1 /*-
2 * Copyright (c) 2018 Aniket Pandey
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * SUCH DAMAGE.
24 */
25
26 #include <sys/param.h>
27 #include <sys/capsicum.h>
28 #include <sys/uio.h>
29 #include <sys/ktrace.h>
30 #include <sys/mman.h>
31 #include <sys/procctl.h>
32 #include <sys/ptrace.h>
33 #include <sys/resource.h>
34 #include <sys/rtprio.h>
35 #include <sys/stat.h>
36 #include <sys/sysctl.h>
37 #include <sys/time.h>
38 #include <sys/wait.h>
39
40 #include <atf-c.h>
41 #include <fcntl.h>
42 #include <signal.h>
43 #include <stdint.h>
44 #include <stdlib.h>
45 #include <unistd.h>
46
47 #include "utils.h"
48
49 #include "freebsd_test_suite/macros.h"
50
51 static pid_t pid;
52 static int filedesc, status;
53 static struct pollfd fds[1];
54 static char pcregex[80];
55 static const char *auclass = "pc";
56
57
58 ATF_TC_WITH_CLEANUP(fork_success);
ATF_TC_HEAD(fork_success,tc)59 ATF_TC_HEAD(fork_success, tc)
60 {
61 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
62 "fork(2) call");
63 }
64
ATF_TC_BODY(fork_success,tc)65 ATF_TC_BODY(fork_success, tc)
66 {
67 pid = getpid();
68 snprintf(pcregex, sizeof(pcregex), "fork.*%d.*return,success", pid);
69
70 FILE *pipefd = setup(fds, auclass);
71 /* Check if fork(2) succeded. If so, exit from the child process */
72 ATF_REQUIRE((pid = fork()) != -1);
73 if (pid)
74 check_audit(fds, pcregex, pipefd);
75 else
76 _exit(0);
77 }
78
ATF_TC_CLEANUP(fork_success,tc)79 ATF_TC_CLEANUP(fork_success, tc)
80 {
81 cleanup();
82 }
83
84 /*
85 * No fork(2) in failure mode since possibilities for failure are only when
86 * user is not privileged or when the number of processes exceed KERN_MAXPROC.
87 */
88
89
90 ATF_TC_WITH_CLEANUP(_exit_success);
ATF_TC_HEAD(_exit_success,tc)91 ATF_TC_HEAD(_exit_success, tc)
92 {
93 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
94 "_exit(2) call");
95 }
96
ATF_TC_BODY(_exit_success,tc)97 ATF_TC_BODY(_exit_success, tc)
98 {
99 FILE *pipefd = setup(fds, auclass);
100 ATF_REQUIRE((pid = fork()) != -1);
101 if (pid) {
102 snprintf(pcregex, sizeof(pcregex), "exit.*%d.*success", pid);
103 check_audit(fds, pcregex, pipefd);
104 }
105 else
106 _exit(0);
107 }
108
ATF_TC_CLEANUP(_exit_success,tc)109 ATF_TC_CLEANUP(_exit_success, tc)
110 {
111 cleanup();
112 }
113
114 /*
115 * _exit(2) never returns, hence the auditing by default is always successful
116 */
117
118
119 ATF_TC_WITH_CLEANUP(rfork_success);
ATF_TC_HEAD(rfork_success,tc)120 ATF_TC_HEAD(rfork_success, tc)
121 {
122 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
123 "rfork(2) call");
124 }
125
ATF_TC_BODY(rfork_success,tc)126 ATF_TC_BODY(rfork_success, tc)
127 {
128 pid = getpid();
129 snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,success", pid);
130
131 FILE *pipefd = setup(fds, auclass);
132 ATF_REQUIRE((pid = rfork(RFPROC)) != -1);
133 if (pid)
134 check_audit(fds, pcregex, pipefd);
135 else
136 _exit(0);
137 }
138
ATF_TC_CLEANUP(rfork_success,tc)139 ATF_TC_CLEANUP(rfork_success, tc)
140 {
141 cleanup();
142 }
143
144
145 ATF_TC_WITH_CLEANUP(rfork_failure);
ATF_TC_HEAD(rfork_failure,tc)146 ATF_TC_HEAD(rfork_failure, tc)
147 {
148 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
149 "rfork(2) call");
150 }
151
ATF_TC_BODY(rfork_failure,tc)152 ATF_TC_BODY(rfork_failure, tc)
153 {
154 pid = getpid();
155 snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,failure", pid);
156
157 FILE *pipefd = setup(fds, auclass);
158 /* Failure reason: Invalid argument */
159 ATF_REQUIRE_EQ(-1, rfork(-1));
160 check_audit(fds, pcregex, pipefd);
161 }
162
ATF_TC_CLEANUP(rfork_failure,tc)163 ATF_TC_CLEANUP(rfork_failure, tc)
164 {
165 cleanup();
166 }
167
168
169 ATF_TC_WITH_CLEANUP(wait4_success);
ATF_TC_HEAD(wait4_success,tc)170 ATF_TC_HEAD(wait4_success, tc)
171 {
172 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
173 "wait4(2) call");
174 }
175
ATF_TC_BODY(wait4_success,tc)176 ATF_TC_BODY(wait4_success, tc)
177 {
178 pid = getpid();
179 snprintf(pcregex, sizeof(pcregex), "wait4.*%d.*return,success", pid);
180
181 ATF_REQUIRE((pid = fork()) != -1);
182 if (pid) {
183 FILE *pipefd = setup(fds, auclass);
184 /* wpid = -1 : Wait for any child process */
185 ATF_REQUIRE(wait4(-1, &status, 0, NULL) != -1);
186 check_audit(fds, pcregex, pipefd);
187 }
188 else
189 _exit(0);
190 }
191
ATF_TC_CLEANUP(wait4_success,tc)192 ATF_TC_CLEANUP(wait4_success, tc)
193 {
194 cleanup();
195 }
196
197
198 ATF_TC_WITH_CLEANUP(wait4_failure);
ATF_TC_HEAD(wait4_failure,tc)199 ATF_TC_HEAD(wait4_failure, tc)
200 {
201 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
202 "wait4(2) call");
203 }
204
ATF_TC_BODY(wait4_failure,tc)205 ATF_TC_BODY(wait4_failure, tc)
206 {
207 pid = getpid();
208 snprintf(pcregex, sizeof(pcregex), "wait4.*%d.*return,failure", pid);
209
210 FILE *pipefd = setup(fds, auclass);
211 /* Failure reason: No child process to wait for */
212 ATF_REQUIRE_EQ(-1, wait4(-1, NULL, 0, NULL));
213 check_audit(fds, pcregex, pipefd);
214 }
215
ATF_TC_CLEANUP(wait4_failure,tc)216 ATF_TC_CLEANUP(wait4_failure, tc)
217 {
218 cleanup();
219 }
220
221
222 ATF_TC_WITH_CLEANUP(wait6_success);
ATF_TC_HEAD(wait6_success,tc)223 ATF_TC_HEAD(wait6_success, tc)
224 {
225 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
226 "wait6(2) call");
227 }
228
ATF_TC_BODY(wait6_success,tc)229 ATF_TC_BODY(wait6_success, tc)
230 {
231 pid = getpid();
232 snprintf(pcregex, sizeof(pcregex), "wait6.*%d.*return,success", pid);
233
234 ATF_REQUIRE((pid = fork()) != -1);
235 if (pid) {
236 FILE *pipefd = setup(fds, auclass);
237 ATF_REQUIRE(wait6(P_ALL, 0, &status, WEXITED, NULL,NULL) != -1);
238 check_audit(fds, pcregex, pipefd);
239 }
240 else
241 _exit(0);
242 }
243
ATF_TC_CLEANUP(wait6_success,tc)244 ATF_TC_CLEANUP(wait6_success, tc)
245 {
246 cleanup();
247 }
248
249
250 ATF_TC_WITH_CLEANUP(wait6_failure);
