERRNO(249); - # filter for syscall "add_key" (248) [priority: 65535] - if ($syscall == 248) - action ERRNO(248); - # filter for syscall "waitid" (247) [priority: 65535] - if ($syscall == 247) - action ERRNO(247); - # filter for syscall "kexec_load" (246) [priority: 65535] - if ($syscall == 246) - action ERRNO(246); - else # ($syscall <= 245) - # filter for syscall "mq_getsetattr" (245) [priority: 65535] - if ($syscall == 245) - action ERRNO(245); - # filter for syscall "mq_notify" (244) [priority: 65535] - if ($syscall == 244) - action ERRNO(244); - # filter for syscall "mq_timedreceive" (243) [priority: 65535] - if ($syscall == 243) - action ERRNO(243); - # filter for syscall "mq_timedsend" (242) [priority: 65535] - if ($syscall == 242) - action ERRNO(242); - else # ($syscall <= 241) - if ($syscall > 237) - # filter for syscall "mq_unlink" (241) [priority: 65535] - if ($syscall == 241) - action ERRNO(241); - # filter for syscall "mq_open" (240) [priority: 65535] - if ($syscall == 240) - action ERRNO(240); - # filter for syscall "get_mempolicy" (239) [priority: 65535] - if ($syscall == 239) - action ERRNO(239); - # filter for syscall "set_mempolicy" (238) [priority: 65535] - if ($syscall == 238) - action ERRNO(238); - else # ($syscall <= 237) - # filter for syscall "mbind" (237) [priority: 65535] - if ($syscall == 237) - action ERRNO(237); - # filter for syscall "vserver" (236) [priority: 65535] - if ($syscall == 236) - action ERRNO(236); - # filter for syscall "utimes" (235) [priority: 65535] - if ($syscall == 235) - action ERRNO(235); - # filter for syscall "tgkill" (234) [priority: 65535] - if ($syscall == 234) - action ERRNO(234); - else # ($syscall <= 233) - if ($syscall > 217) - if ($syscall > 225) - if ($syscall > 229) - # filter for syscall "epoll_ctl" (233) [priority: 65535] - if ($syscall == 233) - action ERRNO(233); - # filter for syscall "epoll_wait" (232) [priority: 65535] - if ($syscall == 232) - action ERRNO(232); - # filter for syscall "exit_group" (231) [priority: 65535] - if ($syscall == 231) - action ERRNO(231); - # filter for syscall "clock_nanosleep" (230) [priority: 65535] - if ($syscall == 230) - action ERRNO(230); - else # ($syscall <= 229) - # filter for syscall "clock_getres" (229) [priority: 65535] - if ($syscall == 229) - action ERRNO(229); - # filter for syscall "clock_gettime" (228) [priority: 65535] - if ($syscall == 228) - action ERRNO(228); - # filter for syscall "clock_settime" (227) [priority: 65535] - if ($syscall == 227) - action ERRNO(227); - # filter for syscall "timer_delete" (226) [priority: 65535] - if ($syscall == 226) - action ERRNO(226); - else # ($syscall <= 225) - if ($syscall > 221) - # filter for syscall "timer_getoverrun" (225) [priority: 65535] - if ($syscall == 225) - action ERRNO(225); - # filter for syscall "timer_gettime" (224) [priority: 65535] - if ($syscall == 224) - action ERRNO(224); - # filter for syscall "timer_settime" (223) [priority: 65535] - if ($syscall == 223) - action ERRNO(223); - # filter for syscall "timer_create" (222) [priority: 65535] - if ($syscall == 222) - action ERRNO(222); - else # ($syscall <= 221) - # filter for syscall "fadvise64" (221) [priority: 65535] - if ($syscall == 221) - action ERRNO(221); - # filter for syscall "semtimedop" (220) [priority: 65535] - if ($syscall == 220) - action ERRNO(220); - # filter for syscall "restart_syscall" (219) [priority: 65535] - if ($syscall == 219) - action ERRNO(219); - # filter for syscall "set_tid_address" (218) [priority: 65535] - if ($syscall == 218) - action ERRNO(218); - else # ($syscall <= 217) - if ($syscall > 209) - if ($syscall > 213) - # filter for syscall "getdents64" (217) [priority: 65535] - if ($syscall == 217) - action ERRNO(217); - # filter for syscall "remap_file_pages" (216) [priority: 65535] - if ($syscall == 216) - action ERRNO(216); - # filter for syscall "epoll_wait_old" (215) [priority: 65535] - if ($syscall == 215) - action ERRNO(215); - # filter for syscall "epoll_ctl_old" (214) [priority: 65535] - if ($syscall == 214) - action ERRNO(214); - else # ($syscall <= 213) - # filter for syscall "epoll_create" (213) [priority: 65535] - if ($syscall == 213) - action ERRNO(213); - # filter for syscall "lookup_dcookie" (212) [priority: 65535] - if ($syscall == 212) - action ERRNO(212); - # filter for syscall "get_thread_area" (211) [priority: 65535] - if ($syscall == 211) - action ERRNO(211); - # filter for syscall "io_cancel" (210) [priority: 65535] - if ($syscall == 210) - action ERRNO(210); - else # ($syscall <= 209) - if ($syscall > 205) - # filter for syscall "io_submit" (209) [priority: 65535] - if ($syscall == 209) - action ERRNO(209); - # filter for syscall "io_getevents" (208) [priority: 65535] - if ($syscall == 208) - action ERRNO(208); - # filter for syscall "io_destroy" (207) [priority: 65535] - if ($syscall == 207) - action ERRNO(207); - # filter for syscall "io_setup" (206) [priority: 65535] - if ($syscall == 206) - action ERRNO(206); - else # ($syscall <= 205) - # filter for syscall "set_thread_area" (205) [priority: 65535] - if ($syscall == 205) - action ERRNO(205); - # filter for syscall "sched_getaffinity" (204) [priority: 65535] - if ($syscall == 204) - action ERRNO(204); - # filter for syscall "sched_setaffinity" (203) [priority: 65535] - if ($syscall == 203) - action ERRNO(203); - # filter for syscall "futex" (202) [priority: 65535] - if ($syscall == 202) - action ERRNO(202); - else # ($syscall <= 201) - if ($syscall > 137) - if ($syscall > 169) - if ($syscall > 185) - if ($syscall > 193) - if ($syscall > 197) - # filter for syscall "time" (201) [priority: 65535] - if ($syscall == 201) - action ERRNO(201); - # filter for syscall "tkill" (200) [priority: 65535] - if ($syscall == 200) - action ERRNO(200); - # filter for syscall "fremovexattr" (199) [priority: 65535] - if ($syscall == 199) - action ERRNO(199); - # filter for syscall "lremovexattr" (198) [priority: 65535] - if ($syscall == 198) - action ERRNO(198); - else # ($syscall <= 197) - # filter for syscall "removexattr" (197) [priority: 65535] - if ($syscall == 197) - action ERRNO(197); - # filter for syscall "flistxattr" (196) [priority: 65535] - if ($syscall == 196) - action ERRNO(196); - # filter for syscall "llistxattr" (195) [priority: 65535] - if ($syscall == 195) - action ERRNO(195); - # filter for syscall "listxattr" (194) [priority: 65535] - if ($syscall == 194) - action ERRNO(194); - else # ($syscall <= 193) - if ($syscall > 189) - # filter for syscall "fgetxattr" (193) [priority: 65535] - if ($syscall == 193) - action ERRNO(193); - # filter for syscall "lgetxattr" (192) [priority: 65535] - if ($syscall == 192) - action ERRNO(192); - # filter for syscall "getxattr" (191) [priority: 65535] - if ($syscall == 191) - action ERRNO(191); - # filter for syscall "fsetxattr" (190) [priority: 65535] - if ($syscall == 190) - action ERRNO(190); - else # ($syscall <= 189) - # filter for syscall "lsetxattr" (189) [priority: 65535] - if ($syscall == 189) - action ERRNO(189); - # filter for syscall "setxattr" (188) [priority: 65535] - if ($syscall == 188) - action ERRNO(188); - # filter for syscall "readahead" (187) [priority: 65535] - if ($syscall == 187) - action ERRNO(187); - # filter for syscall "gettid" (186) [priority: 65535] - if ($syscall == 186) - action ERRNO(186); - else # ($syscall <= 185) - if ($syscall > 177) - if ($syscall > 181) - # filter for syscall "security" (185) [priority: 65535] - if ($syscall == 185) - action ERRNO(185); - # filter for syscall "tuxcall" (184) [priority: 65535] - if ($syscall == 184) - action ERRNO(184); - # filter for syscall "afs_syscall" (183) [priority: 65535] - if ($syscall == 183) - action ERRNO(183); - # filter for syscall "putpmsg" (182) [priority: 65535] - if ($syscall == 182) - action ERRNO(182); - else # ($syscall <= 181) - # filter for syscall "getpmsg" (181) [priority: 65535] - if ($syscall == 181) - action ERRNO(181); - # filter for syscall "nfsservctl" (180) [priority: 65535] - if ($syscall == 180) - action ERRNO(180); - # filter for syscall "quotactl" (179) [priority: 65535] - if ($syscall == 179) - action ERRNO(179); - # filter for syscall "query_module" (178) [priority: 65535] - if ($syscall == 178) - action ERRNO(178); - else # ($syscall <= 177) - if ($syscall > 173) - # filter for