Commits

Jure Žbontar  committed ae86818

first working prototype

  • Participants
  • Parent commits b0eb5a8

Comments (0)

Files changed (4)

+__pycache__/
+.*\.swp
+#! /usr/bin/env python
+
+from ctypes import *
+
+PTRACE_TRACEME = 0
+PTRACE_PEEKDATA = 2
+PTRACE_PEEKUSER = 3
+PTRACE_POKEUSER = 6
+PTRACE_KILL = 8
+PTRACE_GETREGS = 12
+PTRACE_SETREGS = 13
+PTRACE_SYSCALL = 24
+PTRACE_SETOPTIONS = 0x4200
+
+PTRACE_O_TRACESYSGOOD = 1
+
+SYS_WRITE = 1
+SYS_OPEN = 2
+
+syscall_list = [
+    'read',
+    'write',
+    'open',
+    'close',
+    'stat',
+    'fstat',
+    'lstat',
+    'poll',
+    'lseek',
+    'mmap',
+    'mprotect',
+    'munmap',
+    'brk',
+    'rt_sigaction',
+    'rt_sigprocmask',
+    'rt_sigreturn',
+    'ioctl',
+    'pread64',
+    'pwrite64',
+    'readv',
+    'writev',
+    'access',
+    'pipe',
+    'select',
+    'sched_yield',
+    'mremap',
+    'msync',
+    'mincore',
+    'madvise',
+    'shmget',
+    'shmat',
+    'shmctl',
+    'dup',
+    'dup2',
+    'pause',
+    'nanosleep',
+    'getitimer',
+    'alarm',
+    'setitimer',
+    'getpid',
+    'sendfile',
+    'socket',
+    'connect',
+    'accept',
+    'sendto',
+    'recvfrom',
+    'sendmsg',
+    'recvmsg',
+    'shutdown',
+    'bind',
+    'listen',
+    'getsockname',
+    'getpeername',
+    'socketpair',
+    'setsockopt',
+    'getsockopt',
+    'clone',
+    'fork',
+    'vfork',
+    'execve',
+    'exit',
+    'wait4',
+    'kill',
+    'uname',
+    'semget',
+    'semop',
+    'semctl',
+    'shmdt',
+    'msgget',
+    'msgsnd',
+    'msgrcv',
+    'msgctl',
+    'fcntl',
+    'flock',
+    'fsync',
+    'fdatasync',
+    'truncate',
+    'ftruncate',
+    'getdents',
+    'getcwd',
+    'chdir',
+    'fchdir',
+    'rename',
+    'mkdir',
+    'rmdir',
+    'creat',
+    'link',
+    'unlink',
+    'symlink',
+    'readlink',
+    'chmod',
+    'fchmod',
+    'chown',
+    'fchown',
+    'lchown',
+    'umask',
+    'gettimeofday',
+    'getrlimit',
+    'getrusage',
+    'sysinfo',
+    'times',
+    'ptrace',
+    'getuid',
+    'syslog',
+    'getgid',
+    'setuid',
+    'setgid',
+    'geteuid',
+    'getegid',
+    'setpgid',
+    'getppid',
+    'getpgrp',
+    'setsid',
+    'setreuid',
+    'setregid',
+    'getgroups',
+    'setgroups',
+    'setresuid',
+    'getresuid',
+    'setresgid',
+    'getresgid',
+    'getpgid',
+    'setfsuid',
+    'setfsgid',
+    'getsid',
+    'capget',
+    'capset',
+    'rt_sigpending',
+    'rt_sigtimedwait',
+    'rt_sigqueueinfo',
+    'rt_sigsuspend',
+    'sigaltstack',
+    'utime',
+    'mknod',
+    'uselib',
+    'personality',
+    'ustat',
+    'statfs',
+    'fstatfs',
+    'sysfs',
+    'getpriority',
+    'setpriority',
+    'sched_setparam',
+    'sched_getparam',
+    'sched_setscheduler',
+    'sched_getscheduler',
+    'sched_get_priority_max',
+    'sched_get_priority_min',
+    'sched_rr_get_interval',
+    'mlock',
+    'munlock',
+    'mlockall',
+    'munlockall',
+    'vhangup',
+    'modify_ldt',
+    'pivot_root',
+    '_sysctl',
+    'prctl',
+    'arch_prctl',
+    'adjtimex',
+    'setrlimit',
+    'chroot',
+    'sync',
+    'acct',
+    'settimeofday',
+    'mount',
+    'umount2',
+    'swapon',
+    'swapoff',
+    'reboot',
+    'sethostname',
+    'setdomainname',
+    'iopl',
+    'ioperm',
+    'create_module',
+    'init_module',
+    'delete_module',