ATF_TC_HEAD(wait6_failure,tc)251 ATF_TC_HEAD(wait6_failure, tc)
252 {
253 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
254 "wait6(2) call");
255 }
256
ATF_TC_BODY(wait6_failure,tc)257 ATF_TC_BODY(wait6_failure, tc)
258 {
259 pid = getpid();
260 snprintf(pcregex, sizeof(pcregex), "wait6.*%d.*return,failure", pid);
261
262 FILE *pipefd = setup(fds, auclass);
263 /* Failure reason: Invalid argument */
264 ATF_REQUIRE_EQ(-1, wait6(0, 0, NULL, 0, NULL, NULL));
265 check_audit(fds, pcregex, pipefd);
266 }
267
ATF_TC_CLEANUP(wait6_failure,tc)268 ATF_TC_CLEANUP(wait6_failure, tc)
269 {
270 cleanup();
271 }
272
273
274 ATF_TC_WITH_CLEANUP(kill_success);
ATF_TC_HEAD(kill_success,tc)275 ATF_TC_HEAD(kill_success, tc)
276 {
277 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
278 "kill(2) call");
279 }
280
ATF_TC_BODY(kill_success,tc)281 ATF_TC_BODY(kill_success, tc)
282 {
283 pid = getpid();
284 snprintf(pcregex, sizeof(pcregex), "kill.*%d.*return,success", pid);
285
286 FILE *pipefd = setup(fds, auclass);
287 /* Don't send any signal to anyone, live in peace! */
288 ATF_REQUIRE_EQ(0, kill(0, 0));
289 check_audit(fds, pcregex, pipefd);
290 }
291
ATF_TC_CLEANUP(kill_success,tc)292 ATF_TC_CLEANUP(kill_success, tc)
293 {
294 cleanup();
295 }
296
297
298 ATF_TC_WITH_CLEANUP(kill_failure);
ATF_TC_HEAD(kill_failure,tc)299 ATF_TC_HEAD(kill_failure, tc)
300 {
301 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
302 "kill(2) call");
303 }
304
ATF_TC_BODY(kill_failure,tc)305 ATF_TC_BODY(kill_failure, tc)
306 {
307 pid = getpid();
308 snprintf(pcregex, sizeof(pcregex), "kill.*%d.*return,failure", pid);
309
310 FILE *pipefd = setup(fds, auclass);
311 /*
312 * Failure reason: Non existent process with PID '-2'
313 * Note: '-1' is not used as it means sending no signal to
314 * all non-system processes: A successful invocation
315 */
316 ATF_REQUIRE_EQ(-1, kill(0, -2));
317 check_audit(fds, pcregex, pipefd);
318 }
319
ATF_TC_CLEANUP(kill_failure,tc)320 ATF_TC_CLEANUP(kill_failure, tc)
321 {
322 cleanup();
323 }
324
325
326 ATF_TC_WITH_CLEANUP(chdir_success);
ATF_TC_HEAD(chdir_success,tc)327 ATF_TC_HEAD(chdir_success, tc)
328 {
329 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
330 "chdir(2) call");
331 }
332
ATF_TC_BODY(chdir_success,tc)333 ATF_TC_BODY(chdir_success, tc)
334 {
335 pid = getpid();
336 snprintf(pcregex, sizeof(pcregex), "chdir.*/.*%d.*return,success", pid);
337
338 FILE *pipefd = setup(fds, auclass);
339 ATF_REQUIRE_EQ(0, chdir("/"));
340 check_audit(fds, pcregex, pipefd);
341 }
342
ATF_TC_CLEANUP(chdir_success,tc)343 ATF_TC_CLEANUP(chdir_success, tc)
344 {
345 cleanup();
346 }
347
348
349 ATF_TC_WITH_CLEANUP(chdir_failure);
ATF_TC_HEAD(chdir_failure,tc)350 ATF_TC_HEAD(chdir_failure, tc)
351 {
352 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
353 "chdir(2) call");
354 }
355
ATF_TC_BODY(chdir_failure,tc)356 ATF_TC_BODY(chdir_failure, tc)
357 {
358 pid = getpid();
359 snprintf(pcregex, sizeof(pcregex), "chdir.*%d.*return,failure", pid);
360
361 FILE *pipefd = setup(fds, auclass);
362 /* Failure reason: Bad address */
363 ATF_REQUIRE_EQ(-1, chdir(NULL));
364 check_audit(fds, pcregex, pipefd);
365 }
366
ATF_TC_CLEANUP(chdir_failure,tc)367 ATF_TC_CLEANUP(chdir_failure, tc)
368 {
369 cleanup();
370 }
371
372
373 ATF_TC_WITH_CLEANUP(fchdir_success);
ATF_TC_HEAD(fchdir_success,tc)374 ATF_TC_HEAD(fchdir_success, tc)
375 {
376 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
377 "fchdir(2) call");
378 }
379
ATF_TC_BODY(fchdir_success,tc)380 ATF_TC_BODY(fchdir_success, tc)
381 {
382 /* Build an absolute path to the test-case directory */
383 char dirpath[50];
384 ATF_REQUIRE(getcwd(dirpath, sizeof(dirpath)) != NULL);
385 ATF_REQUIRE((filedesc = open(dirpath, O_RDONLY)) != -1);
386
387 /* Audit record generated by fchdir(2) does not contain filedesc */
388 pid = getpid();
389 snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,success", pid);
390
391 FILE *pipefd = setup(fds, auclass);
392 ATF_REQUIRE_EQ(0, fchdir(filedesc));
393 check_audit(fds, pcregex, pipefd);
394 close(filedesc);
395 }
396
ATF_TC_CLEANUP(fchdir_success,tc)397 ATF_TC_CLEANUP(fchdir_success, tc)
398 {
399 cleanup();
400 }
401
402
403 ATF_TC_WITH_CLEANUP(fchdir_failure);
ATF_TC_HEAD(fchdir_failure,tc)404 ATF_TC_HEAD(fchdir_failure, tc)
405 {
406 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
407 "fchdir(2) call");
408 }
409
ATF_TC_BODY(fchdir_failure,tc)410 ATF_TC_BODY(fchdir_failure, tc)
411 {
412 pid = getpid();
413 snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,failure", pid);
414
415 FILE *pipefd = setup(fds, auclass);
416 /* Failure reason: Bad directory address */
417 ATF_REQUIRE_EQ(-1, fchdir(-1));
418 check_audit(fds, pcregex, pipefd);
419 }
420
ATF_TC_CLEANUP(fchdir_failure,tc)421 ATF_TC_CLEANUP(fchdir_failure, tc)
422 {
423 cleanup();
424 }
425
426
427 ATF_TC_WITH_CLEANUP(chroot_success);
ATF_TC_HEAD(chroot_success,tc)428 ATF_TC_HEAD(chroot_success, tc)
429 {
430 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
431 "chroot(2) call");
432 }
433
ATF_TC_BODY(chroot_success,tc)434 ATF_TC_BODY(chroot_success, tc)
435 {
436 pid = getpid();
437 snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,success", pid);
438
439 FILE *pipefd = setup(fds, auclass);
440 /* We don't want to change the root directory, hence '/' */
441 ATF_REQUIRE_EQ(0, chroot("/"));
442 check_audit(fds, pcregex, pipefd);
443 }
444
ATF_TC_CLEANUP(chroot_success,tc)445 ATF_TC_CLEANUP(chroot_success, tc)
446 {
447 cleanup();
448 }
449
450
451 ATF_TC_WITH_CLEANUP(chroot_failure);
ATF_TC_HEAD(chroot_failure,tc)452 ATF_TC_HEAD(chroot_failure, tc)
453 {
454 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
455 "chroot(2) call");
456 }
457
ATF_TC_BODY(chroot_failure,tc)458 ATF_TC_BODY(chroot_failure, tc)
459 {
