├── .gitignore ├── CONTRIBUTING ├── LICENSE ├── Makefile ├── README.md ├── include └── kafel.h ├── samples ├── sample_and_cmp_var.policy ├── sample_and_eq_long.policy ├── sample_and_eq_long_set.policy ├── sample_and_eq_short_bottom.policy ├── sample_and_eq_short_bottom_set.policy ├── sample_and_eq_short_top.policy ├── sample_and_eq_short_top_set.policy ├── sample_and_eq_var_long.policy ├── sample_and_eq_var_long_set.policy ├── sample_and_eq_var_short_bottom.policy ├── sample_and_eq_var_short_top.policy ├── sample_basic.policy ├── sample_basic_many.policy ├── sample_composition.policy ├── sample_constants.policy ├── sample_custom_syscall.policy ├── sample_custom_syscall_const.policy ├── sample_empty.policy ├── sample_empty_not_kill.policy ├── sample_ftrace.policy ├── sample_kill_all.policy ├── sample_or_flags.policy └── sample_var_cmp.policy ├── src ├── Makefile ├── codegen.c ├── codegen.h ├── common.h ├── context.c ├── context.h ├── expression.c ├── expression.h ├── includes.c ├── includes.h ├── kafel.c ├── lexer.l ├── parser.y ├── parser_types.c ├── parser_types.h ├── policy.c ├── policy.h ├── range_rules.c ├── range_rules.h ├── syscall.c ├── syscall.h └── syscalls │ ├── aarch64_syscalls.c │ ├── amd64_syscalls.c │ ├── arm_syscalls.c │ ├── i386_syscalls.c │ ├── m68k_syscalls.c │ ├── mips64_syscalls.c │ ├── mipso32_syscalls.c │ └── riscv64_syscalls.c ├── test ├── .gitignore ├── Makefile ├── basic.c ├── broken.c ├── includes.c ├── runner │ ├── .gitignore │ ├── Makefile │ ├── harness.c │ ├── harness.h │ ├── interpreter.c │ ├── interpreter.h │ ├── runner.c │ └── runner.h └── testdata │ ├── basic.policy │ ├── chain.policy │ ├── chain_2.policy │ ├── chain_2_1.policy │ ├── chain_3.policy │ ├── empty.policy │ ├── includes_short_loop.policy │ ├── self_recursive.policy │ ├── short_loop.policy │ └── short_loop_b.policy └── tools ├── Makefile ├── dump_policy_bpf ├── .gitignore ├── Makefile ├── disasm.c ├── disasm.h ├── main.c ├── print.c └── print.h └── gen_syscalls ├── extract.py ├── gen_syscalls.sh └── missing ├── amd64.c └── arm.c /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/.gitignore -------------------------------------------------------------------------------- /CONTRIBUTING: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/CONTRIBUTING -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/README.md -------------------------------------------------------------------------------- /include/kafel.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/include/kafel.h -------------------------------------------------------------------------------- /samples/sample_and_cmp_var.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_and_cmp_var.policy -------------------------------------------------------------------------------- /samples/sample_and_eq_long.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_and_eq_long.policy -------------------------------------------------------------------------------- /samples/sample_and_eq_long_set.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_and_eq_long_set.policy -------------------------------------------------------------------------------- /samples/sample_and_eq_short_bottom.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_and_eq_short_bottom.policy -------------------------------------------------------------------------------- /samples/sample_and_eq_short_bottom_set.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_and_eq_short_bottom_set.policy -------------------------------------------------------------------------------- /samples/sample_and_eq_short_top.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_and_eq_short_top.policy -------------------------------------------------------------------------------- /samples/sample_and_eq_short_top_set.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_and_eq_short_top_set.policy -------------------------------------------------------------------------------- /samples/sample_and_eq_var_long.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_and_eq_var_long.policy -------------------------------------------------------------------------------- /samples/sample_and_eq_var_long_set.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_and_eq_var_long_set.policy -------------------------------------------------------------------------------- /samples/sample_and_eq_var_short_bottom.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_and_eq_var_short_bottom.policy -------------------------------------------------------------------------------- /samples/sample_and_eq_var_short_top.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_and_eq_var_short_top.policy -------------------------------------------------------------------------------- /samples/sample_basic.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_basic.policy -------------------------------------------------------------------------------- /samples/sample_basic_many.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_basic_many.policy -------------------------------------------------------------------------------- /samples/sample_composition.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_composition.policy -------------------------------------------------------------------------------- /samples/sample_constants.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_constants.policy -------------------------------------------------------------------------------- /samples/sample_custom_syscall.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_custom_syscall.policy -------------------------------------------------------------------------------- /samples/sample_custom_syscall_const.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_custom_syscall_const.policy -------------------------------------------------------------------------------- /samples/sample_empty.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_empty.policy -------------------------------------------------------------------------------- /samples/sample_empty_not_kill.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_empty_not_kill.policy -------------------------------------------------------------------------------- /samples/sample_ftrace.