script_core 0.2.6 → 0.2.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/enterprise_script_service/libseccomp/.travis.yml +21 -7
- data/ext/enterprise_script_service/libseccomp/CHANGELOG +22 -0
- data/ext/enterprise_script_service/libseccomp/CONTRIBUTING.md +37 -26
- data/ext/enterprise_script_service/libseccomp/CREDITS +8 -0
- data/ext/enterprise_script_service/libseccomp/README.md +3 -1
- data/ext/enterprise_script_service/libseccomp/configure.ac +13 -8
- data/ext/enterprise_script_service/libseccomp/doc/Makefile.am +6 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_api_get.3 +12 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_arch_add.3 +38 -6
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_attr_set.3 +53 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_export_bpf.3 +20 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_init.3 +9 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_load.3 +32 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_merge.3 +16 -2
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_alloc.3 +113 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_fd.3 +1 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_free.3 +1 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_id_valid.3 +1 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_receive.3 +1 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_notify_respond.3 +1 -0
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_rule_add.3 +64 -3
- data/ext/enterprise_script_service/libseccomp/doc/man/man3/seccomp_syscall_priority.3 +18 -3
- data/ext/enterprise_script_service/libseccomp/include/seccomp-syscalls.h +12 -0
- data/ext/enterprise_script_service/libseccomp/include/seccomp.h.in +116 -0
- data/ext/enterprise_script_service/libseccomp/src/.gitignore +2 -0
- data/ext/enterprise_script_service/libseccomp/src/Makefile.am +31 -17
- data/ext/enterprise_script_service/libseccomp/src/api.c +254 -58
- data/ext/enterprise_script_service/libseccomp/src/arch-aarch64.h +1 -9
- data/ext/enterprise_script_service/libseccomp/src/arch-arm.c +47 -2
- data/ext/enterprise_script_service/libseccomp/src/arch-arm.h +1 -9
- data/ext/enterprise_script_service/libseccomp/src/arch-gperf-generate +40 -0
- data/ext/enterprise_script_service/libseccomp/src/arch-mips.c +41 -4
- data/ext/enterprise_script_service/libseccomp/src/arch-mips.h +2 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64.c +41 -4
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64.h +3 -11
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.c +41 -4
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32.h +2 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-parisc.h +1 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.c +3 -3
- data/ext/enterprise_script_service/libseccomp/src/arch-parisc64.h +29 -0
- data/ext/enterprise_script_service/libseccomp/src/arch-ppc.h +1 -9
- data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.c +606 -8
- data/ext/enterprise_script_service/libseccomp/src/arch-ppc64.h +2 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.c +31 -0
- data/ext/enterprise_script_service/libseccomp/src/arch-riscv64.h +22 -0
- data/ext/enterprise_script_service/libseccomp/src/arch-s390.c +171 -12
- data/ext/enterprise_script_service/libseccomp/src/arch-s390.h +1 -17
- data/ext/enterprise_script_service/libseccomp/src/arch-s390x.c +166 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-s390x.h +1 -20
- data/ext/enterprise_script_service/libseccomp/src/arch-syscall-dump.c +8 -1
- data/ext/enterprise_script_service/libseccomp/src/arch-syscall-validate +359 -143
- data/ext/enterprise_script_service/libseccomp/src/arch-x32.c +36 -2