+    'get_kernel_syms',
+    'query_module',
+    'quotactl',
+    'nfsservctl',
+    'getpmsg',
+    'putpmsg',
+    'afs_syscall',
+    'tuxcall',
+    'security',
+    'gettid',
+    'readahead',
+    'setxattr',
+    'lsetxattr',
+    'fsetxattr',
+    'getxattr',
+    'lgetxattr',
+    'fgetxattr',
+    'listxattr',
+    'llistxattr',
+    'flistxattr',
+    'removexattr',
+    'lremovexattr',
+    'fremovexattr',
+    'tkill',
+    'time',
+    'futex',
+    'sched_setaffinity',
+    'sched_getaffinity',
+    'set_thread_area',
+    'io_setup',
+    'io_destroy',
+    'io_getevents',
+    'io_submit',
+    'io_cancel',
+    'get_thread_area',
+    'lookup_dcookie',
+    'epoll_create',
+    'epoll_ctl_old',
+    'epoll_wait_old',
+    'remap_file_pages',
+    'getdents64',
+    'set_tid_address',
+    'restart_syscall',
+    'semtimedop',
+    'fadvise64',
+    'timer_create',
+    'timer_settime',
+    'timer_gettime',
+    'timer_getoverrun',
+    'timer_delete',
+    'clock_settime',
+    'clock_gettime',
+    'clock_getres',
+    'clock_nanosleep',
+    'exit_group',
+    'epoll_wait',
+    'epoll_ctl',
+    'tgkill',
+    'utimes',
+    'vserver',
+    'mbind',
+    'set_mempolicy',
+    'get_mempolicy',
+    'mq_open',
+    'mq_unlink',
+    'mq_timedsend',
+    'mq_timedreceive',
+    'mq_notify',
+    'mq_getsetattr',
+    'kexec_load',
+    'waitid',
+    'add_key',
+    'request_key',
+    'keyctl',
+    'ioprio_set',
+    'ioprio_get',
+    'inotify_init',
+    'inotify_add_watch',
+    'inotify_rm_watch',
+    'migrate_pages',
+    'openat',
+    'mkdirat',
+    'mknodat',
+    'fchownat',
+    'futimesat',
+    'newfstatat',
+    'unlinkat',
+    'renameat',
+    'linkat',
+    'symlinkat',
+    'readlinkat',
+    'fchmodat',
+    'faccessat',
+    'pselect6',
+    'ppoll',
+    'unshare',
+    'set_robust_list',
+    'get_robust_list',
+    'splice',
+    'tee',
+    'sync_file_range',
+    'vmsplice',
+    'move_pages',
+    'utimensat',
+    'epoll_pwait',
+    'signalfd',
+    'timerfd_create',
+    'eventfd',
+    'fallocate',
+    'timerfd_settime',
+    'timerfd_gettime',
+    'accept4',
+    'signalfd4',
+    'eventfd2',
+    'epoll_create1',
+    'dup3',
+    'pipe2',
+    'inotify_init1',
+    'preadv',
+    'pwritev',
+    'rt_tgsigqueueinfo',
+    'perf_event_open',
+    'recvmmsg',
+    'fanotify_init',
+    'fanotify_mark',
+    'prlimit64',
+    'name_to_handle_at',
+    'open_by_handle_at',
+    'clock_adjtime',
+    'syncfs',
+    'sendmmsg',
+    'setns',
+]
+
+
+class user_regs_struct(Structure):
+    _fields_ = [
+        ('r15', c_ulong),
+        ('r14', c_ulong),
+        ('r13', c_ulong),
+        ('r12', c_ulong),
+        ('rbp', c_ulong),
+        ('rbx', c_ulong),
+        ('r11', c_ulong),
+        ('r10', c_ulong),
+        ('r9', c_ulong),
+        ('r8', c_ulong),
+        ('rax', c_ulong),
+        ('rcx', c_ulong),
+        ('rdx', c_ulong),
+        ('rsi', c_ulong),
+        ('rdi', c_ulong),
+        ('orig_rax', c_ulong),
+        ('rip', c_ulong),
+        ('cs', c_ulong),
+        ('eflags', c_ulong),
+        ('rsp', c_ulong),
+        ('ss', c_ulong),
+        ('fs_base', c_ulong),
+        ('gs_base', c_ulong),
+        ('ds', c_ulong),
+        ('es', c_ulong),
+        ('fs', c_ulong),
+        ('gs', c_ulong)
+    ]
 import sys
 import signal
 import struct
+import errno
+import re
 
