commit 0516e18c94ea93f56f5e8822760fac7088ef3e4a
author Luis Hector Chavez <lhchavez@google.com> Tue Dec 04 20:36:00 2018 -0800
committer Luis Hector Chavez <lhchavez@google.com> Fri Mar 22 10:52:10 2019 -0700
tree b9e50e5db0801375f0eb3132b054b3a7db24b01e
parent beadf619c62fc49dde454940618473ecc759ac3b

tools/compile_seccomp_policy: Add support for parsing filter expressions

This change adds support for parsing filter expressions

Bug: chromium:856315
Test: ./tools/parser_unittest.py

Change-Id: I88d03a0f8e86e4b889bb9bf0ddd794ee6746f42e

tools/parser_unittest.py

diff --git a/tools/parser_unittest.py b/tools/parser_unittest.py
index d40ab42..381c59c 100755
--- a/tools/parser_unittest.py
+++ b/tools/parser_unittest.py
@@ -233,5 +233,55 @@
             self.parser.parse_value(self._tokenize('0|'))
 
 
+class ParseFilterExpressionTests(unittest.TestCase):
+    """Tests for PolicyParser.parse_filter_expression."""
+
+    def setUp(self):
+        self.arch = ARCH_64
+        self.parser = parser.PolicyParser(self.arch)
+
+    def _tokenize(self, line):
+        # pylint: disable=protected-access
+        self.parser._parser_state.set_line(line)
+        return self.parser._parser_state.tokenize()
+
+    def test_parse_filter_expression(self):
+        """Accept valid filter expressions."""
+        self.assertEqual(
+            self.parser.parse_filter_expression(
+                self._tokenize(
+                    'arg0 in 0xffff || arg0 == PROT_EXEC && arg1 == PROT_WRITE'
+                )), [
+                    [parser.Atom(0, 'in', 0xffff)],
+                    [parser.Atom(0, '==', 4),
+                     parser.Atom(1, '==', 2)],
+                ])
+
+    def test_parse_empty_filter_expression(self):
+        """Reject empty filter expressions."""
+        with self.assertRaisesRegex(parser.ParseException,
+                                    'empty filter expression'):
+            self.parser.parse_filter_expression(
+                self._tokenize('arg0 in 0xffff ||'))
+
+    def test_parse_empty_clause(self):
+        """Reject empty clause."""
+        with self.assertRaisesRegex(parser.ParseException, 'empty clause'):
+            self.parser.parse_filter_expression(
+                self._tokenize('arg0 in 0xffff &&'))
+
+    def test_parse_invalid_argument(self):
+        """Reject invalid argument."""
+        with self.assertRaisesRegex(parser.ParseException, 'invalid argument'):
+            self.parser.parse_filter_expression(
+                self._tokenize('argX in 0xffff'))
+
+    def test_parse_invalid_operator(self):
+        """Reject invalid operator."""
+        with self.assertRaisesRegex(parser.ParseException, 'invalid operator'):
+            self.parser.parse_filter_expression(
+                self._tokenize('arg0 = 0xffff'))
+
+
 if __name__ == '__main__':
     unittest.main()