- data/ext/enterprise_script_service/libseccomp/src/arch-x32.h +2 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-x86.c +172 -10
- data/ext/enterprise_script_service/libseccomp/src/arch-x86.h +1 -14
- data/ext/enterprise_script_service/libseccomp/src/arch-x86_64.h +1 -9
- data/ext/enterprise_script_service/libseccomp/src/arch.c +11 -3
- data/ext/enterprise_script_service/libseccomp/src/arch.h +7 -0
- data/ext/enterprise_script_service/libseccomp/src/db.c +268 -57
- data/ext/enterprise_script_service/libseccomp/src/db.h +16 -2
- data/ext/enterprise_script_service/libseccomp/src/gen_bpf.c +503 -148
- data/ext/enterprise_script_service/libseccomp/src/gen_bpf.h +2 -1
- data/ext/enterprise_script_service/libseccomp/src/gen_pfc.c +165 -37
- data/ext/enterprise_script_service/libseccomp/src/python/libseccomp.pxd +37 -1
- data/ext/enterprise_script_service/libseccomp/src/python/seccomp.pyx +295 -5
- data/ext/enterprise_script_service/libseccomp/src/syscalls.c +56 -0
- data/ext/enterprise_script_service/libseccomp/src/syscalls.csv +470 -0
- data/ext/enterprise_script_service/libseccomp/src/syscalls.h +62 -0
- data/ext/enterprise_script_service/libseccomp/src/syscalls.perf.template +82 -0
- data/ext/enterprise_script_service/libseccomp/src/system.c +196 -16
- data/ext/enterprise_script_service/libseccomp/src/system.h +68 -13
- data/ext/enterprise_script_service/libseccomp/tests/.gitignore +9 -2
- data/ext/enterprise_script_service/libseccomp/tests/06-sim-actions.tests +1 -1
- data/ext/enterprise_script_service/libseccomp/tests/11-basic-basic_errors.c +5 -5
- data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.c +35 -1
- data/ext/enterprise_script_service/libseccomp/tests/13-basic-attrs.py +10 -1
- data/ext/enterprise_script_service/libseccomp/tests/15-basic-resolver.c +1 -0
- data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.c +12 -0
- data/ext/enterprise_script_service/libseccomp/tests/16-sim-arch_basic.py +1 -0
- data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.c → 18-sim-basic_allowlist.c} +0 -0
- data/ext/enterprise_script_service/libseccomp/tests/{18-sim-basic_whitelist.py → 18-sim-basic_allowlist.py} +0 -0
- data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_allowlist.tests +32 -0
- data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.c +3 -0
- data/ext/enterprise_script_service/libseccomp/tests/23-sim-arch_all_le_basic.py +1 -0
- data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.c +3 -0
- data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.py +1 -0
- data/ext/enterprise_script_service/libseccomp/tests/30-sim-socket_syscalls.tests +33 -17
- data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.c → 34-sim-basic_denylist.c} +0 -0
- data/ext/enterprise_script_service/libseccomp/tests/{34-sim-basic_blacklist.py → 34-sim-basic_denylist.py} +0 -0
- data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_denylist.tests +32 -0
- data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.c +3 -0
- data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.py +1 -0
- data/ext/enterprise_script_service/libseccomp/tests/36-sim-ipc_syscalls.tests +25 -25
- data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.c +24 -3
- data/ext/enterprise_script_service/libseccomp/tests/39-basic-api_level.py +16 -1
- data/ext/enterprise_script_service/libseccomp/tests/47-live-kill_process.c +3 -3
- data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.c +112 -0
- data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.py +60 -0
- data/ext/enterprise_script_service/libseccomp/tests/51-live-user_notification.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.c +156 -0
