From 3f0e47fe2717b73ccef68ca18f9f7297ee73ebb2 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Wed, 8 Mar 2017 21:13:31 -0800
Subject: api: extend BPF export API to write to a memory buffer

The API to export to a fd is helpful, but for tools that want to
generate & read the BPF program, outputting to a buffer would be
much more helpful.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
[PM: rename seccomp_export_bpf_buf() to seccomp_export_bpf_mem()]
[PM: 'make check-syntax' fixes]
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 tests/11-basic-basic_errors.c  | 33 +++++++++++++++++++++++++++++++++
 tests/11-basic-basic_errors.py |  5 +++++
 2 files changed, 38 insertions(+)

(limited to 'tests')

diff --git a/tests/11-basic-basic_errors.c b/tests/11-basic-basic_errors.c
index 49d9eef..53fe95d 100644
--- a/tests/11-basic-basic_errors.c
+++ b/tests/11-basic-basic_errors.c
@@ -175,6 +175,39 @@ int main(int argc, char *argv[])
 	seccomp_release(ctx);
 	ctx = NULL;
 
+	/* seccomp_export_bpf_mem errors */
+	char buf[1024];
+	size_t buf_len = sizeof(buf);
+	rc = seccomp_export_bpf_mem(ctx, buf, &buf_len);
+	if (rc != -EINVAL)
+		return -1;
+
+	ctx = seccomp_init(SCMP_ACT_KILL);
+	if (ctx == NULL)
+		return -1;
+	rc = seccomp_export_bpf_mem(ctx, buf, NULL);
+	if (rc != -EINVAL)
+		return -1;
+	rc = seccomp_export_bpf_mem(ctx, NULL, NULL);
+	if (rc != -EINVAL)
+		return -1;
+
+	rc = seccomp_export_bpf_mem(ctx, NULL, &buf_len);
+	if (rc != 0)
+		return -1;
+	rc = seccomp_export_bpf_mem(ctx, buf, &buf_len);
+	if (rc != 0)
+		return -1;
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit), 0);
+	if (rc != 0)
+		return -1;
+	buf_len = 0;
+	rc = seccomp_export_bpf_mem(ctx, buf, &buf_len);
+	if (rc != -ERANGE)
+		return -1;
+	seccomp_release(ctx);
+	ctx = NULL;
+
 	/* seccomp_attr_* errors */
 	ctx = seccomp_init(SCMP_ACT_ALLOW);
 	if (ctx == NULL)
diff --git a/tests/11-basic-basic_errors.py b/tests/11-basic-basic_errors.py
index a2689ca..7cf502d 100755
--- a/tests/11-basic-basic_errors.py
+++ b/tests/11-basic-basic_errors.py
@@ -87,6 +87,11 @@ def test():
     except RuntimeError:
         pass
 
+    # This shouldn't throw any errors.
+    f = SyscallFilter(ALLOW)
+    f.add_rule(KILL, "read")
+    ret = f.export_bpf_mem()
+
 test()
 
 # kate: syntax python;
-- 
cgit v1.2.1