460 pid = getpid();
461 snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,failure", pid);
462
463 FILE *pipefd = setup(fds, auclass);
464 ATF_REQUIRE_EQ(-1, chroot(NULL));
465 check_audit(fds, pcregex, pipefd);
466 }
467
ATF_TC_CLEANUP(chroot_failure,tc)468 ATF_TC_CLEANUP(chroot_failure, tc)
469 {
470 cleanup();
471 }
472
473
474 ATF_TC_WITH_CLEANUP(umask_success);
ATF_TC_HEAD(umask_success,tc)475 ATF_TC_HEAD(umask_success, tc)
476 {
477 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
478 "umask(2) call");
479 }
480
ATF_TC_BODY(umask_success,tc)481 ATF_TC_BODY(umask_success, tc)
482 {
483 pid = getpid();
484 snprintf(pcregex, sizeof(pcregex), "umask.*%d.*return,success", pid);
485
486 FILE *pipefd = setup(fds, auclass);
487 umask(0);
488 check_audit(fds, pcregex, pipefd);
489 }
490
ATF_TC_CLEANUP(umask_success,tc)491 ATF_TC_CLEANUP(umask_success, tc)
492 {
493 cleanup();
494 }
495
496 /*
497 * umask(2) system call never fails. Hence, no test case for failure mode
498 */
499
500
501 ATF_TC_WITH_CLEANUP(setuid_success);
ATF_TC_HEAD(setuid_success,tc)502 ATF_TC_HEAD(setuid_success, tc)
503 {
504 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
505 "setuid(2) call");
506 }
507
ATF_TC_BODY(setuid_success,tc)508 ATF_TC_BODY(setuid_success, tc)
509 {
510 pid = getpid();
511 snprintf(pcregex, sizeof(pcregex), "setuid.*%d.*return,success", pid);
512
513 FILE *pipefd = setup(fds, auclass);
514 /* Since we're privileged, we'll let ourselves be privileged! */
515 ATF_REQUIRE_EQ(0, setuid(0));
516 check_audit(fds, pcregex, pipefd);
517 }
518
ATF_TC_CLEANUP(setuid_success,tc)519 ATF_TC_CLEANUP(setuid_success, tc)
520 {
521 cleanup();
522 }
523
524 /*
525 * setuid(2) fails only when the current user is not root. So no test case for
526 * failure mode since the required_user="root"
527 */
528
529
530 ATF_TC_WITH_CLEANUP(seteuid_success);
ATF_TC_HEAD(seteuid_success,tc)531 ATF_TC_HEAD(seteuid_success, tc)
532 {
533 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
534 "seteuid(2) call");
535 }
536
ATF_TC_BODY(seteuid_success,tc)537 ATF_TC_BODY(seteuid_success, tc)
538 {
539 pid = getpid();
540 snprintf(pcregex, sizeof(pcregex), "seteuid.*%d.*return,success", pid);
541
542 FILE *pipefd = setup(fds, auclass);
543 /* This time, we'll let ourselves be 'effectively' privileged! */
544 ATF_REQUIRE_EQ(0, seteuid(0));
545 check_audit(fds, pcregex, pipefd);
546 }
547
ATF_TC_CLEANUP(seteuid_success,tc)548 ATF_TC_CLEANUP(seteuid_success, tc)
549 {
550 cleanup();
551 }
552
553 /*
554 * seteuid(2) fails only when the current user is not root. So no test case for
555 * failure mode since the required_user="root"
556 */
557
558
559 ATF_TC_WITH_CLEANUP(setgid_success);
ATF_TC_HEAD(setgid_success,tc)560 ATF_TC_HEAD(setgid_success, tc)
561 {
562 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
563 "setgid(2) call");
564 }
565
ATF_TC_BODY(setgid_success,tc)566 ATF_TC_BODY(setgid_success, tc)
567 {
568 pid = getpid();
569 snprintf(pcregex, sizeof(pcregex), "setgid.*%d.*return,success", pid);
570
571 FILE *pipefd = setup(fds, auclass);
572 ATF_REQUIRE_EQ(0, setgid(0));
573 check_audit(fds, pcregex, pipefd);
574 }
575
ATF_TC_CLEANUP(setgid_success,tc)576 ATF_TC_CLEANUP(setgid_success, tc)
577 {
578 cleanup();
579 }
580
581 /*
582 * setgid(2) fails only when the current user is not root. So no test case for
583 * failure mode since the required_user="root"
584 */
585
586
587 ATF_TC_WITH_CLEANUP(setegid_success);
ATF_TC_HEAD(setegid_success,tc)588 ATF_TC_HEAD(setegid_success, tc)
589 {
590 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
591 "setegid(2) call");
592 }
593
ATF_TC_BODY(setegid_success,tc)594 ATF_TC_BODY(setegid_success, tc)
595 {
596 pid = getpid();
597 snprintf(pcregex, sizeof(pcregex), "setegid.*%d.*return,success", pid);
598
599 FILE *pipefd = setup(fds, auclass);
600 ATF_REQUIRE_EQ(0, setegid(0));
601 check_audit(fds, pcregex, pipefd);
602 }
603
ATF_TC_CLEANUP(setegid_success,tc)604 ATF_TC_CLEANUP(setegid_success, tc)
605 {
606 cleanup();
607 }
608
609 /*
610 * setegid(2) fails only when the current user is not root. So no test case for
611 * failure mode since the required_user="root"
612 */
613
614
615 ATF_TC_WITH_CLEANUP(setregid_success);
ATF_TC_HEAD(setregid_success,tc)616 ATF_TC_HEAD(setregid_success, tc)
617 {
618 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
619 "setregid(2) call");
620 }
621
ATF_TC_BODY(setregid_success,tc)622 ATF_TC_BODY(setregid_success, tc)
623 {
624 pid = getpid();
625 snprintf(pcregex, sizeof(pcregex), "setregid.*%d.*return,success", pid);
626
627 FILE *pipefd = setup(fds, auclass);
628 /* setregid(-1, -1) does not change any real or effective GIDs */
629 ATF_REQUIRE_EQ(0, setregid(-1, -1));
630 check_audit(fds, pcregex, pipefd);
631 }
632
ATF_TC_CLEANUP(setregid_success,tc)633 ATF_TC_CLEANUP(setregid_success, tc)
634 {
635 cleanup();
636 }
637
638 /*
639 * setregid(2) fails only when the current user is not root. So no test case for
640 * failure mode since the required_user="root"
641 */
642
643
644 ATF_TC_WITH_CLEANUP(setreuid_success);
ATF_TC_HEAD(setreuid_success,tc)645 ATF_TC_HEAD(setreuid_success, tc)
646 {
647 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
648 "setreuid(2) call");
649 }
650
ATF_TC_BODY(setreuid_success,tc)651 ATF_TC_BODY(setreuid_success, tc)
652 {
653 pid = getpid();
654 snprintf(pcregex, sizeof(pcregex), "setreuid.*%d.*return,success", pid);
655
656 FILE *pipefd = setup(fds, auclass);
657 /* setreuid(-1, -1) does not change any real or effective UIDs */
658 ATF_REQUIRE_EQ(0, setreuid(-1, -1));
659 check_audit(fds, pcregex, pipefd);
660 }
661
ATF_TC_CLEANUP(setreuid_success,tc)662 ATF_TC_CLEANUP(setreuid_success, tc)
663 {
664 cleanup();
665 }
666
667 /*
668 * setregid(2) fails only when the current user is not root. So no test case for
