aya/aya-ebpf-macros/src/lsm.rs

use std::borrow::Cow;

use proc_macro2::TokenStream;
use quote::quote;
use syn::{ItemFn, Result};

use crate::args::{err_on_unknown_args, pop_bool_arg, pop_string_arg};

pub(crate) struct Lsm {
    item: ItemFn,
    hook: Option<String>,
    sleepable: bool,
}

impl Lsm {
    pub(crate) fn parse(attrs: TokenStream, item: TokenStream) -> Result<Self> {
        let item = syn::parse2(item)?;
        let mut args = syn::parse2(attrs)?;
        let hook = pop_string_arg(&mut args, "hook");
        let sleepable = pop_bool_arg(&mut args, "sleepable");
        err_on_unknown_args(&args)?;
        Ok(Self {
            item,
            hook,
            sleepable,
        })
    }

    pub(crate) fn expand(&self) -> TokenStream {
        let Self {
            item,
            hook,
            sleepable,
        } = self;
        let ItemFn {
            attrs: _,
            vis,
            sig,
            block: _,
        } = item;
        let section_prefix = if *sleepable { "lsm.s" } else { "lsm" };
        let section_name: Cow<'_, _> = if let Some(hook) = hook {
            format!("{}/{}", section_prefix, hook).into()
        } else {
            section_prefix.into()
        };
        // LSM probes need to return an integer corresponding to the correct
        // policy decision. Therefore we do not simply default to a return value
        // of 0 as in other program types.
        let fn_name = &sig.ident;
        quote! {
            #[no_mangle]
            #[link_section = #section_name]
            #vis fn #fn_name(ctx: *mut ::core::ffi::c_void) -> i32 {
                return #fn_name(::aya_ebpf::programs::LsmContext::new(ctx));

                #item
            }
        }
    }
}

#[cfg(test)]
mod tests {
    use syn::parse_quote;

    use super::*;

    #[test]
    fn test_lsm_sleepable() {
        let prog = Lsm::parse(
            parse_quote! {
                sleepable,
                hook = "bprm_committed_creds"
            },
            parse_quote! {
                fn bprm_committed_creds(ctx: &mut ::aya_ebpf::programs::LsmContext) -> i32 {
                    0
                }
            },
        )
        .unwrap();
        let expanded = prog.expand();
        let expected = quote! {
            #[no_mangle]
            #[link_section = "lsm.s/bprm_committed_creds"]
            fn bprm_committed_creds(ctx: *mut ::core::ffi::c_void) -> i32 {
                return bprm_committed_creds(::aya_ebpf::programs::LsmContext::new(ctx));

                fn bprm_committed_creds(ctx: &mut ::aya_ebpf::programs::LsmContext) -> i32 {
                    0
                }
            }
        };
        assert_eq!(expected.to_string(), expanded.to_string());
    }

    #[test]
    fn test_lsm() {
        let prog = Lsm::parse(
            parse_quote! {
                hook = "bprm_committed_creds"
            },
            parse_quote! {
                fn bprm_committed_creds(ctx: &mut ::aya_ebpf::programs::LsmContext) -> i32 {
                    0
                }
            },
        )
        .unwrap();
        let expanded = prog.expand();
        let expected = quote! {
            #[no_mangle]
            #[link_section = "lsm/bprm_committed_creds"]
            fn bprm_committed_creds(ctx: *mut ::core::ffi::c_void) -> i32 {
                return bprm_committed_creds(::aya_ebpf::programs::LsmContext::new(ctx));

                fn bprm_committed_creds(ctx: &mut ::aya_ebpf::programs::LsmContext) -> i32 {
                    0
                }
            }
        };
        assert_eq!(expected.to_string(), expanded.to_string());
    }
}
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`use std::borrow::Cow;`

			`use proc_macro2::TokenStream;`
			`use quote::quote;`
			`use syn::{ItemFn, Result};`

aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`use crate::args::{err_on_unknown_args, pop_bool_arg, pop_string_arg};`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago
			`pub(crate) struct Lsm {`
			`item: ItemFn,`
aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`hook: Option<String>,`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`sleepable: bool,`
			`}`

			`impl Lsm {`
Replace proc-macro-error with proc-macro2-diagnostics proc-macro-error is unmaintained. 2 months ago			`pub(crate) fn parse(attrs: TokenStream, item: TokenStream) -> Result<Self> {`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`let item = syn::parse2(item)?;`
aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`let mut args = syn::parse2(attrs)?;`
			`let hook = pop_string_arg(&mut args, "hook");`
			`let sleepable = pop_bool_arg(&mut args, "sleepable");`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`err_on_unknown_args(&args)?;`
Replace proc-macro-error with proc-macro2-diagnostics proc-macro-error is unmaintained. 2 months ago			`Ok(Self {`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`item,`
			`hook,`
aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`sleepable,`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`})`
			`}`

