seccomp-tools 1.4.0 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2726a64dc089ec7c492cedad9a98d500c656dce84ca593a505d95a42cd07906c
-  data.tar.gz: c8d3eec04aa38ead5bac1727bb4a1a29199283e648b902edb38df2a7fc4e539f
+  metadata.gz: fa755fd2e7ed97279b094dfa28bd668aef4ee638005f0b38405066502fc8a30d
+  data.tar.gz: 56b0d51796d97a89f67262c36716833d078ce19ea6b58fbb83c2f8bee88b8685
 SHA512:
-  metadata.gz: 2639ed20158afda2cc96dfeb16899f417d50180da548b4a45a0024c12119d0b9908649979fb9ab00287d41478f507eb6740ffda855aa238cd82755d774ca82de
-  data.tar.gz: 6e6df86398ee4bde9ff9c54647dc5af95eb03e40001cf6117077afeecf20ecaed12f6e3f53b47bda1e2908094632c12e9d7faee3ee72c2422d7665016e583eff
+  metadata.gz: 027f57a717cb63fadeefd4a60213115a27ed51bb1eb3e6b58251690ed7c1d42335086ff4448b480296b77d395ba2e8718fa662e227394abfddaf80b19b769b74
+  data.tar.gz: f6aca254b4a43d6c60d5df7e6694b976de1e56fbb6d6585bd46fd17c0849820d76c81f25bbc872dc785576e05eeaaab5d0276a3f065b730988973c5073ace761

data/README.md

@@ -1,4 +1,4 @@
-[![Build Status](https://travis-ci.org/david942j/seccomp-tools.svg?branch=master)](https://travis-ci.org/david942j/seccomp-tools)
+[![Build Status](https://github.com/david942j/seccomp-tools/workflows/build/badge.svg)](https://github.com/david942j/seccomp-tools/actions)
 [![Dependabot Status](https://api.dependabot.com/badges/status?host=github&repo=david942j/seccomp-tools)](https://dependabot.com)
 [![Code Climate](https://codeclimate.com/github/david942j/seccomp-tools/badges/gpa.svg)](https://codeclimate.com/github/david942j/seccomp-tools)
 [![Issue Count](https://codeclimate.com/github/david942j/seccomp-tools/badges/issue_count.svg)](https://codeclimate.com/github/david942j/seccomp-tools)
@@ -54,6 +54,7 @@ $ seccomp-tools --help
 
 $ seccomp-tools dump --help
 # dump - Automatically dump seccomp bpf from execution file(s).
+# NOTE : This function is only available on Linux.
 #
 # Usage: seccomp-tools dump [exec] [options]
 #     -c, --sh-exec <command>          Executes the given command (via sh).
@@ -169,7 +170,7 @@ $ seccomp-tools asm
 #     -f, --format FORMAT              Output format. FORMAT can only be one of <inspect|raw|c_array|c_source|assembly>.
 #                                      Default: inspect
 #     -a, --arch ARCH                  Specify architecture.
-#                                      Supported architectures are <amd64|i386>.
+#                                      Supported architectures are <aarch64|amd64|i386>.
 #                                      Default: amd64
 
 # Input file for asm
@@ -267,7 +268,7 @@ $ seccomp-tools emu --help
 #
 # Usage: seccomp-tools emu [options] BPF_FILE [sys_nr [arg0 [arg1 ... arg5]]]
 #     -a, --arch ARCH                  Specify architecture.
-#                                      Supported architectures are <amd64|i386>.
+#                                      Supported architectures are <aarch64|amd64|i386>.
 #                                      Default: amd64
 #     -q, --[no-]quiet                 Run quietly, only show emulation result.
 
@@ -300,6 +301,13 @@ $ seccomp-tools emu spec/data/libseccomp.bpf write 0x3
 
 ![emu](https://github.com/david942j/seccomp-tools/blob/master/examples/emu-amigo.png?raw=true)
 
+## Architecture Supported
+
+- [x] x86_64
+- [x] x32
+- [x] x86
+- [x] arm64 (Thanks to @saagarjha!)
+
 ## Development
 
 I recommend to use [rbenv](https://github.com/rbenv/rbenv) for your Ruby environment.

