aya/aya-ebpf-macros/src/lsm.rs

use std::borrow::Cow;

use proc_macro2::TokenStream;
use quote::quote;
use syn::{ItemFn, Result};

use crate::args::{err_on_unknown_args, pop_bool_arg, pop_string_arg};

pub(crate) struct Lsm {
    item: ItemFn,
    hook: Option<String>,
    sleepable: bool,
}

impl Lsm {
    pub(crate) fn parse(attrs: TokenStream, item: TokenStream) -> Result<Lsm> {
        let item = syn::parse2(item)?;
        let mut args = syn::parse2(attrs)?;
        let hook = pop_string_arg(&mut args, "hook");
        let sleepable = pop_bool_arg(&mut args, "sleepable");
        err_on_unknown_args(&args)?;
        Ok(Lsm {
            item,
            hook,
            sleepable,
        })
    }

    pub(crate) fn expand(&self) -> Result<TokenStream> {
        let section_prefix = if self.sleepable { "lsm.s" } else { "lsm" };
        let section_name: Cow<'_, _> = if let Some(hook) = &self.hook {
            format!("{}/{}", section_prefix, hook).into()
        } else {
            section_prefix.into()
        };
        let fn_vis = &self.item.vis;
        let fn_name = self.item.sig.ident.clone();
        let item = &self.item;
        // LSM probes need to return an integer corresponding to the correct
        // policy decision. Therefore we do not simply default to a return value
        // of 0 as in other program types.
        Ok(quote! {
            #[no_mangle]
            #[link_section = #section_name]
            #fn_vis fn #fn_name(ctx: *mut ::core::ffi::c_void) -> i32 {
                return #fn_name(::aya_ebpf::programs::LsmContext::new(ctx));

                #item
            }
        })
    }
}

#[cfg(test)]
mod tests {
    use syn::parse_quote;

    use super::*;

    #[test]
    fn test_lsm_sleepable() {
        let prog = Lsm::parse(
            parse_quote! {
                sleepable,
                hook = "bprm_committed_creds"
            },
            parse_quote! {
                fn bprm_committed_creds(ctx: &mut ::aya_ebpf::programs::LsmContext) -> i32 {
                    0
                }
            },
        )
        .unwrap();
        let expanded = prog.expand().unwrap();
        let expected = quote! {
            #[no_mangle]
            #[link_section = "lsm.s/bprm_committed_creds"]
            fn bprm_committed_creds(ctx: *mut ::core::ffi::c_void) -> i32 {
                return bprm_committed_creds(::aya_ebpf::programs::LsmContext::new(ctx));

                fn bprm_committed_creds(ctx: &mut ::aya_ebpf::programs::LsmContext) -> i32 {
                    0
                }
            }
        };
        assert_eq!(expected.to_string(), expanded.to_string());
    }

    #[test]
    fn test_lsm() {
        let prog = Lsm::parse(
            parse_quote! {
                hook = "bprm_committed_creds"
            },
            parse_quote! {
                fn bprm_committed_creds(ctx: &mut ::aya_ebpf::programs::LsmContext) -> i32 {
                    0
                }
            },
        )
        .unwrap();
        let expanded = prog.expand().unwrap();
        let expected = quote! {
            #[no_mangle]
            #[link_section = "lsm/bprm_committed_creds"]
            fn bprm_committed_creds(ctx: *mut ::core::ffi::c_void) -> i32 {
                return bprm_committed_creds(::aya_ebpf::programs::LsmContext::new(ctx));

                fn bprm_committed_creds(ctx: &mut ::aya_ebpf::programs::LsmContext) -> i32 {
                    0
                }
            }
        };
        assert_eq!(expected.to_string(), expanded.to_string());
    }
}
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago			`use std::borrow::Cow;`

			`use proc_macro2::TokenStream;`
			`use quote::quote;`
			`use syn::{ItemFn, Result};`

aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago			`use crate::args::{err_on_unknown_args, pop_bool_arg, pop_string_arg};`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago
			`pub(crate) struct Lsm {`
			`item: ItemFn,`
aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago			`hook: Option<String>,`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago			`sleepable: bool,`
			`}`

			`impl Lsm {`
			`pub(crate) fn parse(attrs: TokenStream, item: TokenStream) -> Result<Lsm> {`
			`let item = syn::parse2(item)?;`
aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago			`let mut args = syn::parse2(attrs)?;`
			`let hook = pop_string_arg(&mut args, "hook");`
			`let sleepable = pop_bool_arg(&mut args, "sleepable");`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago			`err_on_unknown_args(&args)?;`
			`Ok(Lsm {`
			`item,`
			`hook,`
aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago			`sleepable,`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago			`})`
			`}`