- data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.py +95 -0
- data/ext/enterprise_script_service/libseccomp/tests/53-sim-binary_tree.tests +65 -0
- data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.c +128 -0
- data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.py +95 -0
- data/ext/enterprise_script_service/libseccomp/tests/54-live-binary_tree.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.c +134 -0
- data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.sh +46 -0
- data/ext/enterprise_script_service/libseccomp/tests/55-basic-pfc_binary_tree.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.c +90 -0
- data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.py +65 -0
- data/ext/enterprise_script_service/libseccomp/tests/56-basic-iterate_syscalls.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.c +64 -0
- data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.py +46 -0
- data/ext/enterprise_script_service/libseccomp/tests/57-basic-rawsysrc.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.c +116 -0
- data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.py +61 -0
- data/ext/enterprise_script_service/libseccomp/tests/58-live-tsync_notify.tests +11 -0
- data/ext/enterprise_script_service/libseccomp/tests/Makefile.am +31 -10
- data/ext/enterprise_script_service/libseccomp/tests/regression +6 -3
- data/ext/enterprise_script_service/libseccomp/tests/util.c +3 -3
- data/ext/enterprise_script_service/libseccomp/tools/check-syntax +1 -1
- data/ext/enterprise_script_service/libseccomp/tools/scmp_arch_detect.c +3 -0
- data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_disasm.c +4 -2
- data/ext/enterprise_script_service/libseccomp/tools/scmp_bpf_sim.c +2 -0
- data/ext/enterprise_script_service/libseccomp/tools/util.c +14 -12
- data/ext/enterprise_script_service/libseccomp/tools/util.h +7 -0
- data/ext/enterprise_script_service/mruby/.github/workflows/codeql-analysis.yml +51 -0
- data/ext/enterprise_script_service/mruby/Doxyfile +1 -1
- data/ext/enterprise_script_service/mruby/README.md +1 -1
- data/ext/enterprise_script_service/mruby/doc/guides/debugger.md +1 -1
- data/ext/enterprise_script_service/mruby/doc/limitations.md +10 -10
- data/ext/enterprise_script_service/mruby/include/mruby.h +13 -0
- data/ext/enterprise_script_service/mruby/include/mruby/boxing_word.h +0 -1
- data/ext/enterprise_script_service/mruby/include/mruby/proc.h +13 -8
- data/ext/enterprise_script_service/mruby/include/mruby/value.h +25 -29
- data/ext/enterprise_script_service/mruby/include/mruby/version.h +3 -3
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-array-ext/src/array.c +5 -8
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mirb/tools/mirb/mirb.c +2 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-bin-mrbc/tools/mrbc/mrbc.c +17 -10
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/mrblib/complex.rb +1 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-complex/src/complex.c +1 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-eval/src/eval.c +1 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-fiber/src/fiber.c +1 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-inline-struct/test/inline.c +3 -4
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file.c +1 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/file_test.c +9 -26
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-io/src/io.c +1 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-kernel-ext/src/kernel.c +6 -8
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-method/src/method.c +3 -4
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-objectspace/src/mruby_objectspace.c +0 -1