data/ext/ptrace/ptrace.c

@@ -1,7 +1,15 @@
+// ptrace is only available on Linux, therefore let this file be an empty
+// object when installing on other platforms.
+#if __linux__
+
+#include <assert.h>
 #include <errno.h>
+#include <linux/elf.h>
 #include <linux/filter.h>
+#include <stdint.h>
 #include <sys/ptrace.h>
 #include <sys/signal.h>
+#include <sys/uio.h>
 #include <sys/wait.h>
 
 #include "ruby.h"
@@ -19,10 +27,53 @@ ptrace_peekdata(VALUE _mod, VALUE pid, VALUE addr, VALUE _data) {
   return LONG2NUM(val);  
 }
 
+// aarch64 doesn't support PTRACE_PEEKUSER, but it does support
+// PTRACE_GETREGSET which is fairly similar. Since i386 and x86_64 support it
+// too, just use that unconditionally to present the same API for the registers
+// we care about.
 static VALUE
-ptrace_peekuser(VALUE _mod, VALUE pid, VALUE off, VALUE _data) {
-  long val = ptrace(PTRACE_PEEKUSER, NUM2LONG(pid), NUM2LONG(off), NULL);
-  return LONG2NUM(val);  
+ptrace_peekuser(VALUE _mod, VALUE pid, VALUE off, VALUE _data, VALUE bits) {
+  size_t offset = NUM2LONG(off);
+  // Unless your registers fill an entire page, an offset greater than this is
+  // probably wrong.
+  if (offset >= 4096) {
+    return LONG2NUM(-1);
+  }
+  size_t width = NUM2LONG(bits);
+  if (width != 32 && width != 64) {
+    return LONG2NUM(-1);
+  }
+  width /= 8;
+  union {
+    uint32_t val32;
+    uint64_t val64;
+  } val;
+  // Dynamically allocate a buffer to store registers-well, at least enough
+  // registers to reach the offset we want. Normally we'd want to use
+  // user_pt_regs or similar, but it's difficult to find it available in the
+  // the same header across different versions of Linux or libcs, or even with
+  // the same *name*, so this is the compromise.
+  size_t size = offset + width;
+  char *regs = malloc(size);
+  if (!regs) {
+    return LONG2NUM(-1);
+  }
+  struct iovec vec = { regs, size };
+  if (ptrace(PTRACE_GETREGSET, NUM2LONG(pid), NT_PRSTATUS, &vec) != -1 && vec.iov_len >= size) {
+    memcpy(&val, regs + offset, width);
+  } else {
+    free(regs);
+    return LONG2NUM(-1);
+  }
+  free(regs);
+  if (width == sizeof(val.val32)) {
+    return LONG2NUM(val.val32);
+  } else if (width == sizeof(val.val64)) {
+    return LONG2NUM(val.val64);
+  } else {
+    assert(!"Unreachable");
+    return LONG2NUM(-1);
+  }
 }
 
 static VALUE
@@ -107,7 +158,7 @@ void Init_ptrace(void) {
   /* get data */
   rb_define_module_function(mPtrace, "peekdata", ptrace_peekdata, 3);
   /* get registers */
-  rb_define_module_function(mPtrace, "peekuser", ptrace_peekuser, 3);
+  rb_define_module_function(mPtrace, "peekuser", ptrace_peekuser, 4);
   /* set ptrace options */
   rb_define_module_function(mPtrace, "setoptions", ptrace_setoptions, 3);
   /* wait for syscall */
@@ -124,3 +175,4 @@ void Init_ptrace(void) {
   rb_define_module_function(mPtrace, "detach", ptrace_detach, 1);
 }
 
+#endif  /* __linux__ */

data/lib/seccomp-tools/asm/compiler.rb

@@ -200,7 +200,7 @@ module SeccompTools
         token.fetch('goto') ||
           token.fetch('jmp') ||
           token.fetch('jump') ||
-          raise(ArgumentError, 'Invalid jump alias: ' + token.cur.inspect)
+          raise(ArgumentError, "Invalid jump alias: #{token.cur.inspect}")
         target = token.fetch!(:goto)
         [:jmp_abs, target]
       end
@@ -254,7 +254,7 @@ module SeccompTools
               token.fetch('sys_number') ||
               token.fetch('arch') ||
               token.fetch('len') ||
-              raise(ArgumentError, 'Invalid source: ' + token.cur.inspect)
+              raise(ArgumentError, "Invalid source: #{token.cur.inspect}")
         [:assign, dst, src]
       end
 