-PTRACE_TRACEME = 0
-PTRACE_PEEKDATA = 2
-PTRACE_PEEKUSER = 3
-PTRACE_GETREGS = 12
-PTRACE_SYSCALL = 24
+from extern import *
 
-SYS_WRITE = 1
+ptrace = CDLL('libc.so.6').ptrace
+ptrace.restype = c_long
 
-SYSCALL_NAME = {
-    0: "read",
-    1: "write",
-    2: "open",
-    3: "close",
-    4: "stat",
-    5: "fstat",
-    6: "lstat",
-    7: "poll",
-    8: "lseek",
-    9: "mmap",
-    10: "mprotect",
-    11: "munmap",
-    12: "brk",
-    13: "rt_sigaction",
-    14: "rt_sigprocmask",
-    15: "rt_sigreturn",
-    16: "ioctl",
-    17: "pread64",
-    18: "pwrite64",
-    19: "readv",
-    20: "writev",
-    21: "access",
-    22: "pipe",
-    23: "select",
-    24: "sched_yield",
-    25: "mremap",
-    26: "msync",
-    27: "mincore",
-    28: "madvise",
-    29: "shmget",
-    30: "shmat",
-    31: "shmctl",
-    32: "dup",
-    33: "dup2",
-    34: "pause",
-    35: "nanosleep",
-    36: "getitimer",
-    37: "alarm",
-    38: "setitimer",
-    39: "getpid",
-    40: "sendfile",
-    41: "socket",
-    42: "connect",
-    43: "accept",
-    44: "sendto",
-    45: "recvfrom",
-    46: "sendmsg",
-    47: "recvmsg",
-    48: "shutdown",
-    49: "bind",
-    50: "listen",
-    51: "getsockname",
-    52: "getpeername",
-    53: "socketpair",
-    54: "setsockopt",
-    55: "getsockopt",
-    56: "clone",
-    57: "fork",
-    58: "vfork",
-    59: "execve",
-    60: "exit",
-    61: "wait4",
-    62: "kill",
-    63: "uname",
-    64: "semget",
-    65: "semop",
-    66: "semctl",
-    67: "shmdt",
-    68: "msgget",
-    69: "msgsnd",
-    70: "msgrcv",
-    71: "msgctl",
-    72: "fcntl",
-    73: "flock",
-    74: "fsync",
-    75: "fdatasync",
-    76: "truncate",
-    77: "ftruncate",
-    78: "getdents",
-    79: "getcwd",
-    80: "chdir",
-    81: "fchdir",
-    82: "rename",
-    83: "mkdir",
-    84: "rmdir",
-    85: "creat",
-    86: "link",
-    87: "unlink",
-    88: "symlink",
-    89: "readlink",
-    90: "chmod",
-    91: "fchmod",
-    92: "chown",
-    93: "fchown",
-    94: "lchown",
-    95: "umask",
-    96: "gettimeofday",
-    97: "getrlimit",
-    98: "getrusage",
-    99: "sysinfo",
-    100: "times",
-    101: "ptrace",
-    102: "getuid",
-    103: "syslog",
-    104: "getgid",
-    105: "setuid",
-    106: "setgid",
-    107: "geteuid",
-    108: "getegid",
-    109: "setpgid",
-    110: "getppid",
-    111: "getpgrp",
-    112: "setsid",
-    113: "setreuid",
-    114: "setregid",
-    115: "getgroups",
-    116: "setgroups",
-    117: "setresuid",
-    118: "getresuid",
-    119: "setresgid",
-    120: "getresgid",
-    121: "getpgid",
-    122: "setfsuid",
-    123: "setfsgid",
-    124: "getsid",
-    125: "capget",
-    126: "capset",
-    127: "rt_sigpending",
-    128: "rt_sigtimedwait",
-    129: "rt_sigqueueinfo",
-    130: "rt_sigsuspend",
-    131: "sigaltstack",
-    132: "utime",
-    133: "mknod",
-    134: "uselib",
-    135: "personality",
-    136: "ustat",
-    137: "statfs",
-    138: "fstatfs",
-    139: "sysfs",
-    140: "getpriority",
-    141: "setpriority",
-    142: "sched_setparam",
-    143: "sched_getparam",
-    144: "sched_setscheduler",
-    145: "sched_getscheduler",
-    146: "sched_get_priority_max",
-    147: "sched_get_priority_min",
-    148: "sched_rr_get_interval",
-    149: "mlock",
-    150: "munlock",
-    151: "mlockall",
-    152: "munlockall",
-    153: "vhangup",
-    154: "modify_ldt",
-    155: "pivot_root",