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-print/src/print.c +1 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-range-ext/src/range.c +1 -3
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-rational/mrblib/rational.rb +1 -3
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-sprintf/src/sprintf.c +3 -3
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-string-ext/src/string.c +1 -2
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-struct/src/struct.c +5 -11
- data/ext/enterprise_script_service/mruby/mrbgems/mruby-time/src/time.c +5 -10
- data/ext/enterprise_script_service/mruby/mrblib/00class.rb +10 -0
- data/ext/enterprise_script_service/mruby/src/array.c +14 -11
- data/ext/enterprise_script_service/mruby/src/class.c +22 -21
- data/ext/enterprise_script_service/mruby/src/error.c +1 -2
- data/ext/enterprise_script_service/mruby/src/etc.c +0 -1
- data/ext/enterprise_script_service/mruby/src/gc.c +5 -5
- data/ext/enterprise_script_service/mruby/src/hash.c +8 -15
- data/ext/enterprise_script_service/mruby/src/kernel.c +4 -7
- data/ext/enterprise_script_service/mruby/src/numeric.c +28 -60
- data/ext/enterprise_script_service/mruby/src/object.c +11 -1
- data/ext/enterprise_script_service/mruby/src/proc.c +7 -8
- data/ext/enterprise_script_service/mruby/src/range.c +4 -12
- data/ext/enterprise_script_service/mruby/src/string.c +24 -21
- data/ext/enterprise_script_service/mruby/src/symbol.c +1 -2
- data/ext/enterprise_script_service/mruby/src/vm.c +28 -24
- data/ext/enterprise_script_service/mruby/test/t/kernel.rb +7 -0
- data/lib/script_core/version.rb +1 -1
- metadata +45 -21
- data/ext/enterprise_script_service/libseccomp/src/arch-aarch64-syscalls.c +0 -559
- data/ext/enterprise_script_service/libseccomp/src/arch-arm-syscalls.c +0 -570
- data/ext/enterprise_script_service/libseccomp/src/arch-mips-syscalls.c +0 -562
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64-syscalls.c +0 -562
- data/ext/enterprise_script_service/libseccomp/src/arch-mips64n32-syscalls.c +0 -562
- data/ext/enterprise_script_service/libseccomp/src/arch-parisc-syscalls.c +0 -542
- data/ext/enterprise_script_service/libseccomp/src/arch-ppc-syscalls.c +0 -559
- data/ext/enterprise_script_service/libseccomp/src/arch-ppc64-syscalls.c +0 -559
- data/ext/enterprise_script_service/libseccomp/src/arch-s390-syscalls.c +0 -642
- data/ext/enterprise_script_service/libseccomp/src/arch-s390x-syscalls.c +0 -642
- data/ext/enterprise_script_service/libseccomp/src/arch-x32-syscalls.c +0 -558
- data/ext/enterprise_script_service/libseccomp/src/arch-x86-syscalls.c +0 -692
- data/ext/enterprise_script_service/libseccomp/src/arch-x86_64-syscalls.c +0 -559
- data/ext/enterprise_script_service/libseccomp/tests/18-sim-basic_whitelist.tests +0 -32
- data/ext/enterprise_script_service/libseccomp/tests/34-sim-basic_blacklist.tests +0 -32
@@ -0,0 +1,61 @@
|
|
1
|
+
#!/usr/bin/env python
|
2
|
+
|
3
|
+
#
|
4
|
+
# Seccomp Library test program
|
5
|
+
#
|
6
|
+
# Copyright (c) 2019 Cisco Systems, Inc. <pmoore2@cisco.com>
|
7
|
+
# Author: Paul Moore <paul@paul-moore.com>
|
8
|
+
#
|
9
|
+
|
10
|
+
#
|
11
|
+
# This library is free software; you can redistribute it and/or modify it
|
12
|
+
# under the terms of version 2.1 of the GNU Lesser General Public License as
|
13
|
+
# published by the Free Software Foundation.
|
14
|
+
#
|
15
|
+
# This library is distributed in the hope that it will be useful, but WITHOUT
|
16
|
+
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
17
|
+
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
|
18
|
+
# for more details.
|
19
|
+
#
|
20
|
+
# You should have received a copy of the GNU Lesser General Public License
|