@@ -291,7 +291,7 @@ module SeccompTools
 
       def invalid(line, extra_msg = nil)
         message = "Invalid instruction at line #{line + 1}: #{@input[line].inspect}"
-        message += "\n" + 'Error: ' + extra_msg if extra_msg
+        message += "\nError: #{extra_msg}" if extra_msg
         raise ArgumentError, message
       end
     end

data/lib/seccomp-tools/bpf.rb

@@ -34,10 +34,10 @@ module SeccompTools
     def initialize(raw, arch, line)
       if raw.is_a?(String)
         io = ::StringIO.new(raw)
-        @code = io.read(2).unpack('S').first
+        @code = io.read(2).unpack1('S')
         @jt = io.read(1).ord
         @jf = io.read(1).ord
-        @k = io.read(4).unpack('L').first
+        @k = io.read(4).unpack1('L')
       else
         @code = raw[:code]
         @jt = raw[:jt]

data/lib/seccomp-tools/cli/asm.rb

@@ -10,7 +10,7 @@ module SeccompTools
       # Summary of this command.
       SUMMARY = 'Seccomp bpf assembler.'
       # Usage of this command.
-      USAGE = ('asm - ' + SUMMARY + "\n\n" + 'Usage: seccomp-tools asm IN_FILE [options]').freeze
+      USAGE = "asm - #{SUMMARY}\n\nUsage: seccomp-tools asm IN_FILE [options]"
 
       def initialize(*)
         super
@@ -47,7 +47,7 @@ module SeccompTools
         res = SeccompTools::Asm.asm(input, arch: option[:arch])
         output do
           case option[:format]
-          when :inspect then res.inspect + "\n"
+          when :inspect then "#{res.inspect}\n"
           when :raw then res
           when :c_array, :carray then "unsigned char bpf[] = {#{res.bytes.join(',')}};\n"
           when :c_source then SeccompTools::Util.template('asm.c').sub('<TO_BE_REPLACED>', res.bytes.join(','))

data/lib/seccomp-tools/cli/base.rb

@@ -39,7 +39,7 @@ module SeccompTools
       # @return [String]
       #   String read from file.
       def input
-        option[:ifile] == '-' ? STDIN.read.force_encoding('ascii-8bit') : IO.binread(option[:ifile])
+        option[:ifile] == '-' ? $stdin.read.force_encoding('ascii-8bit') : IO.binread(option[:ifile])
       end
 
       # Write data to stdout or file(s).

data/lib/seccomp-tools/cli/disasm.rb

@@ -10,7 +10,7 @@ module SeccompTools
       # Summary of this command.
       SUMMARY = 'Disassemble seccomp bpf.'
       # Usage of this command.
-      USAGE = ('disasm - ' + SUMMARY + "\n\n" + 'Usage: seccomp-tools disasm BPF_FILE [options]').freeze
+      USAGE = "disasm - #{SUMMARY}\n\nUsage: seccomp-tools disasm BPF_FILE [options]"
 
       # Define option parser.
       # @return [OptionParser]

data/lib/seccomp-tools/cli/dump.rb

@@ -14,7 +14,8 @@ module SeccompTools
       # Summary of this command.
       SUMMARY = 'Automatically dump seccomp bpf from execution file(s).'
       # Usage of this command.
-      USAGE = ('dump - ' + SUMMARY + "\n\n" + 'Usage: seccomp-tools dump [exec] [options]').freeze
+      USAGE = "dump - #{SUMMARY}\nNOTE : This function is only available on Linux." \
+              "\n\nUsage: seccomp-tools dump [exec] [options]"
 
       def initialize(*)
         super
@@ -64,11 +65,12 @@ module SeccompTools
       # Handle options.
       # @return [void]
       def handle
+        return Logger.error('Dump is only available on Linux.') unless Dumper::SUPPORTED
         return unless super
 
         block = lambda do |bpf, arch|
           case option[:format]
-          when :inspect then output { '"' + bpf.bytes.map { |b| format('\\x%02X', b) }.join + "\"\n" }
+          when :inspect then output { "\"#{bpf.bytes.map { |b| format('\\x%02X', b) }.join}\"\n" }
           when :raw then output { bpf }
           when :disasm then output { SeccompTools::Disasm.disasm(bpf, arch: arch) }
           end