669 * failure mode since the required_user="root"
670 */
671
672
673 ATF_TC_WITH_CLEANUP(setresuid_success);
ATF_TC_HEAD(setresuid_success,tc)674 ATF_TC_HEAD(setresuid_success, tc)
675 {
676 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
677 "setresuid(2) call");
678 }
679
ATF_TC_BODY(setresuid_success,tc)680 ATF_TC_BODY(setresuid_success, tc)
681 {
682 pid = getpid();
683 snprintf(pcregex, sizeof(pcregex), "setresuid.*%d.*return,success", pid);
684
685 FILE *pipefd = setup(fds, auclass);
686 /* setresuid(-1, -1, -1) does not change real, effective & saved UIDs */
687 ATF_REQUIRE_EQ(0, setresuid(-1, -1, -1));
688 check_audit(fds, pcregex, pipefd);
689 }
690
ATF_TC_CLEANUP(setresuid_success,tc)691 ATF_TC_CLEANUP(setresuid_success, tc)
692 {
693 cleanup();
694 }
695
696 /*
697 * setresuid(2) fails only when the current user is not root. So no test case
698 * for failure mode since the required_user="root"
699 */
700
701
702 ATF_TC_WITH_CLEANUP(setresgid_success);
ATF_TC_HEAD(setresgid_success,tc)703 ATF_TC_HEAD(setresgid_success, tc)
704 {
705 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
706 "setresgid(2) call");
707 }
708
ATF_TC_BODY(setresgid_success,tc)709 ATF_TC_BODY(setresgid_success, tc)
710 {
711 pid = getpid();
712 snprintf(pcregex, sizeof(pcregex), "setresgid.*%d.*ret.*success", pid);
713
714 FILE *pipefd = setup(fds, auclass);
715 /* setresgid(-1, -1, -1) does not change real, effective & saved GIDs */
716 ATF_REQUIRE_EQ(0, setresgid(-1, -1, -1));
717 check_audit(fds, pcregex, pipefd);
718 }
719
ATF_TC_CLEANUP(setresgid_success,tc)720 ATF_TC_CLEANUP(setresgid_success, tc)
721 {
722 cleanup();
723 }
724
725 /*
726 * setresgid(2) fails only when the current user is not root. So no test case
727 * for failure mode since the required_user="root"
728 */
729
730
731 ATF_TC_WITH_CLEANUP(getresuid_success);
ATF_TC_HEAD(getresuid_success,tc)732 ATF_TC_HEAD(getresuid_success, tc)
733 {
734 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
735 "getresuid(2) call");
736 }
737
ATF_TC_BODY(getresuid_success,tc)738 ATF_TC_BODY(getresuid_success, tc)
739 {
740 pid = getpid();
741 snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*success", pid);
742
743 FILE *pipefd = setup(fds, auclass);
744 ATF_REQUIRE_EQ(0, getresuid(NULL, NULL, NULL));
745 check_audit(fds, pcregex, pipefd);
746 }
747
ATF_TC_CLEANUP(getresuid_success,tc)748 ATF_TC_CLEANUP(getresuid_success, tc)
749 {
750 cleanup();
751 }
752
753
754 ATF_TC_WITH_CLEANUP(getresuid_failure);
ATF_TC_HEAD(getresuid_failure,tc)755 ATF_TC_HEAD(getresuid_failure, tc)
756 {
757 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
758 "getresuid(2) call");
759 }
760
ATF_TC_BODY(getresuid_failure,tc)761 ATF_TC_BODY(getresuid_failure, tc)
762 {
763 pid = getpid();
764 snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*failure", pid);
765
766 FILE *pipefd = setup(fds, auclass);
767 /* Failure reason: Invalid address "-1" */
768 ATF_REQUIRE_EQ(-1, getresuid((uid_t *)-1, NULL, NULL));
769 check_audit(fds, pcregex, pipefd);
770 }
771
ATF_TC_CLEANUP(getresuid_failure,tc)772 ATF_TC_CLEANUP(getresuid_failure, tc)
773 {
774 cleanup();
775 }
776
777
778 ATF_TC_WITH_CLEANUP(getresgid_success);
ATF_TC_HEAD(getresgid_success,tc)779 ATF_TC_HEAD(getresgid_success, tc)
780 {
781 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
782 "getresgid(2) call");
783 }
784
ATF_TC_BODY(getresgid_success,tc)785 ATF_TC_BODY(getresgid_success, tc)
786 {
787 pid = getpid();
788 snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*success", pid);
789
790 FILE *pipefd = setup(fds, auclass);
791 ATF_REQUIRE_EQ(0, getresgid(NULL, NULL, NULL));
792 check_audit(fds, pcregex, pipefd);
793 }
794
ATF_TC_CLEANUP(getresgid_success,tc)795 ATF_TC_CLEANUP(getresgid_success, tc)
796 {
797 cleanup();
798 }
799
800
801 ATF_TC_WITH_CLEANUP(getresgid_failure);
ATF_TC_HEAD(getresgid_failure,tc)802 ATF_TC_HEAD(getresgid_failure, tc)
803 {
804 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
805 "getresgid(2) call");
806 }
807
ATF_TC_BODY(getresgid_failure,tc)808 ATF_TC_BODY(getresgid_failure, tc)
809 {
810 pid = getpid();
811 snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*failure", pid);
812
813 FILE *pipefd = setup(fds, auclass);
814 /* Failure reason: Invalid address "-1" */
815 ATF_REQUIRE_EQ(-1, getresgid((gid_t *)-1, NULL, NULL));
816 check_audit(fds, pcregex, pipefd);
817 }
818
ATF_TC_CLEANUP(getresgid_failure,tc)819 ATF_TC_CLEANUP(getresgid_failure, tc)
820 {
821 cleanup();
822 }
823
824
825 ATF_TC_WITH_CLEANUP(setpriority_success);
ATF_TC_HEAD(setpriority_success,tc)826 ATF_TC_HEAD(setpriority_success, tc)
827 {
828 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
829 "setpriority(2) call");
830 }
831
ATF_TC_BODY(setpriority_success,tc)832 ATF_TC_BODY(setpriority_success, tc)
833 {
834 pid = getpid();
835 snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*success", pid);
836
837 FILE *pipefd = setup(fds, auclass);
838 ATF_REQUIRE_EQ(0, setpriority(PRIO_PROCESS, 0, 0));
839 check_audit(fds, pcregex, pipefd);
840 }
841
ATF_TC_CLEANUP(setpriority_success,tc)842 ATF_TC_CLEANUP(setpriority_success, tc)
843 {
844 cleanup();
845 }
846
847
848 ATF_TC_WITH_CLEANUP(setpriority_failure);
ATF_TC_HEAD(setpriority_failure,tc)849 ATF_TC_HEAD(setpriority_failure, tc)
850 {
851 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
852 "setpriority(2) call");
853 }
854
ATF_TC_BODY(setpriority_failure,tc)855 ATF_TC_BODY(setpriority_failure, tc)
856 {
857 pid = getpid();
858 snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*failure", pid);
859
860 FILE *pipefd = setup(fds, auclass);
861 ATF_REQUIRE_EQ(-1, setpriority(-1, -1, -1));
862 check_audit(fds, pcregex, pipefd);
863 }
864
ATF_TC_CLEANUP(setpriority_failure,tc)865 ATF_TC_CLEANUP(setpriority_failure, tc)
866 {
867 cleanup();