21
|
+
# along with this library; if not, see <http://www.gnu.org/licenses>.
|
22
|
+
#
|
23
|
+
|
24
|
+
import argparse
|
25
|
+
import os
|
26
|
+
import signal
|
27
|
+
import sys
|
28
|
+
|
29
|
+
import util
|
30
|
+
|
31
|
+
from seccomp import *
|
32
|
+
|
33
|
+
def test():
|
34
|
+
magic = os.getuid() + 1
|
35
|
+
f = SyscallFilter(ALLOW)
|
36
|
+
f.set_attr(Attr.CTL_TSYNC, 1)
|
37
|
+
f.add_rule(NOTIFY, "getuid")
|
38
|
+
f.load()
|
39
|
+
pid = os.fork()
|
40
|
+
if pid == 0:
|
41
|
+
val = os.getuid()
|
42
|
+
if val != magic:
|
43
|
+
raise RuntimeError("Response return value failed")
|
44
|
+
quit(1)
|
45
|
+
quit(0)
|
46
|
+
else:
|
47
|
+
notify = f.receive_notify()
|
48
|
+
if notify.syscall != resolve_syscall(Arch(), "getuid"):
|
49
|
+
raise RuntimeError("Notification failed")
|
50
|
+
f.respond_notify(NotificationResponse(notify, magic, 0, 0))
|
51
|
+
wpid, rc = os.waitpid(pid, 0)
|
52
|
+
if os.WIFEXITED(rc) == 0:
|
53
|
+
raise RuntimeError("Child process error")
|
54
|
+
if os.WEXITSTATUS(rc) != 0:
|
55
|
+
raise RuntimeError("Child process error")
|
56
|
+
quit(160)
|
57
|
+
|
58
|
+
test()
|
59
|
+
|
60
|
+
# kate: syntax python;
|
61
|
+
# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
|
@@ -57,7 +57,7 @@ check_PROGRAMS = \
|
|
57
57
|
15-basic-resolver \
|
58
58
|
16-sim-arch_basic \
|
59
59
|
17-sim-arch_merge \
|
60
|
-
18-sim-
|
60
|
+
18-sim-basic_allowlist \
|
61
61
|
19-sim-missing_syscalls \
|
62
62
|
20-live-basic_die \
|
63
63
|
21-live-basic_allow \
|
@@ -73,7 +73,7 @@ check_PROGRAMS = \
|
|
73
73
|
31-basic-version_check \
|
74
74
|
32-live-tsync_allow \
|
75
75
|
33-sim-socket_syscalls_be \
|
76
|
-
34-sim-
|
76
|
+
34-sim-basic_denylist \
|
77
77
|
35-sim-negative_one \
|
78
78
|
36-sim-ipc_syscalls \
|
79
79
|
37-sim-ipc_syscalls_be \
|
@@ -90,7 +90,14 @@ check_PROGRAMS = \
|
|
90
90
|
48-sim-32b_args \
|
91
91
|
49-sim-64b_comparisons \
|
92
92
|
50-sim-hash_collision \
|
93
|
-
|
93
|
+
51-live-user_notification \
|
94
|
+
52-basic-load \
|
95
|
+
53-sim-binary_tree \
|
96
|
+
54-live-binary_tree \
|
97
|
+
55-basic-pfc_binary_tree \
|
98
|
+
56-basic-iterate_syscalls \
|
99
|
+
57-basic-rawsysrc \
|
100
|
+
58-live-tsync_notify
|
94
101
|
|
95
102
|
EXTRA_DIST_TESTPYTHON = \
|
96
103
|
util.py \
|
@@ -111,7 +118,7 @@ EXTRA_DIST_TESTPYTHON = \
|
|
111
118
|
15-basic-resolver.py \
|
112
119
|
16-sim-arch_basic.py \
|
113
120
|
17-sim-arch_merge.py \
|
114
|
-
18-sim-
|
121
|
+
18-sim-basic_allowlist.py \
|
115
122
|
19-sim-missing_syscalls.py \
|
116
123
|
20-live-basic_die.py \
|
117
124
|
21-live-basic_allow.py \
|
@@ -127,7 +134,7 @@ EXTRA_DIST_TESTPYTHON = \
|
|
127
134
|
31-basic-version_check.py \
|
128
135
|
32-live-tsync_allow.py \
|
129
136
|
33-sim-socket_syscalls_be.py \
|
130
|
-
34-sim-
|
137
|
+
34-sim-basic_denylist.py \
|
131
138
|
35-sim-negative_one.py \
|
132
139
|
36-sim-ipc_syscalls.py \
|
133
140
|
37-sim-ipc_syscalls_be.py \
|
@@ -143,7 +150,13 @@ EXTRA_DIST_TESTPYTHON = \
|
|
143
150
|
48-sim-32b_args.py \
|
144
151
|
49-sim-64b_comparisons.py \
|
145
152
|
50-sim-hash_collision.py \
|
146
|
-
|
153
|
+
51-live-user_notification.py \
|
154
|
+
52-basic-load.py \
|
155
|
+
53-sim-binary_tree.py \
|
156
|
+
54-live-binary_tree.py \
|
157
|
+
56-basic-iterate_syscalls.py \
|
158
|
+
57-basic-rawsysrc.py \
|
159
|
+
58-live-tsync_notify.py
|
147
160
|
|
148
161
|
EXTRA_DIST_TESTCFGS = \
|
149
162
|
01-sim-allow.tests \
|
@@ -163,7 +176,7 @@ EXTRA_DIST_TESTCFGS = \
|
|
163
176
|
15-basic-resolver.tests \
|
164
177
|
16-sim-arch_basic.tests \
|
165
178
|
17-sim-arch_merge.tests \
|
166
|
-
18-sim-
|
179
|
+
18-sim-basic_allowlist.tests \