data/lib/seccomp-tools/cli/emu.rb

@@ -15,10 +15,7 @@ module SeccompTools
       # Summary of this command.
       SUMMARY = 'Emulate seccomp rules.'
       # Usage of this command.
-      USAGE = ('emu - ' +
-               SUMMARY +
-               "\n\n" \
-               'Usage: seccomp-tools emu [options] BPF_FILE [sys_nr [arg0 [arg1 ... arg5]]]').freeze
+      USAGE = "emu - #{SUMMARY}\n\nUsage: seccomp-tools emu [options] BPF_FILE [sys_nr [arg0 [arg1 ... arg5]]]"
 
       def initialize(*)
         super

data/lib/seccomp-tools/const.rb

@@ -59,6 +59,8 @@ module SeccompTools
         KILL: 0x00000000, # alias of KILL_THREAD
         TRAP: 0x00030000,
         ERRNO: 0x00050000,
+        USER_NOTIF: 0x7fc00000,
+        LOG: 0x7ffc0000,
         TRACE: 0x7ff00000,
         ALLOW: 0x7fff0000
       }.freeze
@@ -120,17 +122,28 @@ module SeccompTools
 
         const_set(cons, instance_eval(IO.read(filename)))
       end
+
+      def load_args
+        hash = instance_eval(IO.read(File.join(__dir__, 'consts', 'sys_arg.rb')))
+        Hash.new do |_h, k|
+          next hash[k] if hash[k]
+          next hash[k.to_s[4..-1].to_sym] if k.to_s.start_with?('x32_')
+
+          nil
+        end
+      end
     end
 
     # The argument names of all syscalls.
-    SYS_ARG = instance_eval(IO.read(File.join(__dir__, 'consts', 'sys_arg.rb'))).freeze
+    SYS_ARG = Syscall.load_args.freeze
 
     # Constants from https://github.com/torvalds/linux/blob/master/include/uapi/linux/audit.h.
     module Audit
       # AUDIT_ARCH_*
       ARCH = {
         'ARCH_X86_64' => 0xc000003e,
-        'ARCH_I386' => 0x40000003
+        'ARCH_I386' => 0x40000003,
+        'ARCH_AARCH64' => 0xc00000b7
       }.freeze
     end
   end