-    156: "_sysctl",
-    157: "prctl",
-    158: "arch_prctl",
-    159: "adjtimex",
-    160: "setrlimit",
-    161: "chroot",
-    162: "sync",
-    163: "acct",
-    164: "settimeofday",
-    165: "mount",
-    166: "umount2",
-    167: "swapon",
-    168: "swapoff",
-    169: "reboot",
-    170: "sethostname",
-    171: "setdomainname",
-    172: "iopl",
-    173: "ioperm",
-    174: "create_module",
-    175: "init_module",
-    176: "delete_module",
-    177: "get_kernel_syms",
-    178: "query_module",
-    179: "quotactl",
-    180: "nfsservctl",
-    181: "getpmsg",
-    182: "putpmsg",
-    183: "afs_syscall",
-    184: "tuxcall",
-    185: "security",
-    186: "gettid",
-    187: "readahead",
-    188: "setxattr",
-    189: "lsetxattr",
-    190: "fsetxattr",
-    191: "getxattr",
-    192: "lgetxattr",
-    193: "fgetxattr",
-    194: "listxattr",
-    195: "llistxattr",
-    196: "flistxattr",
-    197: "removexattr",
-    198: "lremovexattr",
-    199: "fremovexattr",
-    200: "tkill",
-    201: "time",
-    202: "futex",
-    203: "sched_setaffinity",
-    204: "sched_getaffinity",
-    205: "set_thread_area",
-    206: "io_setup",
-    207: "io_destroy",
-    208: "io_getevents",
-    209: "io_submit",
-    210: "io_cancel",
-    211: "get_thread_area",
-    212: "lookup_dcookie",
-    213: "epoll_create",
-    214: "epoll_ctl_old",
-    215: "epoll_wait_old",
-    216: "remap_file_pages",
-    217: "getdents64",
-    218: "set_tid_address",
-    219: "restart_syscall",
-    220: "semtimedop",
-    221: "fadvise64",
-    222: "timer_create",
-    223: "timer_settime",
-    224: "timer_gettime",
-    225: "timer_getoverrun",
-    226: "timer_delete",
-    227: "clock_settime",
-    228: "clock_gettime",
-    229: "clock_getres",
-    230: "clock_nanosleep",
-    231: "exit_group",
-    232: "epoll_wait",
-    233: "epoll_ctl",
-    234: "tgkill",
-    235: "utimes",
-    236: "vserver",
-    237: "mbind",
-    238: "set_mempolicy",
-    239: "get_mempolicy",
-    240: "mq_open",
-    241: "mq_unlink",
-    242: "mq_timedsend",
-    243: "mq_timedreceive",
-    244: "mq_notify",
-    245: "mq_getsetattr",
-    246: "kexec_load",
-    247: "waitid",
-    248: "add_key",
-    249: "request_key",
-    250: "keyctl",
-    251: "ioprio_set",
-    252: "ioprio_get",
-    253: "inotify_init",
-    254: "inotify_add_watch",
-    255: "inotify_rm_watch",
-    256: "migrate_pages",
-    257: "openat",
-    258: "mkdirat",
-    259: "mknodat",
-    260: "fchownat",
-    261: "futimesat",
-    262: "newfstatat",
-    263: "unlinkat",
-    264: "renameat",
-    265: "linkat",
-    266: "symlinkat",
-    267: "readlinkat",
-    268: "fchmodat",
-    269: "faccessat",
-    270: "pselect6",
-    271: "ppoll",
-    272: "unshare",
-    273: "set_robust_list",
-    274: "get_robust_list",
-    275: "splice",
-    276: "tee",
-    277: "sync_file_range",
-    278: "vmsplice",
-    279: "move_pages",
-    280: "utimensat",
-    281: "epoll_pwait",
-    282: "signalfd",
-    283: "timerfd_create",
-    284: "eventfd",
-    285: "fallocate",
-    286: "timerfd_settime",
-    287: "timerfd_gettime",
-    288: "accept4",
-    289: "signalfd4",
-    290: "eventfd2",
-    291: "epoll_create1",
-    292: "dup3",
-    293: "pipe2",
-    294: "inotify_init1",
-    295: "preadv",
-    296: "pwritev",
-    297: "rt_tgsigqueueinfo",
-    298: "perf_event_open",
-    299: "recvmmsg",
-    300: "fanotify_init",