|
167
180
|
19-sim-missing_syscalls.tests \
|
168
181
|
20-live-basic_die.tests \
|
169
182
|
21-live-basic_allow.tests \
|
@@ -179,7 +192,7 @@ EXTRA_DIST_TESTCFGS = \
|
|
179
192
|
31-basic-version_check.tests \
|
180
193
|
32-live-tsync_allow.tests \
|
181
194
|
33-sim-socket_syscalls_be.tests \
|
182
|
-
34-sim-
|
195
|
+
34-sim-basic_denylist.tests \
|
183
196
|
35-sim-negative_one.tests \
|
184
197
|
36-sim-ipc_syscalls.tests \
|
185
198
|
37-sim-ipc_syscalls_be.tests \
|
@@ -196,10 +209,18 @@ EXTRA_DIST_TESTCFGS = \
|
|
196
209
|
48-sim-32b_args.tests \
|
197
210
|
49-sim-64b_comparisons.tests \
|
198
211
|
50-sim-hash_collision.tests \
|
199
|
-
|
212
|
+
51-live-user_notification.tests \
|
213
|
+
52-basic-load.tests \
|
214
|
+
53-sim-binary_tree.tests \
|
215
|
+
54-live-binary_tree.tests \
|
216
|
+
55-basic-pfc_binary_tree.tests \
|
217
|
+
56-basic-iterate_syscalls.tests \
|
218
|
+
57-basic-rawsysrc.tests \
|
219
|
+
58-live-tsync_notify.tests
|
200
220
|
|
201
221
|
EXTRA_DIST_TESTSCRIPTS = \
|
202
|
-
38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc
|
222
|
+
38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc \
|
223
|
+
55-basic-pfc_binary_tree.sh 55-basic-pfc_binary_tree.pfc
|
203
224
|
|
204
225
|
EXTRA_DIST_TESTTOOLS = regression testdiff testgen
|
205
226
|
|
@@ -25,7 +25,8 @@ GLBL_ARCH_LE_SUPPORT=" \
|
|
25
25
|
x86 x86_64 x32 \
|
26
26
|
arm aarch64 \
|
27
27
|
mipsel mipsel64 mipsel64n32 \
|
28
|
-
ppc64le
|
28
|
+
ppc64le \
|
29
|
+
riscv64"
|
29
30
|
GLBL_ARCH_BE_SUPPORT=" \
|
30
31
|
mips mips64 mips64n32 \
|
31
32
|
parisc parisc64 \
|
@@ -46,6 +47,7 @@ GLBL_ARCH_64B_SUPPORT=" \
|
|
46
47
|
mips64 \
|
47
48
|
parisc64 \
|
48
49
|
ppc64 \
|
50
|
+
riscv64 \
|
49
51
|
s390x"
|
50
52
|
|
51
53
|
GLBL_SYS_ARCH="../tools/scmp_arch_detect"
|
@@ -270,7 +272,8 @@ function generate_random_data() {
|
|
270
272
|
else
|
271
273
|
rcount=$[ ($RANDOM % 8) + 1 ]
|
272
274
|
fi
|
273
|
-
rdata=$(
|
275
|
+
rdata=$(dd if=/dev/urandom bs=64 count=1 status=none | \
|
276
|
+
md5sum | awk '{ print $1 }' | head -c"$rcount")
|
274
277
|
echo "$rdata"
|
275
278
|
}
|
276
279
|
|
@@ -777,7 +780,7 @@ function run_test_live() {
|
|
777
780
|
|
778
781
|
# setup the arch specific return values
|
779
782
|
case "$arch" in
|
780
|
-
x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x)
|
783
|
+
x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64)
|
781
784
|
rc_kill_process=159
|
782
785
|
rc_kill=159
|
783
786
|
rc_allow=160
|
@@ -200,14 +200,14 @@ int util_file_write(const char *path)
|
|
200
200
|
|
201
201
|
fd = open(path, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
|
202
202
|
if (fd < 0)
|
203
|
-
return errno;
|
203
|
+
return -errno;
|
204
204
|
if (write(fd, buf, buf_len) < buf_len) {
|
205
|
-
int rc = errno;
|
205
|
+
int rc = -errno;
|
206
206
|
close(fd);
|
207
207
|
return rc;
|
208
208
|
}
|
209
209
|
if (close(fd) < 0)
|
210
|
-
return errno;
|
210
|
+
return -errno;
|
211
211
|
|
212
212
|
return 0;
|
213
213
|
}
|
@@ -288,7 +288,7 @@ static void bpf_decode_args(const bpf_instr_raw *bpf, unsigned int line)
|
|
288
288
|
* @param file the BPF program
|
289
289
|
*
|
290
290
|
* Read the BPF program and display the instructions. Returns zero on success,
|
291
|
-
*
|
291
|
+
* non-zero values on failure.
|
292
292
|
*
|
293
293
|
*/
|
294
294
|
static int bpf_decode(FILE *file)
|
@@ -424,7 +424,7 @@ static void bpf_dot_decode_args(const bpf_instr_raw *bpf, unsigned int line)
|
|
424
424
|
* @param file the BPF program
|
425
425
|
*
|
426
426
|
* Read the BPF program and display the instructions. Returns zero on success,
|
427
|
-
*
|
427
|
+
* non-zero values on failure.