Replace proc-macro-error with proc-macro2-diagnostics proc-macro-error is unmaintained. 2 months ago			`pub(crate) fn expand(&self) -> TokenStream {`
			`let Self {`
			`item,`
			`hook,`
			`sleepable,`
			`} = self;`
			`let ItemFn {`
			`attrs: _,`
			`vis,`
			`sig,`
			`block: _,`
			`} = item;`
			`let section_prefix = if *sleepable { "lsm.s" } else { "lsm" };`
			`let section_name: Cow<'_, _> = if let Some(hook) = hook {`
aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`format!("{}/{}", section_prefix, hook).into()`
			`} else {`
			`section_prefix.into()`
			`};`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`// LSM probes need to return an integer corresponding to the correct`
			`// policy decision. Therefore we do not simply default to a return value`
			`// of 0 as in other program types.`
Replace proc-macro-error with proc-macro2-diagnostics proc-macro-error is unmaintained. 2 months ago			`let fn_name = &sig.ident;`
			`quote! {`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`#[no_mangle]`
			`#[link_section = #section_name]`
Replace proc-macro-error with proc-macro2-diagnostics proc-macro-error is unmaintained. 2 months ago			`#vis fn #fn_name(ctx: *mut ::core::ffi::c_void) -> i32 {`
chore(aya-ebpf): Rename bpf -> ebpf Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 11 months ago			`return #fn_name(::aya_ebpf::programs::LsmContext::new(ctx));`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago
			`#item`
			`}`
Replace proc-macro-error with proc-macro2-diagnostics proc-macro-error is unmaintained. 2 months ago			`}`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`}`
			`}`

			`#[cfg(test)]`
			`mod tests {`
			`use syn::parse_quote;`

rustfmt: group_imports = "StdExternalCrate" High time we stop debating this; let the robots do the work. 1 year ago			`use super::*;`

aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`#[test]`
			`fn test_lsm_sleepable() {`
			`let prog = Lsm::parse(`
			`parse_quote! {`
			`sleepable,`
			`hook = "bprm_committed_creds"`
			`},`
			`parse_quote! {`
chore(aya-ebpf): Rename bpf -> ebpf Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 11 months ago			`fn bprm_committed_creds(ctx: &mut ::aya_ebpf::programs::LsmContext) -> i32 {`
aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`0`
			`}`
			`},`
			`)`
			`.unwrap();`
Replace proc-macro-error with proc-macro2-diagnostics proc-macro-error is unmaintained. 2 months ago			`let expanded = prog.expand();`
aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`let expected = quote! {`
			`#[no_mangle]`
			`#[link_section = "lsm.s/bprm_committed_creds"]`
			`fn bprm_committed_creds(ctx: *mut ::core::ffi::c_void) -> i32 {`
chore(aya-ebpf): Rename bpf -> ebpf Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 11 months ago			`return bprm_committed_creds(::aya_ebpf::programs::LsmContext::new(ctx));`
aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago
chore(aya-ebpf): Rename bpf -> ebpf Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 11 months ago			`fn bprm_committed_creds(ctx: &mut ::aya_ebpf::programs::LsmContext) -> i32 {`
aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`0`
			`}`
			`}`
			`};`
			`assert_eq!(expected.to_string(), expanded.to_string());`
			`}`

aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`#[test]`
			`fn test_lsm() {`
			`let prog = Lsm::parse(`
			`parse_quote! {`
			`hook = "bprm_committed_creds"`
			`},`
			`parse_quote! {`
chore(aya-ebpf): Rename bpf -> ebpf Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 11 months ago			`fn bprm_committed_creds(ctx: &mut ::aya_ebpf::programs::LsmContext) -> i32 {`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`0`
			`}`
			`},`
			`)`
			`.unwrap();`
Replace proc-macro-error with proc-macro2-diagnostics proc-macro-error is unmaintained. 2 months ago			`let expanded = prog.expand();`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`let expected = quote! {`
			`#[no_mangle]`
			`#[link_section = "lsm/bprm_committed_creds"]`
			`fn bprm_committed_creds(ctx: *mut ::core::ffi::c_void) -> i32 {`
chore(aya-ebpf): Rename bpf -> ebpf Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 11 months ago			`return bprm_committed_creds(::aya_ebpf::programs::LsmContext::new(ctx));`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago
chore(aya-ebpf): Rename bpf -> ebpf Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 11 months ago			`fn bprm_committed_creds(ctx: &mut ::aya_ebpf::programs::LsmContext) -> i32 {`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 2 years ago			`0`
			`}`
			`}`
			`};`
			`assert_eq!(expected.to_string(), expanded.to_string());`
			`}`
			`}`