			`pub(crate) fn expand(&self) -> Result<TokenStream> {`
			`let section_prefix = if self.sleepable { "lsm.s" } else { "lsm" };`
aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago			`let section_name: Cow<'_, _> = if let Some(hook) = &self.hook {`
			`format!("{}/{}", section_prefix, hook).into()`
			`} else {`
			`section_prefix.into()`
			`};`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago			`let fn_vis = &self.item.vis;`
			`let fn_name = self.item.sig.ident.clone();`
			`let item = &self.item;`
			`// LSM probes need to return an integer corresponding to the correct`
			`// policy decision. Therefore we do not simply default to a return value`
			`// of 0 as in other program types.`
			`Ok(quote! {`
			`#[no_mangle]`
			`#[link_section = #section_name]`
			`#fn_vis fn #fn_name(ctx: *mut ::core::ffi::c_void) -> i32 {`
chore(aya-ebpf): Rename bpf -> ebpf Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 8 months ago			`return #fn_name(::aya_ebpf::programs::LsmContext::new(ctx));`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago
			`#item`
			`}`
			`})`
			`}`
			`}`

			`#[cfg(test)]`
			`mod tests {`
			`use syn::parse_quote;`

rustfmt: group_imports = "StdExternalCrate" High time we stop debating this; let the robots do the work. 1 year ago			`use super::*;`

aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago			`#[test]`
			`fn test_lsm_sleepable() {`
			`let prog = Lsm::parse(`
			`parse_quote! {`
			`sleepable,`
			`hook = "bprm_committed_creds"`
			`},`
			`parse_quote! {`
chore(aya-ebpf): Rename bpf -> ebpf Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 8 months ago			`fn bprm_committed_creds(ctx: &mut ::aya_ebpf::programs::LsmContext) -> i32 {`
aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago			`0`
			`}`
			`},`
			`)`
			`.unwrap();`
			`let expanded = prog.expand().unwrap();`
			`let expected = quote! {`
			`#[no_mangle]`
			`#[link_section = "lsm.s/bprm_committed_creds"]`
			`fn bprm_committed_creds(ctx: *mut ::core::ffi::c_void) -> i32 {`
chore(aya-ebpf): Rename bpf -> ebpf Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 8 months ago			`return bprm_committed_creds(::aya_ebpf::programs::LsmContext::new(ctx));`
aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago
chore(aya-ebpf): Rename bpf -> ebpf Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 8 months ago			`fn bprm_committed_creds(ctx: &mut ::aya_ebpf::programs::LsmContext) -> i32 {`
aya-bpf-macros: Cleanup and remove required_args This commit cleans up the recently refactored aya-bpf-macros to be a little easier to maintain: Cosmetic changes: 1. The flow of the parse function is the same in each file 2. Useless if !attrs.is_empty() guards were removed 3. The compile error when cgroup_sock programs have an invalid attach_type was in the wrong location Functional changes: 1. Remove pop_required_arg. All args are optional and making them required was a mistake on my part. We may revisit this later. 2. Rename pop_arg to pop_string_arg 3. Implement pop_bool_arg to allow for single idents to be mixed with our key/value pair syntax in macro attributes. This is used for `sleepable` and `frags` in XDP programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago			`0`
			`}`
			`}`
			`};`
			`assert_eq!(expected.to_string(), expanded.to_string());`
			`}`

aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago			`#[test]`
			`fn test_lsm() {`
			`let prog = Lsm::parse(`
			`parse_quote! {`
			`hook = "bprm_committed_creds"`
			`},`
			`parse_quote! {`
chore(aya-ebpf): Rename bpf -> ebpf Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 8 months ago			`fn bprm_committed_creds(ctx: &mut ::aya_ebpf::programs::LsmContext) -> i32 {`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago			`0`
			`}`
			`},`
			`)`
			`.unwrap();`
			`let expanded = prog.expand().unwrap();`
			`let expected = quote! {`
			`#[no_mangle]`
			`#[link_section = "lsm/bprm_committed_creds"]`
			`fn bprm_committed_creds(ctx: *mut ::core::ffi::c_void) -> i32 {`
chore(aya-ebpf): Rename bpf -> ebpf Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 8 months ago			`return bprm_committed_creds(::aya_ebpf::programs::LsmContext::new(ctx));`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago
chore(aya-ebpf): Rename bpf -> ebpf Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 8 months ago			`fn bprm_committed_creds(ctx: &mut ::aya_ebpf::programs::LsmContext) -> i32 {`
aya-bpf-macros: Refactor for ease of testing The aya-bpf-macros needed refactoring for: 1. Ease of testing 2. To be consistent with when we use K/V args vs. idents 3. To deprecate the use of `name` to change the exported name of a function - we now use the symbol table. Signed-off-by: Dave Tucker <dave@dtucker.co.uk> 1 year ago			`0`
			`}`
			`}`
			`};`
			`assert_eq!(expected.to_string(), expanded.to_string());`
			`}`
			`}`