868 }
869
870
871 ATF_TC_WITH_CLEANUP(setgroups_success);
ATF_TC_HEAD(setgroups_success,tc)872 ATF_TC_HEAD(setgroups_success, tc)
873 {
874 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
875 "setgroups(2) call");
876 }
877
ATF_TC_BODY(setgroups_success,tc)878 ATF_TC_BODY(setgroups_success, tc)
879 {
880 gid_t gids[5];
881 pid = getpid();
882 snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*success", pid);
883 /* Retrieve the current group access list to be used with setgroups */
884 ATF_REQUIRE(getgroups(sizeof(gids)/sizeof(gids[0]), gids) != -1);
885
886 FILE *pipefd = setup(fds, auclass);
887 ATF_REQUIRE_EQ(0, setgroups(sizeof(gids)/sizeof(gids[0]), gids));
888 check_audit(fds, pcregex, pipefd);
889 }
890
ATF_TC_CLEANUP(setgroups_success,tc)891 ATF_TC_CLEANUP(setgroups_success, tc)
892 {
893 cleanup();
894 }
895
896
897 ATF_TC_WITH_CLEANUP(setgroups_failure);
ATF_TC_HEAD(setgroups_failure,tc)898 ATF_TC_HEAD(setgroups_failure, tc)
899 {
900 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
901 "setgroups(2) call");
902 }
903
ATF_TC_BODY(setgroups_failure,tc)904 ATF_TC_BODY(setgroups_failure, tc)
905 {
906 pid = getpid();
907 snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*failure", pid);
908
909 FILE *pipefd = setup(fds, auclass);
910 ATF_REQUIRE_EQ(-1, setgroups(-1, NULL));
911 check_audit(fds, pcregex, pipefd);
912 }
913
ATF_TC_CLEANUP(setgroups_failure,tc)914 ATF_TC_CLEANUP(setgroups_failure, tc)
915 {
916 cleanup();
917 }
918
919
920 ATF_TC_WITH_CLEANUP(setpgrp_success);
ATF_TC_HEAD(setpgrp_success,tc)921 ATF_TC_HEAD(setpgrp_success, tc)
922 {
923 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
924 "setpgrp(2) call");
925 }
926
ATF_TC_BODY(setpgrp_success,tc)927 ATF_TC_BODY(setpgrp_success, tc)
928 {
929 /* Main procedure is carried out from within the child process */
930 ATF_REQUIRE((pid = fork()) != -1);
931 if (pid) {
932 ATF_REQUIRE(wait(&status) != -1);
933 } else {
934 pid = getpid();
935 snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*success", pid);
936
937 FILE *pipefd = setup(fds, auclass);
938 ATF_REQUIRE_EQ(0, setpgrp(0, 0));
939 check_audit(fds, pcregex, pipefd);
940 }
941 }
942
ATF_TC_CLEANUP(setpgrp_success,tc)943 ATF_TC_CLEANUP(setpgrp_success, tc)
944 {
945 cleanup();
946 }
947
948
949 ATF_TC_WITH_CLEANUP(setpgrp_failure);
ATF_TC_HEAD(setpgrp_failure,tc)950 ATF_TC_HEAD(setpgrp_failure, tc)
951 {
952 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
953 "setpgrp(2) call");
954 }
955
ATF_TC_BODY(setpgrp_failure,tc)956 ATF_TC_BODY(setpgrp_failure, tc)
957 {
958 pid = getpid();
959 snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*return,failure", pid);
960
961 FILE *pipefd = setup(fds, auclass);
962 ATF_REQUIRE_EQ(-1, setpgrp(-1, -1));
963 check_audit(fds, pcregex, pipefd);
964 }
965
ATF_TC_CLEANUP(setpgrp_failure,tc)966 ATF_TC_CLEANUP(setpgrp_failure, tc)
967 {
968 cleanup();
969 }
970
971
972 ATF_TC_WITH_CLEANUP(setsid_success);
ATF_TC_HEAD(setsid_success,tc)973 ATF_TC_HEAD(setsid_success, tc)
974 {
975 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
976 "setsid(2) call");
977 }
978
ATF_TC_BODY(setsid_success,tc)979 ATF_TC_BODY(setsid_success, tc)
980 {
981 /* Main procedure is carried out from within the child process */
982 ATF_REQUIRE((pid = fork()) != -1);
983 if (pid) {
984 ATF_REQUIRE(wait(&status) != -1);
985 } else {
986 pid = getpid();
987 snprintf(pcregex, sizeof(pcregex), "setsid.*%d.*success", pid);
988
989 FILE *pipefd = setup(fds, auclass);
990 ATF_REQUIRE(setsid() != -1);
991 check_audit(fds, pcregex, pipefd);
992 }
993 }
994
ATF_TC_CLEANUP(setsid_success,tc)995 ATF_TC_CLEANUP(setsid_success, tc)
996 {
997 cleanup();
998 }
999
1000
1001 ATF_TC_WITH_CLEANUP(setsid_failure);
ATF_TC_HEAD(setsid_failure,tc)1002 ATF_TC_HEAD(setsid_failure, tc)
1003 {
1004 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1005 "setsid(2) call");
1006 }
1007
ATF_TC_BODY(setsid_failure,tc)1008 ATF_TC_BODY(setsid_failure, tc)
1009 {
1010 pid = getpid();
1011 snprintf(pcregex, sizeof(pcregex), "setsid.*%d.*return,failure", pid);
1012
1013 /*
1014 * Here, we are intentionally ignoring the output of the setsid()
1015 * call because it may or may not be a process leader already. But it
1016 * ensures that the next invocation of setsid() will definitely fail.
1017 */
1018 setsid();
1019 FILE *pipefd = setup(fds, auclass);
1020 /*
1021 * Failure reason: [EPERM] Creating a new session is not permitted
1022 * as the PID of calling process matches the PGID of a process group
1023 * created by premature setsid() call.
1024 */
1025 ATF_REQUIRE_EQ(-1, setsid());
1026 check_audit(fds, pcregex, pipefd);
1027 }
1028
ATF_TC_CLEANUP(setsid_failure,tc)1029 ATF_TC_CLEANUP(setsid_failure, tc)
1030 {
1031 cleanup();
1032 }
1033
1034
1035 ATF_TC_WITH_CLEANUP(setrlimit_success);
ATF_TC_HEAD(setrlimit_success,tc)1036 ATF_TC_HEAD(setrlimit_success, tc)
1037 {
1038 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1039 "setrlimit(2) call");
1040 }
1041
ATF_TC_BODY(setrlimit_success,tc)1042 ATF_TC_BODY(setrlimit_success, tc)
1043 {
1044 struct rlimit rlp;
1045 pid = getpid();
1046 snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*success", pid);
1047 /* Retrieve the system resource consumption limit to be used later on */
1048 ATF_REQUIRE_EQ(0, getrlimit(RLIMIT_FSIZE, &rlp));
1049
1050 FILE *pipefd = setup(fds, auclass);
1051 ATF_REQUIRE_EQ(0, setrlimit(RLIMIT_FSIZE, &rlp));
1052 check_audit(fds, pcregex, pipefd);
1053 }
1054
ATF_TC_CLEANUP(setrlimit_success,tc)1055 ATF_TC_CLEANUP(setrlimit_success, tc)
1056 {
1057 cleanup();
1058 }
1059
1060
1061 ATF_TC_WITH_CLEANUP(setrlimit_failure);
ATF_TC_HEAD(setrlimit_failure,tc)1062 ATF_TC_HEAD(setrlimit_failure, tc)
1063 {
1064 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1065 "setrlimit(2) call");
1066 }
1067