-    301: "fanotify_mark",
-    302: "prlimit64",
-    303: "name_to_handle_at",
-    304: "open_by_handle_at",
-    305: "clock_adjtime",
-    306: "syncfs",
-    307: "sendmmsg",
-    308: "setns",
+
+def run(prog, argv, policy):
+    in_syscall = False
+    child = os.fork()
+    if not child:
+        ptrace(PTRACE_TRACEME, 0, None, None)
+        os.execvpe(prog, argv, {})
+    else:
+        child, status = os.wait()
+        assert os.WIFSTOPPED(status) and os.WSTOPSIG(status) == signal.SIGTRAP
+        ptrace(PTRACE_SETOPTIONS, child, None, PTRACE_O_TRACESYSGOOD)
+        ptrace(PTRACE_SYSCALL, child, None, None)
+        while True:
+            child, status = os.wait()
+            if os.WIFEXITED(status):
+                break
+            if os.WIFSTOPPED(status) and os.WSTOPSIG(status) == signal.SIGTRAP | 0x80:
+                reg = user_regs_struct()
+                ptrace(PTRACE_GETREGS, child, None, byref(reg))
+                if not in_syscall:
+                    p = policy(child, reg)
+                    if p is False or p is None:
+                        p = errno.ENOSYS
+                    if p is not True:
+                        orig_rax, errorcode = reg.orig_rax, p
+                        reg.orig_rax = 0xbadca11
+                        ptrace(PTRACE_SETREGS, child, None, byref(reg))
+                elif reg.orig_rax == 0xbadca11:
+                    reg.orig_rax, reg.rax = orig_rax, -errorcode
+                    ptrace(PTRACE_SETREGS, child, None, byref(reg))
+                in_syscall = not in_syscall
+            ptrace(PTRACE_SYSCALL, child, None, None)
+
+
+def read_cstr(pid, addr):
+    xs = []
+    offset = 0
+    while True:
+        i = ptrace(PTRACE_PEEKDATA, pid, c_ulong(addr + offset), None)
+        xs.append(struct.pack('q', i))
+        nb = xs[-1].find(b'\x00')
+        if nb != -1:
+            return b''.join(xs)[:offset + nb].decode()
+        offset += 8
+
+
+def parse(pid, reg):
+    name = syscall_list[reg.orig_rax]
+    args = []
+    for f, v in zip(fmt_dict.get(name, ''), (reg.rdi, reg.rsi, reg.rdx)):
+        if f == 'S':
+            args.append(read_cstr(pid, v))
+        else:
+            args.append(v)
+    return name, args
+
+
+paths = [
+    '.',
+
+    '/etc/ld.so.preload',
+    '/etc/ld.so.cache',
+    '/etc/nsswitch.conf',
+    '/etc/localtime',
+
+    '/lib/libpthread.so.0',
+    '/lib/libc.so.6',
+    '/lib/libdl.so.2',
+    '/lib/libutil.so.1',
+    '/lib/libm.so.6',
+    '/lib/libnss_files.so.2',
+
+    '/usr',
+    '/usr/lib',
+    '/usr/lib/libpython3.2mu.so.1.0',
+    '/usr/lib/libcrypto.so.1.0.0',
+    '/usr/lib/libz.so.1',
+    '/usr/lib/python32.zip',
+    '/usr/lib/site-python',
+
+    '/usr/include/python3.2mu/pyconfig.h',
+
+    '/usr/lib/python3.2.*',
+
+    '/dev/urandom',
+
+    '/proc/meminfo',
+
+    'Modules/Setup',
+    'pybuilddir.txt',
+
+    'foo.py',
+#    '/home.*',
+]
+path_re = re.compile('|'.join('^' + path + '$' for path in paths))
+
+nice_syscalls = {
+    'arch_prctl',
+    'brk',
+    'close',
+    'exit_group',
+    'fstat',
+    'futex',
+    'getcwd',
+    'getdents',
+    'getegid',
+    'geteuid',
+    'getgid',
+    'getrlimit',
+    'getuid',
+    'ioctl',
+    'lseek',
+    'mmap',
+    'mprotect',
+    'munmap',
+    'read',
+    'readlink',
+    'rt_sigaction',
+    'rt_sigprocmask',
+    'set_robust_list',
+    'set_tid_address',
+    'write',
+    'dup',
+    'fcntl',
 }
 