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_ftrace.policy -------------------------------------------------------------------------------- /samples/sample_kill_all.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_kill_all.policy -------------------------------------------------------------------------------- /samples/sample_or_flags.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_or_flags.policy -------------------------------------------------------------------------------- /samples/sample_var_cmp.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/samples/sample_var_cmp.policy -------------------------------------------------------------------------------- /src/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/Makefile -------------------------------------------------------------------------------- /src/codegen.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/codegen.c -------------------------------------------------------------------------------- /src/codegen.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/codegen.h -------------------------------------------------------------------------------- /src/common.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/common.h -------------------------------------------------------------------------------- /src/context.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/context.c -------------------------------------------------------------------------------- /src/context.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/context.h -------------------------------------------------------------------------------- /src/expression.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/expression.c -------------------------------------------------------------------------------- /src/expression.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/expression.h -------------------------------------------------------------------------------- /src/includes.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/includes.c -------------------------------------------------------------------------------- /src/includes.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/includes.h -------------------------------------------------------------------------------- /src/kafel.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/kafel.c -------------------------------------------------------------------------------- /src/lexer.l: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/lexer.l -------------------------------------------------------------------------------- /src/parser.y: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/parser.y -------------------------------------------------------------------------------- /src/parser_types.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/parser_types.c -------------------------------------------------------------------------------- /src/parser_types.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/parser_types.h -------------------------------------------------------------------------------- /src/policy.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/policy.c -------------------------------------------------------------------------------- /src/policy.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/policy.h -------------------------------------------------------------------------------- /src/range_rules.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/range_rules.c -------------------------------------------------------------------------------- /src/range_rules.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/range_rules.h -------------------------------------------------------------------------------- /src/syscall.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/syscall.c -------------------------------------------------------------------------------- /src/syscall.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/syscall.h -------------------------------------------------------------------------------- /src/syscalls/aarch64_syscalls.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/syscalls/aarch64_syscalls.c -------------------------------------------------------------------------------- /src/syscalls/amd64_syscalls.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/syscalls/amd64_syscalls.c -------------------------------------------------------------------------------- /src/syscalls/arm_syscalls.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/syscalls/arm_syscalls.c -------------------------------------------------------------------------------- /src/syscalls/i386_syscalls.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/syscalls/i386_syscalls.c -------------------------------------------------------------------------------- /src/syscalls/m68k_syscalls.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/syscalls/m68k_syscalls.c -------------------------------------------------------------------------------- /src/syscalls/mips64_syscalls.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/syscalls/mips64_syscalls.c -------------------------------------------------------------------------------- /src/syscalls/mipso32_syscalls.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/syscalls/mipso32_syscalls.c -------------------------------------------------------------------------------- /src/syscalls/riscv64_syscalls.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/src/syscalls/riscv64_syscalls.c -------------------------------------------------------------------------------- /test/.gitignore: -------------------------------------------------------------------------------- 1 | /tests 2 | -------------------------------------------------------------------------------- /test/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/test/Makefile -------------------------------------------------------------------------------- /test/basic.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/test/basic.c -------------------------------------------------------------------------------- /test/broken.