syscall "get_kernel_syms" (177) [priority: 65535] - if ($syscall == 177) - action ERRNO(177); - # filter for syscall "delete_module" (176) [priority: 65535] - if ($syscall == 176) - action ERRNO(176); - # filter for syscall "init_module" (175) [priority: 65535] - if ($syscall == 175) - action ERRNO(175); - # filter for syscall "create_module" (174) [priority: 65535] - if ($syscall == 174) - action ERRNO(174); - else # ($syscall <= 173) - # filter for syscall "ioperm" (173) [priority: 65535] - if ($syscall == 173) - action ERRNO(173); - # filter for syscall "iopl" (172) [priority: 65535] - if ($syscall == 172) - action ERRNO(172); - # filter for syscall "setdomainname" (171) [priority: 65535] - if ($syscall == 171) - action ERRNO(171); - # filter for syscall "sethostname" (170) [priority: 65535] - if ($syscall == 170) - action ERRNO(170); - else # ($syscall <= 169) - if ($syscall > 153) - if ($syscall > 161) - if ($syscall > 165) - # filter for syscall "reboot" (169) [priority: 65535] - if ($syscall == 169) - action ERRNO(169); - # filter for syscall "swapoff" (168) [priority: 65535] - if ($syscall == 168) - action ERRNO(168); - # filter for syscall "swapon" (167) [priority: 65535] - if ($syscall == 167) - action ERRNO(167); - # filter for syscall "umount2" (166) [priority: 65535] - if ($syscall == 166) - action ERRNO(166); - else # ($syscall <= 165) - # filter for syscall "mount" (165) [priority: 65535] - if ($syscall == 165) - action ERRNO(165); - # filter for syscall "settimeofday" (164) [priority: 65535] - if ($syscall == 164) - action ERRNO(164); - # filter for syscall "acct" (163) [priority: 65535] - if ($syscall == 163) - action ERRNO(163); - # filter for syscall "sync" (162) [priority: 65535] - if ($syscall == 162) - action ERRNO(162); - else # ($syscall <= 161) - if ($syscall > 157) - # filter for syscall "chroot" (161) [priority: 65535] - if ($syscall == 161) - action ERRNO(161); - # filter for syscall "setrlimit" (160) [priority: 65535] - if ($syscall == 160) - action ERRNO(160); - # filter for syscall "adjtimex" (159) [priority: 65535] - if ($syscall == 159) - action ERRNO(159); - # filter for syscall "arch_prctl" (158) [priority: 65535] - if ($syscall == 158) - action ERRNO(158); - else # ($syscall <= 157) - # filter for syscall "prctl" (157) [priority: 65535] - if ($syscall == 157) - action ERRNO(157); - # filter for syscall "_sysctl" (156) [priority: 65535] - if ($syscall == 156) - action ERRNO(156); - # filter for syscall "pivot_root" (155) [priority: 65535] - if ($syscall == 155) - action ERRNO(155); - # filter for syscall "modify_ldt" (154) [priority: 65535] - if ($syscall == 154) - action ERRNO(154); - else # ($syscall <= 153) - if ($syscall > 145) - if ($syscall > 149) - # filter for syscall "vhangup" (153) [priority: 65535] - if ($syscall == 153) - action ERRNO(153); - # filter for syscall "munlockall" (152) [priority: 65535] - if ($syscall == 152) - action ERRNO(152); - # filter for syscall "mlockall" (151) [priority: 65535] - if ($syscall == 151) - action ERRNO(151); - # filter for syscall "munlock" (150) [priority: 65535] - if ($syscall == 150) - action ERRNO(150); - else # ($syscall <= 149) - # filter for syscall "mlock" (149) [priority: 65535] - if ($syscall == 149) - action ERRNO(149); - # filter for syscall "sched_rr_get_interval" (148) [priority: 65535] - if ($syscall == 148) - action ERRNO(148); - # filter for syscall "sched_get_priority_min" (147) [priority: 65535] - if ($syscall == 147) - action ERRNO(147); - # filter for syscall "sched_get_priority_max" (146) [priority: 65535] - if ($syscall == 146) - action ERRNO(146); - else # ($syscall <= 145) - if ($syscall > 141) - # filter for syscall "sched_getscheduler" (145) [priority: 65535] - if ($syscall == 145) - action ERRNO(145); - # filter for syscall "sched_setscheduler" (144) [priority: 65535] - if ($syscall == 144) - action ERRNO(144); - # filter for syscall "sched_getparam" (143) [priority: 65535] - if ($syscall == 143) - action ERRNO(143); - # filter for syscall "sched_setparam" (142) [priority: 65535] - if ($syscall == 142) - action ERRNO(142); - else # ($syscall <= 141) - # filter for syscall "setpriority" (141) [priority: 65535] - if ($syscall == 141) - action ERRNO(141); - # filter for syscall "getpriority" (140) [priority: 65535] - if ($syscall == 140) - action ERRNO(140); - # filter for syscall "sysfs" (139) [priority: 65535] - if ($syscall == 139) - action ERRNO(139); - # filter for syscall "fstatfs" (138) [priority: 65535] - if ($syscall == 138) - action ERRNO(138); - else # ($syscall <= 137) - if ($syscall > 105) - if ($syscall > 121) - if ($syscall > 129) - if ($syscall > 133) - # filter for syscall "statfs" (137) [priority: 65535] - if ($syscall == 137) - action ERRNO(137); - # filter for syscall "ustat" (136) [priority: 65535] - if ($syscall == 136) - action ERRNO(136); - # filter for syscall "personality" (135) [priority: 65535] - if ($syscall == 135) - action ERRNO(135); - # filter for syscall "uselib" (134) [priority: 65535] - if ($syscall == 134) - action ERRNO(134); - else # ($syscall <= 133) - # filter for syscall "mknod" (133) [priority: 65535] - if ($syscall == 133) - action ERRNO(133); - # filter for syscall "utime" (132) [priority: 65535] - if ($syscall == 132) - action ERRNO(132); - # filter for syscall "sigaltstack" (131) [priority: 65535] - if ($syscall == 131) - action ERRNO(131); - # filter for syscall "rt_sigsuspend" (130) [priority: 65535] - if ($syscall == 130) - action ERRNO(130); - else # ($syscall <= 129) - if ($syscall > 125) - # filter for syscall "rt_sigqueueinfo" (129) [priority: 65535] - if ($syscall == 129) - action ERRNO(129); - # filter for syscall "rt_sigtimedwait" (128) [priority: 65535] - if ($syscall == 128) - action ERRNO(128); - # filter for syscall "rt_sigpending" (127) [priority: 65535] - if ($syscall == 127) - action ERRNO(127); - # filter for syscall "capset" (126) [priority: 65535] - if ($syscall == 126) - action ERRNO(126); - else # ($syscall <= 125) - # filter for syscall "capget" (125) [priority: 65535] - if ($syscall == 125) - action ERRNO(125); - # filter for syscall "getsid" (124) [priority: 65535] - if ($syscall == 124) - action ERRNO(124); - # filter for syscall "setfsgid" (123) [priority: 65535] - if ($syscall == 123) - action ERRNO(123); - # filter for syscall "setfsuid" (122) [priority: 65535] - if ($syscall == 122) - action ERRNO(122); - else # ($syscall <= 121) - if ($syscall > 113) - if ($syscall > 117) - # filter for syscall "getpgid" (121) [priority: 65535] - if ($syscall == 121) - action ERRNO(121); - # filter for syscall "getresgid" (120) [priority: 65535] - if ($syscall == 120) - action ERRNO(120); - # filter for syscall "setresgid" (119) [priority: 65535] - if ($syscall == 119) - action ERRNO(119); - # filter for syscall "getresuid" (118) [priority: 65535] - if ($syscall == 118) - action ERRNO(118); - else # ($syscall <= 117) - # filter for syscall "setresuid" (117) [priority: 65535] - if ($syscall == 117) - action ERRNO(117); - # filter for syscall "setgroups" (116) [priority: 65535] - if ($syscall == 116) - action ERRNO(116); - # filter for syscall "getgroups" (115) [priority: 65535] - if ($syscall == 115) - action ERRNO(115); - # filter for syscall "setregid" (114) [priority: 65535] - if ($syscall == 114) - action ERRNO(114); - else # ($syscall <= 113) - if ($syscall > 109) - # filter for syscall "setreuid" (113) [priority: 65535] - if ($syscall == 113) - action ERRNO(113); - # filter for syscall "setsid" (112) [priority: 65535] - if ($syscall == 112) - action ERRNO(112); - # filter for syscall "getpgrp" (111) [priority: 65535] - if ($syscall == 111) - action ERRNO(111); - # filter for syscall "getppid" (110) [priority: 65535] - if ($syscall == 110) - action ERRNO(110); - else # ($syscall <= 109) - # filter for syscall "setpgid" (109) [priority: 65535] - if ($syscall == 109) - action ERRNO(109); - # filter for syscall "getegid" (108) [priority: 65535] - if ($syscall == 108) - action ERRNO(108); - # filter for syscall "geteuid" (107) [priority: 65535] - if ($syscall == 107) - action ERRNO(107); - # filter for syscall "setgid" (106) [priority: 65535] - if ($syscall == 106) - action ERRNO(106); - else # ($syscall <= 105) - if ($syscall > 89) - if ($syscall > 97) - if ($syscall > 101) - # filter