aboutgitcodelistschat:MatrixIRC
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/unit/test_filter_build.c195
1 files changed, 101 insertions, 94 deletions
diff --git a/tests/unit/test_filter_build.c b/tests/unit/test_filter_build.c
index 343d020..df9eef6 100644
--- a/tests/unit/test_filter_build.c
+++ b/tests/unit/test_filter_build.c
@@ -46,7 +46,8 @@ START_TEST(test_single_instr)
/* l0 */ BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, arch))),
/* l1 */
- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 2),
+ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 1, 0),
+ /* l10 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
/* l2 */
BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, nr))),
@@ -79,24 +80,25 @@ START_TEST(test_single_instr_two_args)
struct syscall_entry table[] = {
{ .count = 1, .nr = nr, .entry = &calls[0] },
};
- struct sock_filter result[10];
+ struct sock_filter result[20];
struct sock_filter expected[] = {
/* l0 */ BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, arch))),
/* l1 */
- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 8),
- /* l2 */
+ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 1, 0),
+ /* l2 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l3 */
BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, nr))),
- /* l3 */ EQ(nr, 0, 6),
- /* l4 */ LOAD(offsetof(struct seccomp_data, args[1])),
- /* l5 */ EQ(123, 0, 2),
- /* l6 */ LOAD(offsetof(struct seccomp_data, args[2])),
- /* l7 */ EQ(321, 0, 1),
- /* l8 */ JUMPA(2),
- /* l9 */ JUMPA(0),
- /* l10 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l4 */ EQ(nr, 2, 0),
+ /* l5 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l6 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
+ /* l7 */ LOAD(offsetof(struct seccomp_data, args[1])),
+ /* l8 */ EQ(123, 0, 2),
+ /* l9 */ LOAD(offsetof(struct seccomp_data, args[2])),
+ /* l10 */ EQ(321, 0, 1),
/* l11 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
+ /* l12 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
};
size = create_bfp_program(table, result,
sizeof(table) / sizeof(table[0]));
@@ -121,17 +123,18 @@ START_TEST(test_two_instr)
/* l0 */ BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, arch))),
/* l1 */
- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 4),
- /* l2 */
+ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 1, 0),
+ /* l2 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l3 */
BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, nr))),
/* ------- level0 -------- */
- /* l3 */ JGE(49, 1, 0),
+ /* l4 */ JGE(49, 1, 0),
/* ------- leaves -------- */
- /* l4 */ EQ(42, 2, 1),
- /* l5 */ EQ(49, 1, 0),
- /* l6 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
- /* l7 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
+ /* l5 */ EQ(42, 2, 1),
+ /* l6 */ EQ(49, 1, 0),
+ /* l7 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l8 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
};
struct sock_filter result[30];
@@ -161,28 +164,29 @@ START_TEST(test_multiple_instr_no_args)
/* l0 */ BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, arch))),
/* l1 */
- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 13),
- /* l2 */
+ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 1, 0),
+ /* l2 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l3 */
BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, nr))),
/* ------- level0 -------- */
- /* l3 */ JGE(46, 1, 0),
+ /* l4 */ JGE(46, 1, 0),
/* ------- level1 -------- */
- /* l4 */ JGE(45, 2, 1),
- /* l5 */ JGE(46, 3, 2),
+ /* l5 */ JGE(45, 2, 1),
+ /* l6 */ JGE(46, 3, 2),
/* ------- level2 -------- */
- /* l6 */ JGE(43, 4, 3),
- /* l7 */ JGE(45, 5, 4),
- /* l8 */ JGE(46, 6, 5),
- /* l9 */ JUMPA(5),
+ /* l7 */ JGE(43, 4, 3),
+ /* l8 */ JGE(45, 5, 4),
+ /* l9 */ JGE(46, 6, 5),
+ /* l10 */ JUMPA(5),
/* -------- leaves ------- */
- /* l10 */ EQ(42, 5, 4),
- /* l11 */ EQ(43, 4, 3),
- /* l12 */ EQ(44, 3, 2),
- /* l13 */ EQ(45, 2, 1),
- /* l14 */ EQ(46, 1, 0),
- /* l20 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
- /* l21 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
+ /* l11 */ EQ(42, 5, 4),
+ /* l12 */ EQ(43, 4, 3),
+ /* l13 */ EQ(44, 3, 2),
+ /* l14 */ EQ(45, 2, 1),
+ /* l15 */ EQ(46, 1, 0),
+ /* l16 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l17 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
};
struct sock_filter result[sizeof(expected) / sizeof(expected[0]) + 10];
@@ -227,43 +231,44 @@ START_TEST(test_multiple_instr_with_args)
/* l0 */ BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, arch))),
/* l1 */
- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 25),
- /* l2 */
+ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 1, 0),
+ /* l2 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l3 */
BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, nr))),
/* ------- level0 -------- */