data/lib/seccomp-tools/consts/sys_nr/aarch64.rb

@@ -0,0 +1,284 @@
+# frozen_string_literal: true
+
+{
+  io_setup: 0,
+  io_destroy: 1,
+  io_submit: 2,
+  io_cancel: 3,
+  io_getevents: 4,
+  setxattr: 5,
+  lsetxattr: 6,
+  fsetxattr: 7,
+  getxattr: 8,
+  lgetxattr: 9,
+  fgetxattr: 10,
+  listxattr: 11,
+  llistxattr: 12,
+  flistxattr: 13,
+  removexattr: 14,
+  lremovexattr: 15,
+  fremovexattr: 16,
+  getcwd: 17,
+  lookup_dcookie: 18,
+  eventfd2: 19,
+  epoll_create1: 20,
+  epoll_ctl: 21,
+  epoll_pwait: 22,
+  dup: 23,
+  dup3: 24,
+  fcntl: 25,
+  inotify_init1: 26,
+  inotify_add_watch: 27,
+  inotify_rm_watch: 28,
+  ioctl: 29,
+  ioprio_set: 30,
+  ioprio_get: 31,
+  flock: 32,
+  mknodat: 33,
+  mkdirat: 34,
+  unlinkat: 35,
+  symlinkat: 36,
+  linkat: 37,
+  renameat: 38,
+  umount2: 39,
+  mount: 40,
+  pivot_root: 41,
+  nfsservctl: 42,
+  statfs: 43,
+  fstatfs: 44,
+  truncate: 45,
+  ftruncate: 46,
+  fallocate: 47,
+  faccessat: 48,
+  chdir: 49,
+  fchdir: 50,
+  chroot: 51,
+  fchmod: 52,
+  fchmodat: 53,
+  fchownat: 54,
+  fchown: 55,
+  openat: 56,
+  close: 57,
+  vhangup: 58,
+  pipe2: 59,
+  quotactl: 60,
+  getdents: 61,
+  getdents64: 61,
+  lseek: 62,
+  read: 63,
+  write: 64,
+  readv: 65,
+  writev: 66,
+  pread: 67,
+  pread64: 67,
+  pwrite: 68,
+  pwrite64: 68,
+  preadv: 69,
+  pwritev: 70,
+  sendfile: 71,
+  pselect6: 72,
+  ppoll: 73,
+  signalfd4: 74,
+  vmsplice: 75,
+  splice: 76,
+  tee: 77,
+  readlinkat: 78,
+  newfstatat: 79,
+  fstat: 80,
+  newfstat: 80,
+  sync: 81,
+  fsync: 82,
+  fdatasync: 83,
+  sync_file_range: 84,
+  timerfd_create: 85,
+  timerfd_settime: 86,
+  timerfd_gettime: 87,
+  utimensat: 88,
+  acct: 89,
+  capget: 90,
+  capset: 91,
+  personality: 92,
+  exit: 93,
+  exit_group: 94,
+  waitid: 95,
+  set_tid_address: 96,
+  unshare: 97,
+  futex: 98,
+  set_robust_list: 99,
+  get_robust_list: 100,
+  nanosleep: 101,
+  getitimer: 102,
+  setitimer: 103,
+  kexec_load: 104,
+  init_module: 105,
+  delete_module: 106,
+  timer_create: 107,
+  timer_gettime: 108,
+  timer_getoverrun: 109,
+  timer_settime: 110,
+  timer_delete: 111,
+  clock_settime: 112,
+  clock_gettime: 113,
+  clock_getres: 114,
+  clock_nanosleep: 115,
+  syslog: 116,
+  ptrace: 117,
+  sched_setparam: 118,
+  sched_setscheduler: 119,
+  sched_getscheduler: 120,
+  sched_getparam: 121,
+  sched_setaffinity: 122,
+  sched_getaffinity: 123,
+  sched_yield: 124,
+  sched_get_priority_max: 125,
+  sched_get_priority_min: 126,
+  sched_rr_get_interval: 127,
+  restart_syscall: 128,
+  kill: 129,
+  tkill: 130,
+  tgkill: 131,
+  sigaltstack: 132,
+  rt_sigsuspend: 133,
+  rt_sigaction: 134,
+  rt_sigprocmask: 135,
+  rt_sigpending: 136,
+  rt_sigtimedwait: 137,
+  rt_sigqueueinfo: 138,
+  rt_sigreturn: 139,
+  setpriority: 140,
+  getpriority: 141,
+  reboot: 142,
+  setregid: 143,
+  setgid: 144,
+  setreuid: 145,
+  setuid: 146,
+  setresuid: 147,
+  getresuid: 148,
+  setresgid: 149,
+  getresgid: 150,
+  setfsuid: 151,
+  setfsgid: 152,
+  times: 153,
+  setpgid: 154,
+  getpgid: 155,
+  getsid: 156,
+  setsid: 157,
+  getgroups: 158,
+  setgroups: 159,
+  uname: 160,
+  sethostname: 161,
+  setdomainname: 162,
+  getrlimit: 163,
+  setrlimit: 164,
+  getrusage: 165,
+  umask: 166,
+  prctl: 167,
+  getcpu: 168,
+  gettimeofday: 169,
+  settimeofday: 170,
+  adjtimex: 171,
+  getpid: 172,
+  getppid: 173,
+  getuid: 174,
+  geteuid: 175,
+  getgid: 176,
+  getegid: 177,
+  gettid: 178,
+  sysinfo: 179,
+  mq_open: 180,
+  mq_unlink: 181,
+  mq_timedsend: 182,
+  mq_timedreceive: 183,
+  mq_notify: 184,
+  mq_getsetattr: 185,
+  msgget: 186,
+  msgctl: 187,
+  msgrcv: 188,
+  msgsnd: 189,
+  semget: 190,
+  semctl: 191,
+  semtimedop: 192,
+  semop: 193,
+  shmget: 194,
+  shmctl: 195,
+  shmat: 196,
+  shmdt: 197,
+  socket: 198,
+  socketpair: 199,
+  bind: 200,
+  listen: 201,
+  accept: 202,
+  connect: 203,
+  getsockname: 204,
+  getpeername: 205,
+  sendto: 206,
+  recvfrom: 207,
+  setsockopt: 208,
+  getsockopt: 209,
+  shutdown: 210,
+  sendmsg: 211,
+  recvmsg: 212,
+  readahead: 213,
+  brk: 214,
+  munmap: 215,
+  mremap: 216,
+  add_key: 217,
+  request_key: 218,
+  keyctl: 219,
+  clone: 220,
+  execve: 221,
+  mmap: 222,
+  fadvise64: 223,
+  swapon: 224,
+  swapoff: 225,
+  mprotect: 226,
+  msync: 227,
+  mlock: 228,
+  munlock: 229,
+  mlockall: 230,
+  munlockall: 231,
+  mincore: 232,
+  madvise: 233,
+  remap_file_pages: 234,
+  mbind: 235,
+  get_mempolicy: 236,
+  set_mempolicy: 237,
+  migrate_pages: 238,
+  move_pages: 239,
+  rt_tgsigqueueinfo: 240,
+  perf_event_open: 241,
+  accept4: 242,
+  recvmmsg: 243,
+  wait4: 260,
+  prlimit64: 261,
+  fanotify_init: 262,
+  fanotify_mark: 263,
+  name_to_handle_at: 264,
+  open_by_handle_at: 265,
+  clock_adjtime: 266,
+  syncfs: 267,
+  setns: 268,
+  sendmmsg: 269,
+  process_vm_readv: 270,
+  process_vm_writev: 271,
+  kcmp: 272,
+  finit_module: 273,
+  sched_setattr: 274,
+  sched_getattr: 275,
+  renameat2: 276,
+  seccomp: 277,
+  getrandom: 278,
+  memfd_create: 279,
+  bpf: 280,
+  execveat: 281,
+  userfaultfd: 282,
+  membarrier: 283,
+  mlock2: 284,
+  copy_file_range: 285,
+  preadv2: 286,
+  pwritev2: 287,
+  pkey_mprotect: 288,
+  pkey_alloc: 289,
+  pkey_free: 290,
+  statx: 291
+}