for syscall "setuid" (105) [priority: 65535] - if ($syscall == 105) - action ERRNO(105); - # filter for syscall "getgid" (104) [priority: 65535] - if ($syscall == 104) - action ERRNO(104); - # filter for syscall "syslog" (103) [priority: 65535] - if ($syscall == 103) - action ERRNO(103); - # filter for syscall "getuid" (102) [priority: 65535] - if ($syscall == 102) - action ERRNO(102); - else # ($syscall <= 101) - # filter for syscall "ptrace" (101) [priority: 65535] - if ($syscall == 101) - action ERRNO(101); - # filter for syscall "times" (100) [priority: 65535] - if ($syscall == 100) - action ERRNO(100); - # filter for syscall "sysinfo" (99) [priority: 65535] - if ($syscall == 99) - action ERRNO(99); - # filter for syscall "getrusage" (98) [priority: 65535] - if ($syscall == 98) - action ERRNO(98); - else # ($syscall <= 97) - if ($syscall > 93) - # filter for syscall "getrlimit" (97) [priority: 65535] - if ($syscall == 97) - action ERRNO(97); - # filter for syscall "gettimeofday" (96) [priority: 65535] - if ($syscall == 96) - action ERRNO(96); - # filter for syscall "umask" (95) [priority: 65535] - if ($syscall == 95) - action ERRNO(95); - # filter for syscall "lchown" (94) [priority: 65535] - if ($syscall == 94) - action ERRNO(94); - else # ($syscall <= 93) - # filter for syscall "fchown" (93) [priority: 65535] - if ($syscall == 93) - action ERRNO(93); - # filter for syscall "chown" (92) [priority: 65535] - if ($syscall == 92) - action ERRNO(92); - # filter for syscall "fchmod" (91) [priority: 65535] - if ($syscall == 91) - action ERRNO(91); - # filter for syscall "chmod" (90) [priority: 65535] - if ($syscall == 90) - action ERRNO(90); - else # ($syscall <= 89) - if ($syscall > 81) - if ($syscall > 85) - # filter for syscall "readlink" (89) [priority: 65535] - if ($syscall == 89) - action ERRNO(89); - # filter for syscall "symlink" (88) [priority: 65535] - if ($syscall == 88) - action ERRNO(88); - # filter for syscall "unlink" (87) [priority: 65535] - if ($syscall == 87) - action ERRNO(87); - # filter for syscall "link" (86) [priority: 65535] - if ($syscall == 86) - action ERRNO(86); - else # ($syscall <= 85) - # filter for syscall "creat" (85) [priority: 65535] - if ($syscall == 85) - action ERRNO(85); - # filter for syscall "rmdir" (84) [priority: 65535] - if ($syscall == 84) - action ERRNO(84); - # filter for syscall "mkdir" (83) [priority: 65535] - if ($syscall == 83) - action ERRNO(83); - # filter for syscall "rename" (82) [priority: 65535] - if ($syscall == 82) - action ERRNO(82); - else # ($syscall <= 81) - if ($syscall > 77) - # filter for syscall "fchdir" (81) [priority: 65535] - if ($syscall == 81) - action ERRNO(81); - # filter for syscall "chdir" (80) [priority: 65535] - if ($syscall == 80) - action ERRNO(80); - # filter for syscall "getcwd" (79) [priority: 65535] - if ($syscall == 79) - action ERRNO(79); - # filter for syscall "getdents" (78) [priority: 65535] - if ($syscall == 78) - action ERRNO(78); - else # ($syscall <= 77) - # filter for syscall "ftruncate" (77) [priority: 65535] - if ($syscall == 77) - action ERRNO(77); - # filter for syscall "truncate" (76) [priority: 65535] - if ($syscall == 76) - action ERRNO(76); - # filter for syscall "fdatasync" (75) [priority: 65535] - if ($syscall == 75) - action ERRNO(75); - # filter for syscall "fsync" (74) [priority: 65535] - if ($syscall == 74) - action ERRNO(74); - else # ($syscall <= 73) - if ($syscall > 9) - if ($syscall > 41) - if ($syscall > 57) - if ($syscall > 65) - if ($syscall > 69) - # filter for syscall "flock" (73) [priority: 65535] - if ($syscall == 73) - action ERRNO(73); - # filter for syscall "fcntl" (72) [priority: 65535] - if ($syscall == 72) - action ERRNO(72); - # filter for syscall "msgctl" (71) [priority: 65535] - if ($syscall == 71) - action ERRNO(71); - # filter for syscall "msgrcv" (70) [priority: 65535] - if ($syscall == 70) - action ERRNO(70); - else # ($syscall <= 69) - # filter for syscall "msgsnd" (69) [priority: 65535] - if ($syscall == 69) - action ERRNO(69); - # filter for syscall "msgget" (68) [priority: 65535] - if ($syscall == 68) - action ERRNO(68); - # filter for syscall "shmdt" (67) [priority: 65535] - if ($syscall == 67) - action ERRNO(67); - # filter for syscall "semctl" (66) [priority: 65535] - if ($syscall == 66) - action ERRNO(66); - else # ($syscall <= 65) - if ($syscall > 61) - # filter for syscall "semop" (65) [priority: 65535] - if ($syscall == 65) - action ERRNO(65); - # filter for syscall "semget" (64) [priority: 65535] - if ($syscall == 64) - action ERRNO(64); - # filter for syscall "uname" (63) [priority: 65535] - if ($syscall == 63) - action ERRNO(63); - # filter for syscall "kill" (62) [priority: 65535] - if ($syscall == 62) - action ERRNO(62); - else # ($syscall <= 61) - # filter for syscall "wait4" (61) [priority: 65533] - if ($syscall == 61) - if ($a0.hi32 == 0) - if ($a0.lo32 == 61) - action ERRNO(61); - # filter for syscall "exit" (60) [priority: 65535] - if ($syscall == 60) - action ERRNO(60); - # filter for syscall "execve" (59) [priority: 65535] - if ($syscall == 59) - action ERRNO(59); - # filter for syscall "vfork" (58) [priority: 65535] - if ($syscall == 58) - action ERRNO(58); - else # ($syscall <= 57) - if ($syscall > 49) - if ($syscall > 53) - # filter for syscall "fork" (57) [priority: 65535] - if ($syscall == 57) - action ERRNO(57); - # filter for syscall "clone" (56) [priority: 65535] - if ($syscall == 56) - action ERRNO(56); - # filter for syscall "getsockopt" (55) [priority: 65535] - if ($syscall == 55) - action ERRNO(55); - # filter for syscall "setsockopt" (54) [priority: 65535] - if ($syscall == 54) - action ERRNO(54); - else # ($syscall <= 53) - # filter for syscall "socketpair" (53) [priority: 65533] - if ($syscall == 53) - if ($a0.hi32 == 0) - if ($a0.lo32 == 53) - action ERRNO(53); - # filter for syscall "getpeername" (52) [priority: 65535] - if ($syscall == 52) - action ERRNO(52); - # filter for syscall "getsockname" (51) [priority: 65535] - if ($syscall == 51) - action ERRNO(51); - # filter for syscall "listen" (50) [priority: 65535] - if ($syscall == 50) - action ERRNO(50); - else # ($syscall <= 49) - if ($syscall > 45) - # filter for syscall "bind" (49) [priority: 65535] - if ($syscall == 49) - action ERRNO(49); - # filter for syscall "shutdown" (48) [priority: 65535] - if ($syscall == 48) - action ERRNO(48); - # filter for syscall "recvmsg" (47) [priority: 65535] - if ($syscall == 47) - action ERRNO(47); - # filter for syscall "sendmsg" (46) [priority: 65535] - if ($syscall == 46) - action ERRNO(46); - else # ($syscall <= 45) - # filter for syscall "recvfrom" (45) [priority: 65535] - if ($syscall == 45) - action ERRNO(45); - # filter for syscall "sendto" (44) [priority: 65535] - if ($syscall == 44) - action ERRNO(44); - # filter for syscall "accept" (43) [priority: 65535] - if ($syscall == 43) - action ERRNO(43); - # filter for syscall "connect" (42) [priority: 65535] - if ($syscall == 42) - action ERRNO(42); - else # ($syscall <= 41) - if ($syscall > 25) - if ($syscall > 33) - if ($syscall > 37) - # filter for syscall "socket" (41) [priority: 65535] - if ($syscall == 41) - action ERRNO(41); - # filter for syscall "sendfile" (40) [priority: 65535] - if ($syscall == 40) - action ERRNO(40); - # filter for syscall "getpid" (39) [priority: 65535] - if ($syscall == 39) - action ERRNO(39); - # filter for syscall "setitimer" (38) [priority: 65535] - if ($syscall == 38) - action ERRNO(38); - else # ($syscall <= 37) - # filter for syscall "alarm" (37) [priority: 65535] - if ($syscall == 37) - action ERRNO(37); - # filter for syscall "getitimer" (36) [priority: 65535] - if ($syscall == 36) - action ERRNO(36); - # filter for syscall "nanosleep" (35) [priority: 65535] - if ($syscall == 35) - action ERRNO(35); - # filter for syscall "pause" (34) [priority: 65535] - if ($syscall == 34) - action ERRNO(34); - else # ($syscall <= 33) - if ($syscall > 29) - # filter for syscall "dup2" (33) [priority: 65535] - if ($syscall == 33) - action ERRNO(33); - # filter for syscall "dup" (32) [priority: 65535] - if ($syscall == 32) - action ERRNO(32); - # filter for syscall "shmctl" (31) [priority: 65535] - if ($syscall == 31) - action ERRNO(31); - # filter for syscall "shmat" (30) [priority: 65535] - if ($syscall == 