tools/compile_seccomp_policy: support kill syscall
The parsing fails on statements like:
kill: 1
since 'kill' is matched as an action.
I added these to tests/seccomp.policy and verified the script
now runs to completion.
Bug: chromium:1024021
Test: ./tools/compiler_unittest.py
Test: ./tools/parser_unittest.py
Test: ./tools/compile_seccomp_policy.py \
test/seccomp.policy test/seccomp.bpf
Change-Id: Idd9476f2d3bc4d69dd1f4bbaac4505bff2ce9801
Signed-off-by: Matt Delco <delco@chromium.org>
diff --git a/tools/parser.py b/tools/parser.py
index f3c5331..3f933a8 100644
--- a/tools/parser.py
+++ b/tools/parser.py
@@ -518,7 +518,10 @@
if not tokens:
self._parser_state.error('missing syscall descriptor')
syscall_descriptor = tokens.pop(0)
- if syscall_descriptor.type != 'IDENTIFIER':
+ # `kill` as a syscall name is a special case since kill is also a valid
+ # action and actions have precendence over identifiers.
+ if (syscall_descriptor.type != 'IDENTIFIER' and
+ syscall_descriptor.value != 'kill'):
self._parser_state.error(
'invalid syscall descriptor', token=syscall_descriptor)
if tokens and tokens[0].type == 'LBRACKET':
diff --git a/tools/parser_unittest.py b/tools/parser_unittest.py
index e9f0ce2..36bb3bf 100755
--- a/tools/parser_unittest.py
+++ b/tools/parser_unittest.py
@@ -426,6 +426,14 @@
), [
parser.Filter([[parser.Atom(0, '==', 0)]], bpf.Allow()),
]))
+ self.assertEqual(
+ self.parser.parse_filter_statement(
+ self._tokenize('kill: arg0 == 0')),
+ parser.ParsedFilterStatement((
+ parser.Syscall('kill', 62),
+ ), [
+ parser.Filter([[parser.Atom(0, '==', 0)]], bpf.Allow()),
+ ]))
def test_parse_metadata(self):
"""Accept valid filter statements with metadata."""
diff --git a/tools/testdata/arch_64.json b/tools/testdata/arch_64.json
index 1286ee4..4c90ed6 100644
--- a/tools/testdata/arch_64.json
+++ b/tools/testdata/arch_64.json
@@ -7,6 +7,7 @@
"write": 1,
"open": 2,
"close": 3,
+ "kill": 62,
"syscall_4": 4,
"syscall_5": 5,
"syscall_6": 6,
@@ -65,7 +66,6 @@
"syscall_59": 59,
"syscall_60": 60,
"syscall_61": 61,
- "syscall_62": 62,
"syscall_63": 63,
"syscall_64": 64,
"syscall_65": 65,