data/lib/seccomp-tools/consts/sys_nr/amd64.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+X32_MODE_BIT = 0x40000000
 {
   read: 0,
   write: 1,
@@ -18,7 +19,9 @@
   rt_sigprocmask: 14,
   rt_sigreturn: 15,
   ioctl: 16,
+  pread: 17,
   pread64: 17,
+  pwrite: 18,
   pwrite64: 18,
   readv: 19,
   writev: 20,
@@ -334,4 +337,4 @@
   pkey_alloc: 330,
   pkey_free: 331,
   statx: 332
-}
+}.tap { |h| h.keys.each { |k| h["x32_#{k}".to_sym] = h[k] | X32_MODE_BIT } } # rubocop:disable Style/HashEachMethods

data/lib/seccomp-tools/consts/sys_nr/i386.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 {
-  setup: 0,
+  restart_syscall: 0,
   exit: 1,
   fork: 2,
   read: 3,
@@ -259,14 +259,14 @@
   remap_file_pages: 257,
   set_tid_address: 258,
   timer_create: 259,
-  timer_settime: (259 + 1),
-  timer_gettime: (259 + 2),
-  timer_getoverrun: (259 + 3),
-  timer_delete: (259 + 4),
-  clock_settime: (259 + 5),
-  clock_gettime: (259 + 6),
-  clock_getres: (259 + 7),
-  clock_nanosleep: (259 + 8),
+  timer_settime: 260,
+  timer_gettime: 261,
+  timer_getoverrun: 262,
+  timer_delete: 263,
+  clock_settime: 264,
+  clock_gettime: 265,
+  clock_getres: 266,
+  clock_nanosleep: 267,
   statfs64: 268,
   fstatfs64: 269,
   tgkill: 270,
@@ -277,11 +277,11 @@
   get_mempolicy: 275,
   set_mempolicy: 276,
   mq_open: 277,
-  mq_unlink: (277 + 1),
-  mq_timedsend: (277 + 2),
-  mq_timedreceive: (277 + 3),
-  mq_notify: (277 + 4),
-  mq_getsetattr: (277 + 5),
+  mq_unlink: 278,
+  mq_timedsend: 279,
+  mq_timedreceive: 280,
+  mq_notify: 281,
+  mq_getsetattr: 282,
   sys_kexec_load: 283,
   waitid: 284,
   add_key: 286,

data/lib/seccomp-tools/disasm/disasm.rb

@@ -30,9 +30,10 @@ module SeccompTools
         code.contexts = ctxs
         code.disasm
       end.join("\n")
-      <<-EOS + dis + "\n"
+      <<-EOS
  line  CODE  JT   JF      K
 =================================
+#{dis}
       EOS
     end
 

data/lib/seccomp-tools/dumper.rb

@@ -1,13 +1,19 @@
 # frozen_string_literal: true
 
+require 'os'
+
 require 'seccomp-tools/logger'
-require 'seccomp-tools/ptrace'
+require 'seccomp-tools/ptrace' if OS.linux?
 require 'seccomp-tools/syscall'
 
 module SeccompTools
   # Dump seccomp-bpf using ptrace of binary.
-  # Currently only support x86_64.
+  # Currently only support x86_64 and aarch64.
   module Dumper
+    # Whether the dumper is supported.
+    # Dumper works based on ptrace, so we need the platform be Linux.
+    SUPPORTED = OS.linux?
+
     module_function
 