|
428
428
|
*
|
429
429
|
*/
|
430
430
|
static int bpf_dot_decode(FILE *file)
|
@@ -508,6 +508,8 @@ int main(int argc, char *argv[])
|
|
508
508
|
arch = AUDIT_ARCH_S390;
|
509
509
|
else if (strcmp(optarg, "s390x") == 0)
|
510
510
|
arch = AUDIT_ARCH_S390X;
|
511
|
+
else if (strcmp(optarg, "riscv64") == 0)
|
512
|
+
arch = AUDIT_ARCH_RISCV64;
|
511
513
|
else
|
512
514
|
exit_usage(argv[0]);
|
513
515
|
break;
|
@@ -285,6 +285,8 @@ int main(int argc, char *argv[])
|
|
285
285
|
arch = AUDIT_ARCH_S390;
|
286
286
|
else if (strcmp(optarg, "s390x") == 0)
|
287
287
|
arch = AUDIT_ARCH_S390X;
|
288
|
+
else if (strcmp(optarg, "riscv64") == 0)
|
289
|
+
arch = AUDIT_ARCH_RISCV64;
|
288
290
|
else
|
289
291
|
exit_fault(EINVAL);
|
290
292
|
break;
|
@@ -78,6 +78,8 @@
|
|
78
78
|
#define ARCH_NATIVE AUDIT_ARCH_S390X
|
79
79
|
#elif __s390__
|
80
80
|
#define ARCH_NATIVE AUDIT_ARCH_S390
|
81
|
+
#elif __riscv && __riscv_xlen == 64
|
82
|
+
#define ARCH_NATIVE AUDIT_ARCH_RISCV64
|
81
83
|
#else
|
82
84
|
#error the simulator code needs to know about your machine type
|
83
85
|
#endif
|
@@ -87,15 +89,15 @@ uint32_t arch = ARCH_NATIVE;
|
|
87
89
|
|
88
90
|
/**
|
89
91
|
* Convert a 16-bit target integer into the host's endianess
|
90
|
-
* @param
|
92
|
+
* @param arch_token the architecture token
|
91
93
|
* @param val the 16-bit integer
|
92
94
|
*
|
93
95
|
* Convert the endianess of the supplied value and return it to the caller.
|
94
96
|
*
|
95
97
|
*/
|
96
|
-
uint16_t ttoh16(uint32_t
|
98
|
+
uint16_t ttoh16(uint32_t arch_token, uint16_t val)
|
97
99
|
{
|
98
|
-
if (
|
100
|
+
if (arch_token & __AUDIT_ARCH_LE)
|
99
101
|
return le16toh(val);
|
100
102
|
else
|
101
103
|
return be16toh(val);
|
@@ -103,15 +105,15 @@ uint16_t ttoh16(uint32_t arch, uint16_t val)
|
|
103
105
|
|
104
106
|
/**
|
105
107
|
* Convert a 32-bit target integer into the host's endianess
|
106
|
-
* @param
|
108
|
+
* @param arch_token the architecture token
|
107
109
|
* @param val the 32-bit integer
|
108
110
|
*
|
109
111
|
* Convert the endianess of the supplied value and return it to the caller.
|
110
112
|
*
|
111
113
|
*/
|
112
|
-
uint32_t ttoh32(uint32_t
|
114
|
+
uint32_t ttoh32(uint32_t arch_token, uint32_t val)
|
113
115
|
{
|
114
|
-
if (
|
116
|
+
if (arch_token & __AUDIT_ARCH_LE)
|
115
117
|
return le32toh(val);
|
116
118
|
else
|
117
119
|
return be32toh(val);
|
@@ -119,15 +121,15 @@ uint32_t ttoh32(uint32_t arch, uint32_t val)
|
|
119
121
|
|
120
122
|
/**
|
121
123
|
* Convert a 32-bit host integer into the target's endianess
|
122
|
-
* @param
|
124
|
+
* @param arch_token the architecture token
|
123
125
|
* @param val the 32-bit integer
|
124
126
|
*
|
125
127
|
* Convert the endianess of the supplied value and return it to the caller.
