From 4f16fe2082863cf317512b24e9a88da373b1894b Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks@canonical.com>
Date: Tue, 10 Oct 2017 05:01:57 +0000
Subject: [PATCH] python: Expose API level functionality

Allow Python applications to get and set the API level using global
functions.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 src/python/seccomp.pyx      | 29 +++++++++++++++++++++++++++++
 tests/39-basic-api_level.py | 34 +++++++++++++++++++++++++++++++---
 2 files changed, 60 insertions(+), 3 deletions(-)

diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
index 275019a..27e374f 100644
--- a/src/python/seccomp.pyx
+++ b/src/python/seccomp.pyx
@@ -150,6 +150,35 @@ def resolve_syscall(arch, syscall):
     else:
         raise TypeError("Syscall must either be an int or str type")
 
+def get_api():
+    """ Query the level of API support
+
+    Description:
+    Returns the API level value indicating the current supported
+    functionality.
+    """
+    level = libseccomp.seccomp_api_get()
+    if level < 0:
+        raise RuntimeError(str.format("Library error (errno = {0})", level))
+
+    return level
+
+def set_api(unsigned int level):
+    """ Set the level of API support
+
+    Arguments:
+    level - the API level
+
+    Description:
+    This function forcibly sets the API level at runtime.  General use
+    of this function is strongly discouraged.
+    """
+    rc = libseccomp.seccomp_api_set(level)
+    if rc == -errno.EINVAL:
+        raise ValueError("Invalid level")
+    elif rc != 0:
+        raise RuntimeError(str.format("Library error (errno = {0})", rc))
+
 cdef class Arch:
     """ Python object representing the SyscallFilter architecture values.
 
diff --git a/tests/39-basic-api_level.py b/tests/39-basic-api_level.py
index e958bf1..49d23f2 100755
--- a/tests/39-basic-api_level.py
+++ b/tests/39-basic-api_level.py
@@ -4,7 +4,9 @@
 # Seccomp Library test program
 #
 # Copyright (c) 2016 Red Hat <pmoore@redhat.com>
-# Author: Paul Moore <paul@paul-moore.com>
+# Copyright (c) 2017 Canonical Ltd.
+# Authors: Paul Moore <paul@paul-moore.com>
+#          Tyler Hicks <tyhicks@canonical.com>
 #
 
 #
@@ -28,8 +30,34 @@ import util
 
 from seccomp import *
 
-# NOTE: this is a NULL test since we don't support the seccomp_version() API
-#       via the libseccomp python bindings
+def test():
+    api = get_api()
+    if (api < 1):
+        raise RuntimeError("Failed getting initial API level")
+
+    set_api(1)
+    api = get_api()
+    if api != 1:
+        raise RuntimeError("Failed getting API level 1")
+
+    set_api(2)
+    api = get_api()
+    if api != 2:
+        raise RuntimeError("Failed getting API level 2")
+
+    # Attempt to set a high, invalid API level
+    try:
+        set_api(1024)
+    except ValueError:
+        pass
+    else:
+        raise RuntimeError("Missing failure when setting invalid API level")
+    # Ensure that the previously set API level didn't change
+    api = get_api()
+    if api != 2:
+        raise RuntimeError("Failed getting old API level after setting an invalid API level")
+
+test()
 
 # kate: syntax python;
 # kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
-- 
2.39.2