     # Main bpf dump function.
@@ -35,6 +41,8 @@ module SeccompTools
     # @todo
     #   +timeout+ option.
     def dump(*args, limit: 1, &block)
+      return [] unless SUPPORTED
+
       pid = fork { handle_child(*args) }
       Handler.new(pid).handle(limit, &block)
     end
@@ -164,6 +172,8 @@ module SeccompTools
     #   dump_by_pid(pid2, 1) { |c| c[0, 10] }
     #   #=> [" \x00\x00\x00\x00\x00\x00\x00\x15\x00"]
     def dump_by_pid(pid, limit, &block)
+      return [] unless SUPPORTED
+
       collect = []
       Ptrace.attach_and_wait(pid)
       begin

data/lib/seccomp-tools/emulator.rb

@@ -58,10 +58,11 @@ module SeccompTools
     end
 
     def audit(arch)
-      type = case arch
-             when :amd64 then 'ARCH_X86_64'
-             when :i386 then 'ARCH_I386'
-             end
+      type = {
+        amd64: 'ARCH_X86_64',
+        i386: 'ARCH_I386',
+        aarch64: 'ARCH_AARCH64'
+      }[arch]
       Const::Audit::ARCH[type]
     end
 

data/lib/seccomp-tools/instruction/alu.rb

@@ -62,7 +62,7 @@ module SeccompTools
 
         case op
         when :lsh, :rsh then src.to_s
-        else '0x' + src.to_s(16)
+        else "0x#{src.to_s(16)}"
         end
       end
 

data/lib/seccomp-tools/instruction/jmp.rb

@@ -16,9 +16,9 @@ module SeccompTools
         # otherwise => if () goto jt; else goto jf;
         return '/* no-op */' if jt.zero? && jf.zero?
         return goto(jt) if jt == jf
-        return if_str(true) + goto(jf) if jt.zero?
+        return if_str(neg: true) + goto(jf) if jt.zero?
 
-        if_str + goto(jt) + (jf.zero? ? '' : ' else ' + goto(jf))
+        if_str + goto(jt) + (jf.zero? ? '' : " else #{goto(jf)}")
       end
 
       # See {Instruction::Base#symbolize}.
@@ -64,14 +64,19 @@ module SeccompTools
         a = a[0]
         return k.to_s unless a.data?
 
-        hex = '0x' + k.to_s(16)
+        hex = "0x#{k.to_s(16)}"
         case a.val
-        when 0 then Util.colorize(Const::Syscall.const_get(arch.upcase.to_sym).invert[k] || hex, t: :syscall)
+          # interpret as syscalls only if it's an equality test
+        when 0 then Util.colorize(jop == :== ? sysname_by_k || hex : hex, t: :syscall)
         when 4 then Util.colorize(Const::Audit::ARCH.invert[k] || hex, t: :arch)
         else hex
         end
       end
 
+      def sysname_by_k
+        Const::Syscall.const_get(arch.upcase.to_sym).invert[k]
+      end
+
       def src
         SRC.invert[code & 8] == :x ? :x : k
       end
@@ -84,15 +89,15 @@ module SeccompTools
         line + off + 1
       end
 
-      def if_str(neg = false)
+      def if_str(neg: false)
         return "if (A #{jop} #{src_str}) " unless neg
         return "if (!(A & #{src_str})) " if jop == :&
 