-class user_regs_struct(Structure):
-    _fields_ = [
-        ('r15', c_ulong),
-        ('r14', c_ulong),
-        ('r13', c_ulong),
-        ('r12', c_ulong),
-        ('rbp', c_ulong),
-        ('rbx', c_ulong),
-        ('r11', c_ulong),
-        ('r10', c_ulong),
-        ('r9', c_ulong),
-        ('r8', c_ulong),
-        ('rax', c_ulong),
-        ('rcx', c_ulong),
-        ('rdx', c_ulong),
-        ('rsi', c_ulong),
-        ('rdi', c_ulong),
-        ('orig_rax', c_ulong),
-        ('rip', c_ulong),
-        ('cs', c_ulong),
-        ('eflags', c_ulong),
-        ('rsp', c_ulong),
-        ('ss', c_ulong),
-        ('fs_base', c_ulong),
-        ('gs_base', c_ulong),
-        ('ds', c_ulong),
-        ('es', c_ulong),
-        ('fs', c_ulong),
-        ('gs', c_ulong)
-    ]
+def policy(pid, reg):
+    name, args = parse(pid, reg)
+    if name in nice_syscalls:
+        return True
 
+    if name in ('access', 'lstat', 'stat', 'open'):
+        if name == 'open': 
+            if args in (['/etc/passwd', 524288], ['/usr/lib/python3.2/site-packages', 591872]):
+                return True
+            if args[1] != os.O_RDONLY:
+                #print('OPEN: {}'.format(args), file=sys.stderr)
+                return errno.EACCES
 
-def read(pid, addr, n):
-    xs = []
-    for i in range(0, n, 8):
-        i = ptrace(PTRACE_PEEKDATA, pid, c_ulong(addr + i), None)
-        xs.append(struct.pack('Q', i))
-    return b''.join(xs)[:n]
-    
-ptrace = CDLL('libc.so.6').ptrace
-ptrace.restype = c_long
-insyscall = True
+        if re.search(path_re, args[0]):
+            return True
+        else:
+            #print('PATH: {}'.format(args[0]), file=sys.stderr)
+            return errno.ENOENT
 
-if not os.fork():
-    ptrace(PTRACE_TRACEME, 0, None, None)
-    os.execvpe(sys.argv[1], sys.argv[1:], {})
-else:
-    while True:
-        pid, status = os.wait()
-        if os.WIFEXITED(status):
-            break
-        if os.WIFSTOPPED(status) and os.WSTOPSIG(status) == signal.SIGTRAP:
-            if not insyscall:
-                reg = user_regs_struct()
-                ptrace(PTRACE_GETREGS, pid, None, byref(reg))
-                if reg.orig_rax == SYS_WRITE:
-                    print(read(pid, reg.rsi, reg.rdx))
-            insyscall = not insyscall
-            ptrace(PTRACE_SYSCALL, pid, None, None)
+    if name == 'socket' and args == [1, 526337, 0]:
+        return True
+
+    if name == 'connect' and args == [4]:
+        return True
+
+    #print('Bye Bye', name, args)
+
+
+def policy_print(pid, reg):
+    print(parse(pid, reg))
+    return True
+
+
+fmt_dict = {
+    'open': 'Si',
+    'stat': 'S',
+    'lstat': 'S',
+    'access': 'Si',
+    'readlink': 'S',
+    'rt_sigaction': 'i',
+    'socket': 'iii',
+    'connect': 'i',
+}
+
+run(sys.argv[1], sys.argv[1:], policy)
+#run(sys.argv[1], sys.argv[1:], policy_print)
 
 def get_syscalls():
     s = open('/usr/include/asm/unistd_64.h').read()
-    print('SYSCALL_NAMES = {')
-    for syscall, n in re.findall(r'#define __NR_(\S+)\s+(\d+)', s):
-        print('    {}: "{}",'.format(n, syscall))
-    print('}')
+    print('syscall_list = [')
+    for i, (syscall, n) in enumerate(re.findall(r'#define __NR_(\S+)\s+(\d+)', s)):
+        assert i == int(n)
+        print("    '{}',".format(syscall))
+    print(']')
 
 if __name__ == '__main__':
     get_syscalls()