Interception syscalls and make change in their arguments

I'm interested to write a kernel program that can have all possible controls on syscalls, such as intersection, filtering, and make changes in their arguments. I look up for two goals: 1. read system calls and their arguments and decide to block or allow them according to a policy. 2. have access to change their argument and pass them to the user. In fact (I do not know if this allegory is true or not?), I want to do something like simple virtualization for a process that can change its view to the kernel and its system calling (like it requested a file in "/tmp/new_folder/foo.txt" by open syscall and we return "/tmp/another_folder/foo2.txt" instead). I insist that this be done with ebpf. But if there is another way, I would welcome it. Also, I should say, I know the usage of **bcc** in this case. it seems to designed for tracing but not filtering and influencing. as well as I tried **seccomp** and it is better than bcc, but seccomp can't be used for access arguments and it is an important factor for me. so I think my answer may be in something like **lsm**. but I don't know how and didn't find any good doc for it. Thanks for any help.