ATF_TC_BODY(setrlimit_failure,tc)1068 ATF_TC_BODY(setrlimit_failure, tc)
1069 {
1070 pid = getpid();
1071 snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*failure", pid);
1072
1073 FILE *pipefd = setup(fds, auclass);
1074 ATF_REQUIRE_EQ(-1, setrlimit(RLIMIT_FSIZE, NULL));
1075 check_audit(fds, pcregex, pipefd);
1076 }
1077
ATF_TC_CLEANUP(setrlimit_failure,tc)1078 ATF_TC_CLEANUP(setrlimit_failure, tc)
1079 {
1080 cleanup();
1081 }
1082
1083
1084 ATF_TC_WITH_CLEANUP(mlock_success);
ATF_TC_HEAD(mlock_success,tc)1085 ATF_TC_HEAD(mlock_success, tc)
1086 {
1087 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1088 "mlock(2) call");
1089 }
1090
ATF_TC_BODY(mlock_success,tc)1091 ATF_TC_BODY(mlock_success, tc)
1092 {
1093 pid = getpid();
1094 snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,success", pid);
1095
1096 FILE *pipefd = setup(fds, auclass);
1097 ATF_REQUIRE_EQ(0, mlock(NULL, 0));
1098 check_audit(fds, pcregex, pipefd);
1099 }
1100
ATF_TC_CLEANUP(mlock_success,tc)1101 ATF_TC_CLEANUP(mlock_success, tc)
1102 {
1103 cleanup();
1104 }
1105
1106
1107 ATF_TC_WITH_CLEANUP(mlock_failure);
ATF_TC_HEAD(mlock_failure,tc)1108 ATF_TC_HEAD(mlock_failure, tc)
1109 {
1110 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1111 "mlock(2) call");
1112 }
1113
ATF_TC_BODY(mlock_failure,tc)1114 ATF_TC_BODY(mlock_failure, tc)
1115 {
1116 pid = getpid();
1117 snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,failure", pid);
1118
1119 FILE *pipefd = setup(fds, auclass);
1120 ATF_REQUIRE_EQ(-1, mlock((void *)(-1), -1));
1121 check_audit(fds, pcregex, pipefd);
1122 }
1123
ATF_TC_CLEANUP(mlock_failure,tc)1124 ATF_TC_CLEANUP(mlock_failure, tc)
1125 {
1126 cleanup();
1127 }
1128
1129
1130 ATF_TC_WITH_CLEANUP(munlock_success);
ATF_TC_HEAD(munlock_success,tc)1131 ATF_TC_HEAD(munlock_success, tc)
1132 {
1133 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1134 "munlock(2) call");
1135 }
1136
ATF_TC_BODY(munlock_success,tc)1137 ATF_TC_BODY(munlock_success, tc)
1138 {
1139 pid = getpid();
1140 snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,success", pid);
1141
1142 FILE *pipefd = setup(fds, auclass);
1143 ATF_REQUIRE_EQ(0, munlock(NULL, 0));
1144 check_audit(fds, pcregex, pipefd);
1145 }
1146
ATF_TC_CLEANUP(munlock_success,tc)1147 ATF_TC_CLEANUP(munlock_success, tc)
1148 {
1149 cleanup();
1150 }
1151
1152
1153 ATF_TC_WITH_CLEANUP(munlock_failure);
ATF_TC_HEAD(munlock_failure,tc)1154 ATF_TC_HEAD(munlock_failure, tc)
1155 {
1156 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1157 "munlock(2) call");
1158 }
1159
ATF_TC_BODY(munlock_failure,tc)1160 ATF_TC_BODY(munlock_failure, tc)
1161 {
1162 pid = getpid();
1163 snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,failure", pid);
1164
1165 FILE *pipefd = setup(fds, auclass);
1166 ATF_REQUIRE_EQ(-1, munlock((void *)(-1), -1));
1167 check_audit(fds, pcregex, pipefd);
1168 }
1169
ATF_TC_CLEANUP(munlock_failure,tc)1170 ATF_TC_CLEANUP(munlock_failure, tc)
1171 {
1172 cleanup();
1173 }
1174
1175
1176 ATF_TC_WITH_CLEANUP(minherit_success);
ATF_TC_HEAD(minherit_success,tc)1177 ATF_TC_HEAD(minherit_success, tc)
1178 {
1179 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1180 "minherit(2) call");
1181 }
1182
ATF_TC_BODY(minherit_success,tc)1183 ATF_TC_BODY(minherit_success, tc)
1184 {
1185 pid = getpid();
1186 snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,success", pid);
1187
1188 FILE *pipefd = setup(fds, auclass);
1189 ATF_REQUIRE_EQ(0, minherit(NULL, 0, INHERIT_ZERO));
1190 check_audit(fds, pcregex, pipefd);
1191 }
1192
ATF_TC_CLEANUP(minherit_success,tc)1193 ATF_TC_CLEANUP(minherit_success, tc)
1194 {
1195 cleanup();
1196 }
1197
1198
1199 ATF_TC_WITH_CLEANUP(minherit_failure);
ATF_TC_HEAD(minherit_failure,tc)1200 ATF_TC_HEAD(minherit_failure, tc)
1201 {
1202 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1203 "minherit(2) call");
1204 }
1205
ATF_TC_BODY(minherit_failure,tc)1206 ATF_TC_BODY(minherit_failure, tc)
1207 {
1208 pid = getpid();
1209 snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,failure", pid);
1210
1211 FILE *pipefd = setup(fds, auclass);
1212 ATF_REQUIRE_EQ(-1, minherit((void *)(-1), -1, 0));
1213 check_audit(fds, pcregex, pipefd);
1214 }
1215
ATF_TC_CLEANUP(minherit_failure,tc)1216 ATF_TC_CLEANUP(minherit_failure, tc)
1217 {
1218 cleanup();
1219 }
1220
1221
1222 ATF_TC_WITH_CLEANUP(setlogin_success);
ATF_TC_HEAD(setlogin_success,tc)1223 ATF_TC_HEAD(setlogin_success, tc)
1224 {
1225 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1226 "setlogin(2) call");
1227 }
1228
ATF_TC_BODY(setlogin_success,tc)1229 ATF_TC_BODY(setlogin_success, tc)
1230 {
1231 char *name;
1232 pid = getpid();
1233 snprintf(pcregex, sizeof(pcregex), "setlogin.*%d.*return,success", pid);
1234
1235 /* Retrieve the current user's login name to be used with setlogin(2) */
1236 ATF_REQUIRE((name = getlogin()) != NULL);
1237 FILE *pipefd = setup(fds, auclass);
1238 ATF_REQUIRE_EQ(0, setlogin(name));
1239 check_audit(fds, pcregex, pipefd);
1240 }
1241
ATF_TC_CLEANUP(setlogin_success,tc)1242 ATF_TC_CLEANUP(setlogin_success, tc)
1243 {
1244 cleanup();
1245 }
1246
1247
1248 ATF_TC_WITH_CLEANUP(setlogin_failure);
ATF_TC_HEAD(setlogin_failure,tc)1249 ATF_TC_HEAD(setlogin_failure, tc)
1250 {
1251 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1252 "setlogin(2) call");
1253 }
1254
ATF_TC_BODY(setlogin_failure,tc)1255 ATF_TC_BODY(setlogin_failure, tc)
1256 {
1257 pid = getpid();
1258 snprintf(pcregex, sizeof(pcregex), "setlogin.*%d.*return,failure", pid);
1259
1260 FILE *pipefd = setup(fds, auclass);
1261 ATF_REQUIRE_EQ(-1, setlogin(NULL));
1262 check_audit(fds, pcregex, pipefd);
1263 }
1264
ATF_TC_CLEANUP(setlogin_failure,tc)1265 ATF_TC_CLEANUP(setlogin_failure, tc)
1266 {
1267 cleanup();
1268 }
1269
1270
1271 ATF_TC_WITH_CLEANUP(rtprio_success);
