# # pseudo filter code start # # filter for arch x86_64 (3221225534) if ($arch == 3221225534) if ($syscall > 2) if ($syscall > 10) if ($syscall > 14) # filter for syscall "pwrite64" (18) [priority: 65531] if ($syscall == 18) if ($a0.hi32 == 0) if ($a0.lo32 == 107) if ($a1.hi32 == 0) if ($a1.lo32 == 108) action ERRNO(18); # filter for syscall "pread64" (17) [priority: 65533] if ($syscall == 17) if ($a0.hi32 == 0) if ($a0.lo32 == 106) action ERRNO(17); # filter for syscall "ioctl" (16) [priority: 65535] if ($syscall == 16) action ERRNO(16); # filter for syscall "rt_sigreturn" (15) [priority: 65535] if ($syscall == 15) action ERRNO(15); else # ($syscall <= 14) # filter for syscall "rt_sigprocmask" (14) [priority: 65535] if ($syscall == 14) action ERRNO(14); # filter for syscall "rt_sigaction" (13) [priority: 65535] if ($syscall == 13) action ERRNO(13); # filter for syscall "brk" (12) [priority: 65535] if ($syscall == 12) action ERRNO(12); # filter for syscall "munmap" (11) [priority: 65535] if ($syscall == 11) action ERRNO(11); else # ($syscall <= 10) if ($syscall > 6) # filter for syscall "mprotect" (10) [priority: 65533] if ($syscall == 10) if ($a0.hi32 == 0) if ($a0.lo32 == 105) action ERRNO(10); # filter for syscall "mmap" (9) [priority: 65535] if ($syscall == 9) action ERRNO(9); # filter for syscall "lseek" (8) [priority: 65533] if ($syscall == 8) if ($a0.hi32 == 0) if ($a0.lo32 == 104) action ERRNO(8); # filter for syscall "poll" (7) [priority: 65535] if ($syscall == 7) action ERRNO(7); else # ($syscall <= 6) # filter for syscall "lstat" (6) [priority: 65535] if ($syscall == 6) action ERRNO(6); # filter for syscall "fstat" (5) [priority: 65533] if ($syscall == 5) if ($a0.hi32 == 0) if ($a0.lo32 == 103) action ERRNO(5); # filter for syscall "stat" (4) [priority: 65535] if ($syscall == 4) action ERRNO(4); # filter for syscall "close" (3) [priority: 65535] if ($syscall == 3) action ERRNO(3); else # ($syscall <= 2) # filter for syscall "open" (2) [priority: 65535] if ($syscall == 2) action ERRNO(2); # filter for syscall "write" (1) [priority: 65533] if ($syscall == 1) if ($a0.hi32 == 0) if ($a0.lo32 == 102) action ERRNO(1); # filter for syscall "read" (0) [priority: 65531] if ($syscall == 0) if ($a0.hi32 == 0) if ($a0.lo32 == 100) if ($a1.hi32 == 0) if ($a1.lo32 == 101) action ERRNO(0); # default action action ALLOW; # filter for arch aarch64 (3221225655) if ($arch == 3221225655) if ($syscall > 62) if ($syscall > 139) if ($syscall > 226) # filter for syscall "lstat" (4294957133) [priority: 65535] if ($syscall == 4294957133) action ERRNO(6); # filter for syscall "open" (4294957130) [priority: 65535] if ($syscall == 4294957130) action ERRNO(2); # filter for syscall "poll" (4294957127) [priority: 65535] if ($syscall == 4294957127) action ERRNO(7); # filter for syscall "stat" (4294957122) [priority: 65535] if ($syscall == 4294957122) action ERRNO(4); else # ($syscall <= 226) # filter for syscall "mprotect" (226) [priority: 65533] if ($syscall == 226) if ($a0.hi32 == 0) if ($a0.lo32 == 105) action ERRNO(10); # filter for syscall "mmap" (222) [priority: 65535] if ($syscall == 222) action ERRNO(9); # filter for syscall "munmap" (215) [priority: 65535] if ($syscall == 215) action ERRNO(11); # filter for syscall "brk" (214) [priority: 65535] if ($syscall == 214) action ERRNO(12); else # ($syscall <= 139) if ($syscall > 68) # filter for syscall "rt_sigreturn" (139) [priority: 65535] if ($syscall == 139) action ERRNO(15); # filter for syscall "rt_sigprocmask" (135) [priority: 65535] if ($syscall == 135) action ERRNO(14); # filter for syscall "rt_sigaction" (134) [priority: 65535] if ($syscall == 134) action