30) - action ERRNO(30); - else # ($syscall <= 29) - # filter for syscall "shmget" (29) [priority: 65535] - if ($syscall == 29) - action ERRNO(29); - # filter for syscall "madvise" (28) [priority: 65535] - if ($syscall == 28) - action ERRNO(28); - # filter for syscall "mincore" (27) [priority: 65535] - if ($syscall == 27) - action ERRNO(27); - # filter for syscall "msync" (26) [priority: 65535] - if ($syscall == 26) - action ERRNO(26); - else # ($syscall <= 25) - if ($syscall > 17) - if ($syscall > 21) - # filter for syscall "mremap" (25) [priority: 65535] - if ($syscall == 25) - action ERRNO(25); - # filter for syscall "sched_yield" (24) [priority: 65535] - if ($syscall == 24) - action ERRNO(24); - # filter for syscall "select" (23) [priority: 65535] - if ($syscall == 23) - action ERRNO(23); - # filter for syscall "pipe" (22) [priority: 65535] - if ($syscall == 22) - action ERRNO(22); - else # ($syscall <= 21) - # filter for syscall "access" (21) [priority: 65535] - if ($syscall == 21) - action ERRNO(21); - # filter for syscall "writev" (20) [priority: 65535] - if ($syscall == 20) - action ERRNO(20); - # filter for syscall "readv" (19) [priority: 65535] - if ($syscall == 19) - action ERRNO(19); - # filter for syscall "pwrite64" (18) [priority: 65535] - if ($syscall == 18) - action ERRNO(18); - else # ($syscall <= 17) - if ($syscall > 13) - # filter for syscall "pread64" (17) [priority: 65535] - if ($syscall == 17) - action ERRNO(17); - # filter for syscall "ioctl" (16) [priority: 65535] - if ($syscall == 16) - action ERRNO(16); - # filter for syscall "rt_sigreturn" (15) [priority: 65535] - if ($syscall == 15) - action ERRNO(15); - # filter for syscall "rt_sigprocmask" (14) [priority: 65535] - if ($syscall == 14) - action ERRNO(14); - else # ($syscall <= 13) - # filter for syscall "rt_sigaction" (13) [priority: 65535] - if ($syscall == 13) - action ERRNO(13); - # filter for syscall "brk" (12) [priority: 65535] - if ($syscall == 12) - action ERRNO(12); - # filter for syscall "munmap" (11) [priority: 65535] - if ($syscall == 11) - action ERRNO(11); - # filter for syscall "mprotect" (10) [priority: 65533] - if ($syscall == 10) - if ($a0.hi32 == 0) - if ($a0.lo32 == 10) - action ERRNO(10); - else # ($syscall <= 9) - if ($syscall > 1) - if ($syscall > 5) - # filter for syscall "mmap" (9) [priority: 65535] - if ($syscall == 9) - action ERRNO(9); - # filter for syscall "lseek" (8) [priority: 65535] - if ($syscall == 8) - action ERRNO(8); - # filter for syscall "poll" (7) [priority: 65535] - if ($syscall == 7) - action ERRNO(7); - # filter for syscall "lstat" (6) [priority: 65535] - if ($syscall == 6) - action ERRNO(6); - else # ($syscall <= 5) - # filter for syscall "fstat" (5) [priority: 65535] - if ($syscall == 5) - action ERRNO(5); - # filter for syscall "stat" (4) [priority: 65535] - if ($syscall == 4) - action ERRNO(4); - # filter for syscall "close" (3) [priority: 65535] - if ($syscall == 3) - action ERRNO(3); - # filter for syscall "open" (2) [priority: 65535] - if ($syscall == 2) - action ERRNO(2); - else # ($syscall <= 1) - # filter for syscall "write" (1) [priority: 65535] - if ($syscall == 1) + if ($syscall > 2) + if ($syscall > 10) + if ($syscall > 14) + # filter for syscall "pwrite64" (18) [priority: 65531] + if ($syscall == 18) + if ($a0.hi32 == 0) + if ($a0.lo32 == 107) + if ($a1.hi32 == 0) + if ($a1.lo32 == 108) + action ERRNO(18); + # filter for syscall "pread64" (17) [priority: 65533] + if ($syscall == 17) + if ($a0.hi32 == 0) + if ($a0.lo32 == 106) + action ERRNO(17); + # filter for syscall "ioctl" (16) [priority: 65535] + if ($syscall == 16) + action ERRNO(16); + # filter for syscall "rt_sigreturn" (15) [priority: 65535] + if ($syscall == 15) + action ERRNO(15); + else # ($syscall <= 14) + # filter for syscall "rt_sigprocmask" (14) [priority: 65535] + if ($syscall == 14) + action ERRNO(14); + # filter for syscall "rt_sigaction" (13) [priority: 65535] + if ($syscall == 13) + action ERRNO(13); + # filter for syscall "brk" (12) [priority: 65535] + if ($syscall == 12) + action ERRNO(12); + # filter for syscall "munmap" (11) [priority: 65535] + if ($syscall == 11) + action