|
126
128
|
*
|
127
129
|
*/
|
128
|
-
uint32_t htot32(uint32_t
|
130
|
+
uint32_t htot32(uint32_t arch_token, uint32_t val)
|
129
131
|
{
|
130
|
-
if (
|
132
|
+
if (arch_token & __AUDIT_ARCH_LE)
|
131
133
|
return htole32(val);
|
132
134
|
else
|
133
135
|
return htobe32(val);
|
@@ -135,15 +137,15 @@ uint32_t htot32(uint32_t arch, uint32_t val)
|
|
135
137
|
|
136
138
|
/**
|
137
139
|
* Convert a 64-bit host integer into the target's endianess
|
138
|
-
* @param
|
140
|
+
* @param arch_token the architecture token
|
139
141
|
* @param val the 64-bit integer
|
140
142
|
*
|
141
143
|
* Convert the endianess of the supplied value and return it to the caller.
|
142
144
|
*
|
143
145
|
*/
|
144
|
-
uint64_t htot64(uint32_t
|
146
|
+
uint64_t htot64(uint32_t arch_token, uint64_t val)
|
145
147
|
{
|
146
|
-
if (
|
148
|
+
if (arch_token & __AUDIT_ARCH_LE)
|
147
149
|
return htole64(val);
|
148
150
|
else
|
149
151
|
return htobe64(val);
|
@@ -72,6 +72,13 @@
|
|
72
72
|
#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
|
73
73
|
#endif
|
74
74
|
|
75
|
+
#ifndef AUDIT_ARCH_RISCV64
|
76
|
+
#ifndef EM_RISCV
|
77
|
+
#define EM_RISCV 243
|
78
|
+
#endif /* EM_RISCV */
|
79
|
+
#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
|
80
|
+
#endif /* AUDIT_ARCH_RISCV64 */
|
81
|
+
|
75
82
|
extern uint32_t arch;
|
76
83
|
|
77
84
|
uint16_t ttoh16(uint32_t arch, uint16_t val);
|
@@ -0,0 +1,51 @@
|
|
1
|
+
name: "Code scanning - action"
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
pull_request:
|
6
|
+
schedule:
|
7
|
+
- cron: '0 19 * * 4'
|
8
|
+
|
9
|
+
jobs:
|
10
|
+
CodeQL-Build:
|
11
|
+
|
12
|
+
runs-on: ubuntu-latest
|
13
|
+
|
14
|
+
steps:
|
15
|
+
- name: Checkout repository
|
16
|
+
uses: actions/checkout@v2
|
17
|
+
with:
|
18
|
+
# We must fetch at least the immediate parents so that if this is
|
19
|
+
# a pull request then we can checkout the head.
|
20
|
+
fetch-depth: 2
|
21
|
+
|
22
|
+
# If this run was triggered by a pull request event, then checkout
|
23
|
+
# the head of the pull request instead of the merge commit.
|
24
|
+
- run: git checkout HEAD^2
|
25
|
+
if: ${{ github.event_name == 'pull_request' }}
|
26
|
+
|
27
|
+
# Initializes the CodeQL tools for scanning.
|
28
|
+
- name: Initialize CodeQL
|
29
|
+
uses: github/codeql-action/init@v1
|
30
|
+
# Override language selection by uncommenting this and choosing your languages
|
31
|
+
# with:
|
32
|
+
# languages: go, javascript, csharp, python, cpp, java
|
33
|
+
|
34
|
+
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
35
|
+
# If this step fails, then you should remove it and run the build manually (see below)
|
36
|
+
- name: Autobuild
|
37
|
+
uses: github/codeql-action/autobuild@v1
|
38
|
+
|
39
|
+
# ℹ️ Command-line programs to run using the OS shell.
|
40
|
+
# 📚 https://git.io/JvXDl
|
41
|
+
|
42
|
+
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
|
43
|
+
# and modify them (or add more) to build your code if your project
|
44
|
+
# uses a compiled language
|
45
|
+
|
46
|
+
#- run: |
|
47
|
+
# make bootstrap
|
48
|
+
# make release
|
49
|
+
|
50
|
+
- name: Perform CodeQL Analysis
|
51
|
+
uses: github/codeql-action/analyze@v1
|