]>
iEval git - linux-seccomp.git/blob - libseccomp/tests/08-sim-subtree_checks.c
2 * Seccomp Library test program
4 * Copyright (c) 2012 Red Hat <pmoore@redhat.com>
5 * Author: Paul Moore <paul@paul-moore.com>
9 * This library is free software; you can redistribute it and/or modify it
10 * under the terms of version 2.1 of the GNU Lesser General Public License as
11 * published by the Free Software Foundation.
13 * This library is distributed in the hope that it will be useful, but WITHOUT
14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
15 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this library; if not, see <http://www.gnu.org/licenses>.
29 int main(int argc
, char *argv
[])
32 struct util_options opts
;
33 scmp_filter_ctx ctx
= NULL
;
35 rc
= util_getopt(argc
, argv
, &opts
);
39 ctx
= seccomp_init(SCMP_ACT_KILL
);
43 /* the syscall and argument numbers are all fake to make the test
46 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1000, 2,
47 SCMP_A0(SCMP_CMP_EQ
, 0),
48 SCMP_A1(SCMP_CMP_EQ
, 1));
51 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1000, 1,
52 SCMP_A1(SCMP_CMP_EQ
, 1));
56 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1001, 1,
57 SCMP_A1(SCMP_CMP_EQ
, 1));
60 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1001, 2,
61 SCMP_A0(SCMP_CMP_EQ
, 0),
62 SCMP_A1(SCMP_CMP_EQ
, 1));
66 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1002, 4,
67 SCMP_A0(SCMP_CMP_EQ
, 0),
68 SCMP_A1(SCMP_CMP_EQ
, 1),
69 SCMP_A2(SCMP_CMP_EQ
, 2),
70 SCMP_A3(SCMP_CMP_EQ
, 3));
73 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1002, 2,
74 SCMP_A1(SCMP_CMP_EQ
, 1),
75 SCMP_A2(SCMP_CMP_EQ
, 2));
79 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1003, 2,
80 SCMP_A1(SCMP_CMP_EQ
, 1),
81 SCMP_A2(SCMP_CMP_EQ
, 2));
84 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1003, 4,
85 SCMP_A0(SCMP_CMP_EQ
, 0),
86 SCMP_A1(SCMP_CMP_EQ
, 1),
87 SCMP_A2(SCMP_CMP_EQ
, 2),
88 SCMP_A3(SCMP_CMP_EQ
, 3));
92 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1004, 4,
93 SCMP_A0(SCMP_CMP_EQ
, 0),
94 SCMP_A1(SCMP_CMP_EQ
, 1),
95 SCMP_A2(SCMP_CMP_EQ
, 2),
96 SCMP_A3(SCMP_CMP_EQ
, 3));
99 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1004, 2,
100 SCMP_A0(SCMP_CMP_EQ
, 0),
101 SCMP_A1(SCMP_CMP_EQ
, 11));
104 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1004, 4,
105 SCMP_A0(SCMP_CMP_EQ
, 0),
106 SCMP_A1(SCMP_CMP_EQ
, 1),
107 SCMP_A2(SCMP_CMP_EQ
, 2),
108 SCMP_A3(SCMP_CMP_EQ
, 33));
111 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1004, 2,
112 SCMP_A1(SCMP_CMP_EQ
, 1),
113 SCMP_A2(SCMP_CMP_EQ
, 2));
117 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1005, 2,
118 SCMP_A1(SCMP_CMP_EQ
, 1),
119 SCMP_A2(SCMP_CMP_EQ
, 2));
122 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1005, 4,
123 SCMP_A0(SCMP_CMP_EQ
, 0),
124 SCMP_A1(SCMP_CMP_EQ
, 1),
125 SCMP_A2(SCMP_CMP_EQ
, 2),
126 SCMP_A3(SCMP_CMP_EQ
, 3));
129 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1005, 2,
130 SCMP_A0(SCMP_CMP_EQ
, 0),
131 SCMP_A1(SCMP_CMP_EQ
, 11));
134 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1005, 4,
135 SCMP_A0(SCMP_CMP_EQ
, 0),
136 SCMP_A1(SCMP_CMP_EQ
, 1),
137 SCMP_A2(SCMP_CMP_EQ
, 2),
138 SCMP_A3(SCMP_CMP_EQ
, 33));
142 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1006, 2,
143 SCMP_A1(SCMP_CMP_NE
, 1),
144 SCMP_A2(SCMP_CMP_EQ
, 0));
147 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1006, 2,
148 SCMP_A1(SCMP_CMP_EQ
, 1),
149 SCMP_A2(SCMP_CMP_EQ
, 2));
152 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1006, 1,
153 SCMP_A1(SCMP_CMP_NE
, 1));
157 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_TRAP
, 1007, 2,
158 SCMP_A2(SCMP_CMP_EQ
, 1),
159 SCMP_A3(SCMP_CMP_EQ
, 3));
162 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1007, 2,
163 SCMP_A2(SCMP_CMP_EQ
, 1),
164 SCMP_A3(SCMP_CMP_NE
, 3));
167 rc
= seccomp_rule_add_exact(ctx
, SCMP_ACT_ALLOW
, 1007, 1,
168 SCMP_A3(SCMP_CMP_NE
, 3));
172 rc
= util_filter_output(&opts
, ctx
);
177 seccomp_release(ctx
);
178 return (rc
< 0 ? -rc
: rc
);
This page took 0.06047 seconds and 4 git commands to generate.