ERRNO(13); # filter for syscall "fstat" (80) [priority: 65533] if ($syscall == 80) if ($a0.hi32 == 0) if ($a0.lo32 == 103) action ERRNO(5); else # ($syscall <= 68) # filter for syscall "pwrite64" (68) [priority: 65531] if ($syscall == 68) if ($a0.hi32 == 0) if ($a0.lo32 == 107) if ($a1.hi32 == 0) if ($a1.lo32 == 108) action ERRNO(18); # filter for syscall "pread64" (67) [priority: 65533] if ($syscall == 67) if ($a0.hi32 == 0) if ($a0.lo32 == 106) action ERRNO(17); # filter for syscall "write" (64) [priority: 65533] if ($syscall == 64) if ($a0.hi32 == 0) if ($a0.lo32 == 102) action ERRNO(1); # filter for syscall "read" (63) [priority: 65531] if ($syscall == 63) if ($a0.hi32 == 0) if ($a0.lo32 == 100) if ($a1.hi32 == 0) if ($a1.lo32 == 101) action ERRNO(0); else # ($syscall <= 62) # filter for syscall "lseek" (62) [priority: 65533] if ($syscall == 62) if ($a0.hi32 == 0) if ($a0.lo32 == 104) action ERRNO(8); # filter for syscall "close" (57) [priority: 65535] if ($syscall == 57) action ERRNO(3); # filter for syscall "ioctl" (29) [priority: 65535] if ($syscall == 29) action ERRNO(16); # default action action ALLOW; # filter for arch loongarch64 (3221225730) if ($arch == 3221225730) if ($syscall > 62) if ($syscall > 214) if ($syscall > 4294957051) # filter for syscall "lstat" (4294957133) [priority: 65535] if ($syscall == 4294957133) action ERRNO(6); # filter for syscall "open" (4294957130) [priority: 65535] if ($syscall == 4294957130) action ERRNO(2); # filter for syscall "poll" (4294957127) [priority: 65535] if ($syscall == 4294957127) action ERRNO(7); # filter for syscall "stat" (4294957122) [priority: 65535] if ($syscall == 4294957122) action ERRNO(4); else # ($syscall <= 4294957051) # filter for syscall "fstat" (4294957051) [priority: 65533] if ($syscall == 4294957051) if ($a0.hi32 == 0) if ($a0.lo32 == 103) action ERRNO(5); # filter for syscall "mprotect" (226) [priority: 65533] if ($syscall == 226) if ($a0.hi32 == 0) if ($a0.lo32 == 105) action ERRNO(10); # filter for syscall "mmap" (222) [priority: 65535] if ($syscall == 222) action ERRNO(9); # filter for syscall "munmap" (215) [priority: 65535] if ($syscall == 215) action ERRNO(11); else # ($syscall <= 214) if ($syscall > 68) # filter for syscall "brk" (214) [priority: 65535] if ($syscall == 214) action ERRNO(12); # filter for syscall "rt_sigreturn" (139) [priority: 65535] if ($syscall == 139) action ERRNO(15); # filter for syscall "rt_sigprocmask" (135) [priority: 65535] if ($syscall == 135) action ERRNO(14); # filter for syscall "rt_sigaction" (134) [priority: 65535] if ($syscall == 134) action ERRNO(13); else # ($syscall <= 68) # filter for syscall "pwrite64" (68) [priority: 65531] if ($syscall == 68) if ($a0.hi32 == 0) if ($a0.lo32 == 107) if ($a1.hi32 == 0) if ($a1.lo32 == 108) action ERRNO(18); # filter for syscall "pread64" (67) [priority: 65533] if ($syscall == 67) if ($a0.hi32 == 0) if ($a0.lo32 == 106) action ERRNO(17); # filter for syscall "write" (64) [priority: 65533] if ($syscall == 64) if ($a0.hi32 == 0) if ($a0.lo32 == 102) action ERRNO(1); # filter for syscall "read" (63) [priority: 65531] if ($syscall == 63) if ($a0.hi32 == 0) if ($a0.lo32 == 100) if ($a1.hi32 == 0) if ($a1.lo32 == 101) action ERRNO(0); else # ($syscall <= 62) # filter for syscall "lseek" (62) [priority: 65533] if ($syscall == 62) if ($a0.hi32 == 0) if ($a0.lo32 == 104) action ERRNO(8); # filter for syscall "close" (57) [priority: 65535] if ($syscall == 57) action ERRNO(3); # filter for syscall "ioctl" (29) [priority: 65535] if ($syscall == 29) action ERRNO(16); # default action action ALLOW; # invalid architecture action action KILL; # # pseudo filter code end #