ERRNO(11); + else # ($syscall <= 10) + if ($syscall > 6) + # filter for syscall "mprotect" (10) [priority: 65533] + if ($syscall == 10) + if ($a0.hi32 == 0) + if ($a0.lo32 == 105) + action ERRNO(10); + # filter for syscall "mmap" (9) [priority: 65535] + if ($syscall == 9) + action ERRNO(9); + # filter for syscall "lseek" (8) [priority: 65533] + if ($syscall == 8) + if ($a0.hi32 == 0) + if ($a0.lo32 == 104) + action ERRNO(8); + # filter for syscall "poll" (7) [priority: 65535] + if ($syscall == 7) + action ERRNO(7); + else # ($syscall <= 6) + # filter for syscall "lstat" (6) [priority: 65535] + if ($syscall == 6) + action ERRNO(6); + # filter for syscall "fstat" (5) [priority: 65533] + if ($syscall == 5) + if ($a0.hi32 == 0) + if ($a0.lo32 == 103) + action ERRNO(5); + # filter for syscall "stat" (4) [priority: 65535] + if ($syscall == 4) + action ERRNO(4); + # filter for syscall "close" (3) [priority: 65535] + if ($syscall == 3) + action ERRNO(3); + else # ($syscall <= 2) + # filter for syscall "open" (2) [priority: 65535] + if ($syscall == 2) + action ERRNO(2); + # filter for syscall "write" (1) [priority: 65533] + if ($syscall == 1) + if ($a0.hi32 == 0) + if ($a0.lo32 == 102) action ERRNO(1); - # filter for syscall "read" (0) [priority: 65535] - if ($syscall == 0) - action ERRNO(0); + # filter for syscall "read" (0) [priority: 65531] + if ($syscall == 0) + if ($a0.hi32 == 0) + if ($a0.lo32 == 100) + if ($a1.hi32 == 0) + if ($a1.lo32 == 101) + action ERRNO(0); + # default action + action ALLOW; +# filter for arch aarch64 (3221225655) +if ($arch == 3221225655) + if ($syscall > 62) + if ($syscall > 139) + if ($syscall > 226) + # filter for syscall "lstat" (4294957133) [priority: 65535] + if ($syscall == 4294957133) + action ERRNO(6); + # filter for syscall "open" (4294957130) [priority: 65535] + if ($syscall == 4294957130) + action ERRNO(2); + # filter for syscall "poll" (4294957127) [priority: 65535] + if ($syscall == 4294957127) + action ERRNO(7); + # filter for syscall "stat" (4294957122) [priority: 65535] + if ($syscall == 4294957122) + action ERRNO(4); + else # ($syscall <= 226) + # filter for syscall "mprotect" (226) [priority: 65533] + if ($syscall == 226) + if ($a0.hi32 == 0) + if ($a0.lo32 == 105) + action ERRNO(10); + # filter for syscall "mmap" (222) [priority: 65535] + if ($syscall == 222) + action ERRNO(9); + # filter for syscall "munmap" (215) [priority: 65535] + if ($syscall == 215) + action ERRNO(11); + # filter for syscall "brk" (214) [priority: 65535] + if ($syscall == 214) + action ERRNO(12); + else # ($syscall <= 139) + if ($syscall > 68) + # filter for syscall "rt_sigreturn" (139) [priority: 65535] + if ($syscall == 139) + action ERRNO(15); + # filter for syscall "rt_sigprocmask" (135) [priority: 65535] + if ($syscall == 135) + action ERRNO(14); + # filter for syscall "rt_sigaction" (134) [priority: 65535] + if ($syscall == 134) + action ERRNO(13); + # filter for syscall "fstat" (80) [priority: 65533] + if ($syscall == 80) + if ($a0.hi32 == 0) + if ($a0.lo32 == 103) + action ERRNO(5); + else # ($syscall <= 68) + # filter for syscall "pwrite64" (68) [priority: 65531] + if ($syscall == 68) + if ($a0.hi32 == 0) + if ($a0.lo32 == 107) + if ($a1.hi32 == 0) + if ($a1.lo32 == 108) + action ERRNO(18); + # filter for syscall "pread64" (67) [priority: 65533] + if ($syscall == 67) + if ($a0.hi32 == 0) + if ($a0.lo32 == 106) + action ERRNO(17); + # filter for syscall "write" (64) [priority: 65533] + if ($syscall == 64) + if ($a0.hi32 == 0) + if ($a0.lo32 == 102) + action ERRNO(1); + # filter for syscall "read" (63) [priority: 65531] + if ($syscall == 63) + if ($a0.hi32 == 0) + if ($a0.lo32 == 100) + if ($a1.hi32 == 0) + if ($a1.lo32 == 101) + action ERRNO(0); + else # ($syscall <= 62) + # filter for syscall "lseek" (62) [priority: 65533] + if ($syscall == 62) + if ($a0.hi32 == 0) + if ($a0.lo32 == 104) + action ERRNO(8); + # filter for syscall "close" (57) [priority: 65535] + if ($syscall == 57) + action ERRNO(3); + # filter for syscall "ioctl" (29) [priority: 65535] + if ($syscall == 29) + action ERRNO(16); # default action action ALLOW; # invalid architecture action