commit 571e958364d7ccb4e7d8209caa399665f0c2923e
author Luis Hector Chavez <lhchavez@google.com> Wed Dec 05 09:44:00 2018 -0800
committer Luis Hector Chavez <lhchavez@google.com> Fri Mar 22 10:52:10 2019 -0700
tree e0c6c8f588408b214d03459fdd9165b974cfe695
parent 5dfe91996b2bc77003dcf30364bd0a9b7849861c

tools/compile_seccomp_policy: Support arch metadata attributes

This change adds support for parsing arch metadata attributes and filtering
statements that don't match the requested architecture.

Bug: chromium:856315
Test: ./tools/parser_unittest.py

Change-Id: I01c38079124b8806bb033460fe395075fbb734e9

tools/parser_unittest.py

diff --git a/tools/parser_unittest.py b/tools/parser_unittest.py
index ba0fedd..570f8a2 100755
--- a/tools/parser_unittest.py
+++ b/tools/parser_unittest.py
@@ -399,6 +399,22 @@
                 parser.Filter([[parser.Atom(0, '==', 0)]], bpf.Allow()),
             ]))
 
+    def test_parse_metadata(self):
+        """Accept valid filter statements with metadata."""
+        self.assertEqual(
+            self.parser.parse_filter_statement(
+                self._tokenize('read[arch=test]: arg0 == 0')),
+            parser.ParsedFilterStatement((parser.Syscall('read', 0), ), [
+                parser.Filter([[parser.Atom(0, '==', 0)]], bpf.Allow()),
+            ]))
+        self.assertEqual(
+            self.parser.parse_filter_statement(
+                self._tokenize(
+                    '{read, nonexistent[arch=nonexistent]}: arg0 == 0')),
+            parser.ParsedFilterStatement((parser.Syscall('read', 0), ), [
+                parser.Filter([[parser.Atom(0, '==', 0)]], bpf.Allow()),
+            ]))
+
     def test_parse_unclosed_brace(self):
         """Reject unclosed brace."""
         with self.assertRaisesRegex(parser.ParseException, 'unclosed brace'):