-        op = case jop
-             when :>= then :<
-             when :> then :<=
-             when :== then :!=
-             end
+        op = {
+          :>= => :<,
+          :> => :<=,
+          :== => :!=
+        }[jop]
         "if (A #{op} #{src_str}) "
       end
     end

data/lib/seccomp-tools/instruction/ld.rb

@@ -10,7 +10,7 @@ module SeccompTools
     class LD < Base
       # Decompile instruction.
       def decompile
-        ret = reg + ' = '
+        ret = "#{reg} = "
         _, _reg, type = symbolize
         return ret + type[:val].to_s if type[:rel] == :immi
         return ret + "mem[#{type[:val]}]" if type[:rel] == :mem
@@ -88,7 +88,7 @@ module SeccompTools
 
         comment = "# #{sys}(#{args.join(', ')})"
         arg_name = Util.colorize(args[idx / 2], t: :args)
-        (idx.even? ? arg_name : "#{arg_name} >> 32") + ' ' + Util.colorize(comment, t: :gray)
+        "#{idx.even? ? arg_name : "#{arg_name} >> 32"} #{Util.colorize(comment, t: :gray)}"
       end
     end
   end

data/lib/seccomp-tools/syscall.rb

@@ -1,7 +1,9 @@
 # frozen_string_literal: true
 
+require 'os'
+
 require 'seccomp-tools/const'
-require 'seccomp-tools/ptrace'
+require 'seccomp-tools/ptrace' if OS.linux?
 
 module SeccompTools
   # Record syscall number, arguments, return value.
@@ -9,7 +11,8 @@ module SeccompTools
     # Syscall arguments offset of +struct user+ in different arch.
     ABI = {
       amd64: { number: 120, args: [112, 104, 96, 56, 72, 44], ret: 80, SYS_prctl: 157, SYS_seccomp: 317 },
-      i386: { number: 120, args: [40, 88, 96, 104, 112, 32], ret: 80, SYS_prctl: 172, SYS_seccomp: 354 }
+      i386: { number: 44, args: [0, 4, 8, 12, 16, 20], ret: 24, SYS_prctl: 172, SYS_seccomp: 354 },
+      aarch64: { number: 64, args: [0, 8, 16, 24, 32, 40, 48], ret: 0, SYS_prctl: 167, SYS_seccomp: 277 }
     }.freeze
 
     # @return [Integer] Process id.
@@ -60,10 +63,11 @@ module SeccompTools
     #   Architecture of this syscall.
     def arch
       @arch ||= File.open("/proc/#{pid}/exe", 'rb') do |f|
-        f.pos = 4
+        f.pos = 18
         case f.read(1).ord
-        when 1 then :i386
-        when 2 then :amd64
+        when 3 then :i386
+        when 62 then :amd64
+        when 183 then :aarch64
         end
       end
     end
@@ -71,14 +75,15 @@ module SeccompTools
     private
 
     def bits
-      case arch
-      when :i386 then 32
-      when :amd64 then 64
-      end
+      {
+        i386: 32,
+        amd64: 64,
+        aarch64: 64
+      }[arch]
     end
 
     def peek(offset)
-      Ptrace.peekuser(pid, offset, 0)
+      Ptrace.peekuser(pid, offset, 0, bits)
     end
   end
 end

data/lib/seccomp-tools/util.rb

@@ -20,6 +20,7 @@ module SeccompTools
       case RbConfig::CONFIG['host_cpu']
       when /x86_64/ then :amd64
       when /i386/ then :i386
+      when /aarch64/ then :aarch64
       else :unknown
       end
     end

data/lib/seccomp-tools/version.rb

@@ -2,5 +2,5 @@
 
 module SeccompTools
   # Gem version.
-  VERSION = '1.4.0'
+  VERSION = '1.5.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: seccomp-tools
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.5.0
 platform: ruby
 authors:
 - david942j
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-16 00:00:00.000000000 Z
+date: 2021-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -58,28 +58,34 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.79'
+        version: '1.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.79'
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.17.0
+        version: '0.17'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.18'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.17.0
+        version: '0.17'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.18'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
@@ -94,6 +100,26 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: os
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.1
 description: |
   Provide useful tools to analyze seccomp rules.
   Visit https://github.com/david942j/seccomp-tools for more details.
@@ -122,6 +148,7 @@ files:
 - lib/seccomp-tools/cli/emu.rb
 - lib/seccomp-tools/const.rb
 - lib/seccomp-tools/consts/sys_arg.rb
+- lib/seccomp-tools/consts/sys_nr/aarch64.rb
 - lib/seccomp-tools/consts/sys_nr/amd64.rb
 - lib/seccomp-tools/consts/sys_nr/i386.rb
 - lib/seccomp-tools/disasm/context.rb
@@ -168,7 +195,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: seccomp-tools