ATF_TC_HEAD(rtprio_success,tc)1272 ATF_TC_HEAD(rtprio_success, tc)
1273 {
1274 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1275 "rtprio(2) call");
1276 }
1277
ATF_TC_BODY(rtprio_success,tc)1278 ATF_TC_BODY(rtprio_success, tc)
1279 {
1280 struct rtprio rtp;
1281 pid = getpid();
1282 snprintf(pcregex, sizeof(pcregex), "rtprio.*%d.*return,success", pid);
1283
1284 FILE *pipefd = setup(fds, auclass);
1285 ATF_REQUIRE_EQ(0, rtprio(RTP_LOOKUP, 0, &rtp));
1286 check_audit(fds, pcregex, pipefd);
1287 }
1288
ATF_TC_CLEANUP(rtprio_success,tc)1289 ATF_TC_CLEANUP(rtprio_success, tc)
1290 {
1291 cleanup();
1292 }
1293
1294
1295 ATF_TC_WITH_CLEANUP(rtprio_failure);
ATF_TC_HEAD(rtprio_failure,tc)1296 ATF_TC_HEAD(rtprio_failure, tc)
1297 {
1298 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1299 "rtprio(2) call");
1300 }
1301
ATF_TC_BODY(rtprio_failure,tc)1302 ATF_TC_BODY(rtprio_failure, tc)
1303 {
1304 pid = getpid();
1305 snprintf(pcregex, sizeof(pcregex), "rtprio.*%d.*return,failure", pid);
1306
1307 FILE *pipefd = setup(fds, auclass);
1308 ATF_REQUIRE_EQ(-1, rtprio(-1, -1, NULL));
1309 check_audit(fds, pcregex, pipefd);
1310 }
1311
ATF_TC_CLEANUP(rtprio_failure,tc)1312 ATF_TC_CLEANUP(rtprio_failure, tc)
1313 {
1314 cleanup();
1315 }
1316
1317
1318 ATF_TC_WITH_CLEANUP(profil_success);
ATF_TC_HEAD(profil_success,tc)1319 ATF_TC_HEAD(profil_success, tc)
1320 {
1321 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1322 "profil(2) call");
1323 }
1324
ATF_TC_BODY(profil_success,tc)1325 ATF_TC_BODY(profil_success, tc)
1326 {
1327 pid = getpid();
1328 snprintf(pcregex, sizeof(pcregex), "profil.*%d.*return,success", pid);
1329
1330 char samples[20];
1331 FILE *pipefd = setup(fds, auclass);
1332 /* Set scale argument as 0 to disable profiling of current process */
1333 ATF_REQUIRE_EQ(0, profil(samples, sizeof(samples), 0, 0));
1334 check_audit(fds, pcregex, pipefd);
1335 }
1336
ATF_TC_CLEANUP(profil_success,tc)1337 ATF_TC_CLEANUP(profil_success, tc)
1338 {
1339 cleanup();
1340 }
1341
1342
1343 ATF_TC_WITH_CLEANUP(profil_failure);
ATF_TC_HEAD(profil_failure,tc)1344 ATF_TC_HEAD(profil_failure, tc)
1345 {
1346 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1347 "profil(2) call");
1348 }
1349
ATF_TC_BODY(profil_failure,tc)1350 ATF_TC_BODY(profil_failure, tc)
1351 {
1352 pid = getpid();
1353 snprintf(pcregex, sizeof(pcregex), "profil.*%d.*return,failure", pid);
1354
1355 FILE *pipefd = setup(fds, auclass);
1356 ATF_REQUIRE_EQ(-1, profil((char *)(SIZE_MAX), -1, -1, -1));
1357 check_audit(fds, pcregex, pipefd);
1358 }
1359
ATF_TC_CLEANUP(profil_failure,tc)1360 ATF_TC_CLEANUP(profil_failure, tc)
1361 {
1362 cleanup();
1363 }
1364
1365
1366 ATF_TC_WITH_CLEANUP(ptrace_success);
ATF_TC_HEAD(ptrace_success,tc)1367 ATF_TC_HEAD(ptrace_success, tc)
1368 {
1369 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1370 "ptrace(2) call");
1371 }
1372
ATF_TC_BODY(ptrace_success,tc)1373 ATF_TC_BODY(ptrace_success, tc)
1374 {
1375 pid = getpid();
1376 snprintf(pcregex, sizeof(pcregex), "ptrace.*%d.*return,success", pid);
1377
1378 FILE *pipefd = setup(fds, auclass);
1379 ATF_REQUIRE_EQ(0, ptrace(PT_TRACE_ME, 0, NULL, 0));
1380 check_audit(fds, pcregex, pipefd);
1381 }
1382
ATF_TC_CLEANUP(ptrace_success,tc)1383 ATF_TC_CLEANUP(ptrace_success, tc)
1384 {
1385 cleanup();
1386 }
1387
1388
1389 ATF_TC_WITH_CLEANUP(ptrace_failure);
ATF_TC_HEAD(ptrace_failure,tc)1390 ATF_TC_HEAD(ptrace_failure, tc)
1391 {
1392 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1393 "ptrace(2) call");
1394 }
1395
ATF_TC_BODY(ptrace_failure,tc)1396 ATF_TC_BODY(ptrace_failure, tc)
1397 {
1398 pid = getpid();
1399 snprintf(pcregex, sizeof(pcregex), "ptrace.*%d.*return,failure", pid);
1400
1401 FILE *pipefd = setup(fds, auclass);
1402 ATF_REQUIRE_EQ(-1, ptrace(-1, 0, NULL, 0));
1403 check_audit(fds, pcregex, pipefd);
1404 }
1405
ATF_TC_CLEANUP(ptrace_failure,tc)1406 ATF_TC_CLEANUP(ptrace_failure, tc)
1407 {
1408 cleanup();
1409 }
1410
1411
1412 ATF_TC_WITH_CLEANUP(ktrace_success);
ATF_TC_HEAD(ktrace_success,tc)1413 ATF_TC_HEAD(ktrace_success, tc)
1414 {
1415 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1416 "ktrace(2) call");
1417 }
1418
ATF_TC_BODY(ktrace_success,tc)1419 ATF_TC_BODY(ktrace_success, tc)
1420 {
1421 pid = getpid();
1422 snprintf(pcregex, sizeof(pcregex), "ktrace.*%d.*return,success", pid);
1423
1424 FILE *pipefd = setup(fds, auclass);
1425 ATF_REQUIRE_EQ(0, ktrace(NULL, KTROP_CLEAR, KTRFAC_SYSCALL, pid));
1426 check_audit(fds, pcregex, pipefd);
1427 }
1428
ATF_TC_CLEANUP(ktrace_success,tc)1429 ATF_TC_CLEANUP(ktrace_success, tc)
1430 {
1431 cleanup();
1432 }
1433
1434
1435 ATF_TC_WITH_CLEANUP(ktrace_failure);
ATF_TC_HEAD(ktrace_failure,tc)1436 ATF_TC_HEAD(ktrace_failure, tc)
1437 {
1438 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1439 "ktrace(2) call");
1440 }
1441
ATF_TC_BODY(ktrace_failure,tc)1442 ATF_TC_BODY(ktrace_failure, tc)
1443 {
1444 pid = getpid();
1445 snprintf(pcregex, sizeof(pcregex), "ktrace.*%d.*return,failure", pid);
1446
1447 FILE *pipefd = setup(fds, auclass);
1448 ATF_REQUIRE_EQ(-1, ktrace(NULL, -1, -1, 0));
1449 check_audit(fds, pcregex, pipefd);
1450 }
1451
ATF_TC_CLEANUP(ktrace_failure,tc)1452 ATF_TC_CLEANUP(ktrace_failure, tc)
1453 {
1454 cleanup();
1455 }
1456
1457
1458 ATF_TC_WITH_CLEANUP(procctl_success);
ATF_TC_HEAD(procctl_success,tc)1459 ATF_TC_HEAD(procctl_success, tc)
1460 {
1461 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1462 "procctl(2) call");
1463 }
1464
ATF_TC_BODY(procctl_success,tc)1465 ATF_TC_BODY(procctl_success, tc)
1466 {
1467 pid = getpid();
1468 snprintf(pcregex, sizeof(pcregex), "procctl.*%d.*return,success", pid);
1469
1470 struct procctl_reaper_status reapstat;
1471 FILE *pipefd = setup(fds, auclass);
1472 /* Retrieve information about the reaper of current process (pid) */
