extrasafe 0.5.1

Make your code extrasafe by reducing what it can access.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

//! Macros for extrasafe

// Heavily inspired by the libseccomp-rs macros, but written from scratch.

/// A macro to easily create [`crate::SeccompArgumentFilter`]s. Note that because internally it uses a
/// helper macro, to use this macro you should just `use extrasafe::*` if possible.
/// Usage:
/// ```
/// use extrasafe::*;
/// // usage: `seccomp_arg_filter!(<argN> <operator> <value>);`
/// // or `seccomp_arg_filter!(<argN> & <mask> == <value>);`
/// // arg0 through arg5 are supported
/// // operations <=, <, >=, >, ==, != are supported
/// let argfilter = seccomp_arg_filter!(arg0 < 5);
/// // Masked equality is also supported to check specific bits are set.
/// // The following checks the second bit of the syscall's 4th argument is set.
/// let argfilter = seccomp_arg_filter!(arg4 & 0b10 == 0b10);
/// ```
#[macro_export]
macro_rules! seccomp_arg_filter {
    ($argno:ident <= $value:expr) => {
        $crate::SeccompArgumentFilter::new(match_argno!($argno), $crate::SeccompilerComparator::Le, $value)
    };
    ($argno:ident < $value:expr) => {
        $crate::SeccompArgumentFilter::new(match_argno!($argno), $crate::SeccompilerComparator::Lt, $value)
    };
    ($argno:ident >= $value:expr) => {
        $crate::SeccompArgumentFilter::new(match_argno!($argno), $crate::SeccompilerComparator::Ge, $value)
    };
    ($argno:ident > $value:expr) => {
        $crate::SeccompArgumentFilter::new(match_argno!($argno), $crate::SeccompilerComparator::Gt, $value)
    };
    ($argno:ident == $value:expr) => {
        $crate::SeccompArgumentFilter::new(match_argno!($argno), $crate::SeccompilerComparator::Eq, $value)
    };
    ($argno:ident != $value:expr) => {
        $crate::SeccompArgumentFilter::new(match_argno!($argno), $crate::SeccompilerComparator::Ne, $value)
    };
    ($argno:ident & $mask:tt == $value:expr) => {
        $crate::SeccompArgumentFilter::new(match_argno!($argno), $crate::SeccompilerComparator::MaskedEq($mask), $value)
    };
    ($_other:expr) => {compile_error!("usage: `arg[0-5] {<=, <, >=, >, ==, !=} <value>` or `arg[0-5] & <mask> == <value>`")};
}

#[doc(hidden)]
#[macro_export]
/// Internal macro for `seccomp_arg_filter!`
macro_rules! match_argno {
    (arg0) => {0};
    (arg1) => {1};
    (arg2) => {2};
    (arg3) => {3};
    (arg4) => {4};
    (arg5) => {5};
    ($_other:expr) => {compile_error!("Seccomp argument filters must start with argX where X is 0-5")};
}

/// These tests just test that the macro expands correctly, not that the comparators do what they
/// say they do in seccompiler.
#[cfg(test)]
mod tests {
    use crate::*;

    #[test]
    fn test_comparison_le() {
        let cmp = seccomp_arg_filter!(arg0 <= 10);
        assert_eq!(
            cmp,
            SeccompArgumentFilter::new(0, SeccompilerComparator::Le, 10)
        );
    }

    #[test]
    fn test_comparison_lt() {
        let cmp = seccomp_arg_filter!(arg1 < 10);
        assert_eq!(
            cmp,
            SeccompArgumentFilter::new(1, SeccompilerComparator::Lt, 10)
        );
    }

    #[test]
    fn test_comparison_ge() {
        let cmp = seccomp_arg_filter!(arg2 >= 5);
        assert_eq!(
            cmp,
            SeccompArgumentFilter::new(2, SeccompilerComparator::Ge, 5)
        );
    }

    #[test]
    fn test_comparison_gt() {
        let cmp = seccomp_arg_filter!(arg3 > 200);
        assert_eq!(
            cmp,
            SeccompArgumentFilter::new(3, SeccompilerComparator::Gt, 200)
        );
    }

    #[test]
    fn test_comparison_eq() {
        let cmp = seccomp_arg_filter!(arg4 == 0);
        assert_eq!(
            cmp,
            SeccompArgumentFilter::new(4, SeccompilerComparator::Eq, 0)
        );
    }

    #[test]
    fn test_comparison_ne() {
        let cmp = seccomp_arg_filter!(arg5 != 80);
        assert_eq!(
            cmp,
            SeccompArgumentFilter::new(5, SeccompilerComparator::Ne, 80)
        );
    }

    #[test]
    fn test_comparison_mask() {
        let cmp = seccomp_arg_filter!(arg2 & 0x1337 == 0x37);
        assert_eq!(
            cmp,
            SeccompArgumentFilter::new(2, SeccompilerComparator::MaskedEq(0x1337), 0x37)
        );
    }
}