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/test/broken.c -------------------------------------------------------------------------------- /test/includes.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/test/includes.c -------------------------------------------------------------------------------- /test/runner/.gitignore: -------------------------------------------------------------------------------- 1 | /librunner.a 2 | -------------------------------------------------------------------------------- /test/runner/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/test/runner/Makefile -------------------------------------------------------------------------------- /test/runner/harness.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/test/runner/harness.c -------------------------------------------------------------------------------- /test/runner/harness.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/test/runner/harness.h -------------------------------------------------------------------------------- /test/runner/interpreter.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/test/runner/interpreter.c -------------------------------------------------------------------------------- /test/runner/interpreter.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/test/runner/interpreter.h -------------------------------------------------------------------------------- /test/runner/runner.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/test/runner/runner.c -------------------------------------------------------------------------------- /test/runner/runner.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/test/runner/runner.h -------------------------------------------------------------------------------- /test/testdata/basic.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/test/testdata/basic.policy -------------------------------------------------------------------------------- /test/testdata/chain.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/test/testdata/chain.policy -------------------------------------------------------------------------------- /test/testdata/chain_2.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/test/testdata/chain_2.policy -------------------------------------------------------------------------------- /test/testdata/chain_2_1.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/test/testdata/chain_2_1.policy -------------------------------------------------------------------------------- /test/testdata/chain_3.policy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/test/testdata/chain_3.policy -------------------------------------------------------------------------------- /test/testdata/empty.policy: -------------------------------------------------------------------------------- 1 | POLICY empty {} 2 | -------------------------------------------------------------------------------- /test/testdata/includes_short_loop.policy: -------------------------------------------------------------------------------- 1 | #include "short_loop.policy" 2 | -------------------------------------------------------------------------------- /test/testdata/self_recursive.policy: -------------------------------------------------------------------------------- 1 | #include "self_recursive.policy"; 2 | -------------------------------------------------------------------------------- /test/testdata/short_loop.policy: -------------------------------------------------------------------------------- 1 | #include "short_loop_b.policy" 2 | -------------------------------------------------------------------------------- /test/testdata/short_loop_b.policy: -------------------------------------------------------------------------------- 1 | #include "short_loop.policy" 2 | -------------------------------------------------------------------------------- /tools/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/tools/Makefile -------------------------------------------------------------------------------- /tools/dump_policy_bpf/.gitignore: -------------------------------------------------------------------------------- 1 | /dump_policy_bpf 2 | -------------------------------------------------------------------------------- /tools/dump_policy_bpf/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/tools/dump_policy_bpf/Makefile -------------------------------------------------------------------------------- /tools/dump_policy_bpf/disasm.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/tools/dump_policy_bpf/disasm.c -------------------------------------------------------------------------------- /tools/dump_policy_bpf/disasm.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/tools/dump_policy_bpf/disasm.h -------------------------------------------------------------------------------- /tools/dump_policy_bpf/main.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/tools/dump_policy_bpf/main.c -------------------------------------------------------------------------------- /tools/dump_policy_bpf/print.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/tools/dump_policy_bpf/print.c -------------------------------------------------------------------------------- /tools/dump_policy_bpf/print.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/tools/dump_policy_bpf/print.h -------------------------------------------------------------------------------- /tools/gen_syscalls/extract.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/tools/gen_syscalls/extract.py -------------------------------------------------------------------------------- /tools/gen_syscalls/gen_syscalls.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/tools/gen_syscalls/gen_syscalls.sh -------------------------------------------------------------------------------- /tools/gen_syscalls/missing/amd64.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/tools/gen_syscalls/missing/amd64.c -------------------------------------------------------------------------------- /tools/gen_syscalls/missing/arm.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/kafel/HEAD/tools/gen_syscalls/missing/arm.c --------------------------------------------------------------------------------