1473 ATF_REQUIRE_EQ(0, procctl(P_PID, pid, PROC_REAP_STATUS, &reapstat));
1474 check_audit(fds, pcregex, pipefd);
1475 }
1476
ATF_TC_CLEANUP(procctl_success,tc)1477 ATF_TC_CLEANUP(procctl_success, tc)
1478 {
1479 cleanup();
1480 }
1481
1482
1483 ATF_TC_WITH_CLEANUP(procctl_failure);
ATF_TC_HEAD(procctl_failure,tc)1484 ATF_TC_HEAD(procctl_failure, tc)
1485 {
1486 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1487 "procctl(2) call");
1488 }
1489
ATF_TC_BODY(procctl_failure,tc)1490 ATF_TC_BODY(procctl_failure, tc)
1491 {
1492 pid = getpid();
1493 snprintf(pcregex, sizeof(pcregex), "procctl.*%d.*return,failure", pid);
1494
1495 FILE *pipefd = setup(fds, auclass);
1496 ATF_REQUIRE_EQ(-1, procctl(-1, -1, -1, NULL));
1497 check_audit(fds, pcregex, pipefd);
1498 }
1499
ATF_TC_CLEANUP(procctl_failure,tc)1500 ATF_TC_CLEANUP(procctl_failure, tc)
1501 {
1502 cleanup();
1503 }
1504
1505
1506 ATF_TC_WITH_CLEANUP(cap_enter_success);
ATF_TC_HEAD(cap_enter_success,tc)1507 ATF_TC_HEAD(cap_enter_success, tc)
1508 {
1509 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1510 "cap_enter(2) call");
1511 }
1512
ATF_TC_BODY(cap_enter_success,tc)1513 ATF_TC_BODY(cap_enter_success, tc)
1514 {
1515 ATF_REQUIRE_FEATURE("security_capability_mode");
1516
1517 FILE *pipefd = setup(fds, auclass);
1518 ATF_REQUIRE((pid = fork()) != -1);
1519 if (pid) {
1520 snprintf(pcregex, sizeof(pcregex),
1521 "cap_enter.*%d.*return,success", pid);
1522 ATF_REQUIRE(wait(&status) != -1);
1523 check_audit(fds, pcregex, pipefd);
1524 }
1525 else {
1526 ATF_REQUIRE_EQ(0, cap_enter());
1527 _exit(0);
1528 }
1529 }
1530
ATF_TC_CLEANUP(cap_enter_success,tc)1531 ATF_TC_CLEANUP(cap_enter_success, tc)
1532 {
1533 cleanup();
1534 }
1535
1536
1537 ATF_TC_WITH_CLEANUP(cap_getmode_success);
ATF_TC_HEAD(cap_getmode_success,tc)1538 ATF_TC_HEAD(cap_getmode_success, tc)
1539 {
1540 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1541 "cap_getmode(2) call");
1542 }
1543
ATF_TC_BODY(cap_getmode_success,tc)1544 ATF_TC_BODY(cap_getmode_success, tc)
1545 {
1546 int modep;
1547
1548 ATF_REQUIRE_FEATURE("security_capability_mode");
1549
1550 pid = getpid();
1551 snprintf(pcregex, sizeof(pcregex), "cap_getmode.*%d.*success", pid);
1552
1553 FILE *pipefd = setup(fds, auclass);
1554 ATF_REQUIRE_EQ(0, cap_getmode(&modep));
1555 check_audit(fds, pcregex, pipefd);
1556 }
1557
ATF_TC_CLEANUP(cap_getmode_success,tc)1558 ATF_TC_CLEANUP(cap_getmode_success, tc)
1559 {
1560 cleanup();
1561 }
1562
1563
1564 ATF_TC_WITH_CLEANUP(cap_getmode_failure);
ATF_TC_HEAD(cap_getmode_failure,tc)1565 ATF_TC_HEAD(cap_getmode_failure, tc)
1566 {
1567 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1568 "cap_getmode(2) call");
1569 }
1570
ATF_TC_BODY(cap_getmode_failure,tc)1571 ATF_TC_BODY(cap_getmode_failure, tc)
1572 {
1573 pid = getpid();
1574 snprintf(pcregex, sizeof(pcregex), "cap_getmode.*%d.*failure", pid);
1575
1576 FILE *pipefd = setup(fds, auclass);
1577 /* cap_getmode(2) can either fail with EFAULT or ENOSYS */
1578 ATF_REQUIRE_EQ(-1, cap_getmode(NULL));
1579 check_audit(fds, pcregex, pipefd);
1580 }
1581
ATF_TC_CLEANUP(cap_getmode_failure,tc)1582 ATF_TC_CLEANUP(cap_getmode_failure, tc)
1583 {
1584 cleanup();
1585 }
1586
1587
ATF_TP_ADD_TCS(tp)1588 ATF_TP_ADD_TCS(tp)
1589 {
1590 ATF_TP_ADD_TC(tp, fork_success);
1591 ATF_TP_ADD_TC(tp, _exit_success);
1592 ATF_TP_ADD_TC(tp, rfork_success);
1593 ATF_TP_ADD_TC(tp, rfork_failure);
1594
1595 ATF_TP_ADD_TC(tp, wait4_success);
1596 ATF_TP_ADD_TC(tp, wait4_failure);
1597 ATF_TP_ADD_TC(tp, wait6_success);
1598 ATF_TP_ADD_TC(tp, wait6_failure);
1599 ATF_TP_ADD_TC(tp, kill_success);
1600 ATF_TP_ADD_TC(tp, kill_failure);
1601
1602 ATF_TP_ADD_TC(tp, chdir_success);
1603 ATF_TP_ADD_TC(tp, chdir_failure);
1604 ATF_TP_ADD_TC(tp, fchdir_success);
1605 ATF_TP_ADD_TC(tp, fchdir_failure);
1606 ATF_TP_ADD_TC(tp, chroot_success);
1607 ATF_TP_ADD_TC(tp, chroot_failure);
1608
1609 ATF_TP_ADD_TC(tp, umask_success);
1610 ATF_TP_ADD_TC(tp, setuid_success);
1611 ATF_TP_ADD_TC(tp, seteuid_success);
1612 ATF_TP_ADD_TC(tp, setgid_success);
1613 ATF_TP_ADD_TC(tp, setegid_success);
1614
1615 ATF_TP_ADD_TC(tp, setreuid_success);
1616 ATF_TP_ADD_TC(tp, setregid_success);
1617 ATF_TP_ADD_TC(tp, setresuid_success);
1618 ATF_TP_ADD_TC(tp, setresgid_success);
1619
1620 ATF_TP_ADD_TC(tp, getresuid_success);
1621 ATF_TP_ADD_TC(tp, getresuid_failure);
1622 ATF_TP_ADD_TC(tp, getresgid_success);
1623 ATF_TP_ADD_TC(tp, getresgid_failure);
1624
1625 ATF_TP_ADD_TC(tp, setpriority_success);
1626 ATF_TP_ADD_TC(tp, setpriority_failure);
1627 ATF_TP_ADD_TC(tp, setgroups_success);
1628 ATF_TP_ADD_TC(tp, setgroups_failure);
1629 ATF_TP_ADD_TC(tp, setpgrp_success);
1630 ATF_TP_ADD_TC(tp, setpgrp_failure);
1631 ATF_TP_ADD_TC(tp, setsid_success);
1632 ATF_TP_ADD_TC(tp, setsid_failure);
1633 ATF_TP_ADD_TC(tp, setrlimit_success);
1634 ATF_TP_ADD_TC(tp, setrlimit_failure);
1635
1636 ATF_TP_ADD_TC(tp, mlock_success);
1637 ATF_TP_ADD_TC(tp, mlock_failure);
1638 ATF_TP_ADD_TC(tp, munlock_success);
1639 ATF_TP_ADD_TC(tp, munlock_failure);
1640 ATF_TP_ADD_TC(tp, minherit_success);
1641 ATF_TP_ADD_TC(tp, minherit_failure);
1642
1643 ATF_TP_ADD_TC(tp, setlogin_success);
1644 ATF_TP_ADD_TC(tp, setlogin_failure);
1645 ATF_TP_ADD_TC(tp, rtprio_success);
1646 ATF_TP_ADD_TC(tp, rtprio_failure);
1647
1648 ATF_TP_ADD_TC(tp, profil_success);
1649 ATF_TP_ADD_TC(tp, profil_failure);
1650 ATF_TP_ADD_TC(tp, ptrace_success);
1651 ATF_TP_ADD_TC(tp, ptrace_failure);
1652 ATF_TP_ADD_TC(tp, ktrace_success);
1653 ATF_TP_ADD_TC(tp, ktrace_failure);
1654 ATF_TP_ADD_TC(tp, procctl_success);
1655 ATF_TP_ADD_TC(tp, procctl_failure);
1656
1657 ATF_TP_ADD_TC(tp, cap_enter_success);
1658 ATF_TP_ADD_TC(tp, cap_getmode_success);
1659 ATF_TP_ADD_TC(tp, cap_getmode_failure);
1660
1661 return (atf_no_error());
1662 }
1663