1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
use seccomp_sys::*;
use strum_macros::EnumString;
/// An enum for `!=`, `<`, `<=`, `==`, `>=`, `>`
#[derive(Debug, Clone, Copy, PartialEq, Eq, EnumString)]
pub enum Cmp {
/// Not equal, `!=`
Ne,
/// Lower-than, `<`
Lt,
/// Lower-or-equal, `<=`
Le,
/// Equal, `==`
Eq,
/// Greater-or-equal, `>=`
Ge,
/// Greater-than, `>`
Gt,
/// Equal for the masked argument value, the mask is provided in `datum_a` of the [`Comparator`](struct.Comparator.html).
MaskedEq,
}
impl From<Cmp> for scmp_compare {
fn from(cmp: Cmp) -> scmp_compare {
use self::Cmp::*;
use scmp_compare::*;
match cmp {
Ne => SCMP_CMP_NE,
Lt => SCMP_CMP_LT,
Le => SCMP_CMP_LE,
Eq => SCMP_CMP_EQ,
Ge => SCMP_CMP_GE,
Gt => SCMP_CMP_GT,
MaskedEq => SCMP_CMP_MASKED_EQ,
}
}
}
/// A compare rule to restrict an argument syscall
#[derive(Debug, Clone)]
pub struct Comparator {
arg: u32,
op: Cmp,
datum_a: u64,
datum_b: u64,
}
impl Comparator {
/// Set a constraint for a syscall argument.
/// - The first argument is the syscall argument index, `0` would be the first argument.
/// - The second argument selects a compare operation like equals-to, greather-than, etc.
/// - The third argument is the value it's going to be compared to.
/// - The forth argument is only used when using Cmp::MaskedEq, where `datum_a` is used as a mask and `datum_b` is the value the result is compared to.
pub fn new(arg: u32, op: Cmp, datum_a: u64, datum_b: Option<u64>) -> Self {
Self {
arg,
op,
datum_a,
datum_b: datum_b.unwrap_or(0_u64),
}
}
}
impl From<Comparator> for scmp_arg_cmp {
fn from(cmp: Comparator) -> scmp_arg_cmp {
scmp_arg_cmp {
arg: cmp.arg,
op: cmp.op.into(),
datum_a: cmp.datum_a,
datum_b: cmp.datum_b,
}
}
}