- /* l3 */ JGE(46, 1, 0),
+ /* l4 */ JGE(46, 1, 0),
/* ------- level1 -------- */
- /* l4 */ JGE(45, 2, 1),
- /* l5 */ JGE(46, 3, 2),
+ /* l5 */ JGE(45, 2, 1),
+ /* l6 */ JGE(46, 3, 2),
/* ------- level2 -------- */
- /* l6 */ JGE(43, 4, 3),
- /* l7 */ JGE(45, 5, 4),
- /* l8 */ JGE(46, 6, 5),
- /* l9 */ JUMPA(17),
+ /* l7 */ JGE(43, 4, 3),
+ /* l8 */ JGE(45, 5, 4),
+ /* l9 */ JGE(46, 6, 5),
+ /* l10 */ JUMPA(5),
/* -------- leaves ------- */
- /* l10 */ EQ(42, 4, 16),
- /* l11 */ EQ(43, 16, 15),
- /* l12 */ EQ(44, 15, 14),
- /* l13 */ EQ(45, 6, 13),
- /* l14 */ EQ(46, 13, 12),
+ /* l11 */ EQ(42, 6, 4),
+ /* l12 */ EQ(43, 4, 3),
+ /* l13 */ EQ(44, 3, 2),
+ /* l14 */ EQ(45, 9, 1),
+ /* l15 */ EQ(46, 1, 0),
+ /* l16 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l17 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
/* ------- args ---------- */
- /* l15 */ LOAD(offsetof(struct seccomp_data, args[1])),
- /* l16 */ EQ(123, 0, 2),
- /* l17 */ LOAD(offsetof(struct seccomp_data, args[2])),
- /* l18 */ EQ(321, 0, 1),
- /* l19 */ JUMPA(8), /* notify */
- /* l20 */ JUMPA(6),
- /* ----- end call44 ------ */
- /* l21 */ LOAD(offsetof(struct seccomp_data, args[1])),
- /* l22 */ EQ(123, 0, 2),
- /* l23 */ LOAD(offsetof(struct seccomp_data, args[2])),
- /* l24 */ EQ(321, 0, 1),
- /* l25 */ JUMPA(2), /* notify */
- /* l26 */ JUMPA(0),
- /* ----- end call46 ------ */
- /* l27 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l18 */ LOAD(offsetof(struct seccomp_data, args[1])),
+ /* l19 */ EQ(123, 0, 2),
+ /* l20 */ LOAD(offsetof(struct seccomp_data, args[2])),
+ /* l21 */ EQ(321, 0, 1),
+ /* l22 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
+ /* l23 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* ----- end call42 ------ */
+ /* l24 */ LOAD(offsetof(struct seccomp_data, args[1])),
+ /* l25 */ EQ(123, 0, 2),
+ /* l26 */ LOAD(offsetof(struct seccomp_data, args[2])),
+ /* l27 */ EQ(321, 0, 1),
/* l28 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
+ /* l29 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* ----- end call45 ------ */
};
struct sock_filter result[sizeof(expected) / sizeof(expected[0]) + 10];
@@ -311,44 +316,46 @@ START_TEST(test_multiple_instance_same_instr)
/* l0 */ BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, arch))),
/* l1 */
- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 27),
- /* l2 */
+ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 1, 0),
+ /* l2 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l3 */
BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, nr))),
/* ------- level0 -------- */
- /* l3 */ JGE(46, 1, 0),
+ /* l4 */ JGE(46, 1, 0),
/* ------- level1 -------- */
- /* l4 */ JGE(45, 2, 1),
- /* l5 */ JGE(46, 3, 2),
+ /* l5 */ JGE(45, 2, 1),
+ /* l6 */ JGE(46, 3, 2),
/* ------- level2 -------- */
- /* l6 */ JGE(43, 4, 3),
- /* l7 */ JGE(45, 5, 4),
- /* l8 */ JGE(46, 6, 5),
- /* l9 */ JUMPA(19),
+ /* l7 */ JGE(43, 4, 3),
+ /* l8 */ JGE(45, 5, 4),
+ /* l9 */ JGE(46, 6, 5),
+ /* l10 */ JUMPA(5),
/* -------- leaves ------- */
- /* l10 */ EQ(42, 4, 18),
- /* l11 */ EQ(43, 18, 17),
- /* l12 */ EQ(44, 17, 16),
- /* l13 */ EQ(45, 6, 15),
- /* l14 */ EQ(46, 15, 14),
+ /* l11 */ EQ(42, 6, 4),
+ /* l12 */ EQ(43, 4, 3),
+ /* l13 */ EQ(44, 3, 2),
+ /* l14 */ EQ(45, 10, 1),
+ /* l15 */ EQ(46, 1, 0),
+ /* l16 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l17 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
/* ------- args ---------- */
- /* l15 */ LOAD(offsetof(struct seccomp_data, args[1])),
- /* l16 */ EQ(123, 0, 1),
- /* l17 */ JUMPA(12), /* notify */
- /* l18 */ LOAD(offsetof(struct seccomp_data, args[2])),
- /* l19 */ EQ(321, 0, 1),
- /* l20 */ JUMPA(9), /* notify */
- /* l21 */ JUMPA(7),
- /* ----- end call44 ------ */
- /* l22 */ LOAD(offsetof(struct seccomp_data, args[1])),
- /* l23 */ EQ(123, 0, 1),
- /* l24 */ JUMPA(5), /* notify */
- /* l25 */ LOAD(offsetof(struct seccomp_data, args[2])),
- /* l26 */ EQ(321, 0, 1),
- /* l27 */ JUMPA(2), /* notify */
- /* l28 */ JUMPA(0),
- /* l29 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l18 */ LOAD(offsetof(struct seccomp_data, args[1])),
+ /* l19 */ EQ(123, 0, 1),
+ /* l20 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
+ /* l21 */ LOAD(offsetof(struct seccomp_data, args[2])),
+ /* l22 */ EQ(321, 0, 1),
+ /* l23 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
+ /* l24 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* ----- end call42 ------ */
+ /* l25 */ LOAD(offsetof(struct seccomp_data, args[1])),
+ /* l26 */ EQ(123, 0, 1),
+ /* l27 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
+ /* l28 */ LOAD(offsetof(struct seccomp_data, args[2])),
+ /* l29 */ EQ(321, 0, 1),
/* l30 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
+ /* l31 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* ----- end call44 ------ */
};
struct sock_filter result[sizeof(expected) / sizeof(expected[0]) + 10];