xref: /freebsd/tests/sys/audit/miscellaneous.c (revision b3e7694832e81d7a904a10f525f8797b753bf0d3)
1*70eaeb36SAlan Somers /*-
2*70eaeb36SAlan Somers  * Copyright (c) 2018 Aniket Pandey
3*70eaeb36SAlan Somers  *
4*70eaeb36SAlan Somers  * Redistribution and use in source and binary forms, with or without
5*70eaeb36SAlan Somers  * modification, are permitted provided that the following conditions
6*70eaeb36SAlan Somers  * are met:
7*70eaeb36SAlan Somers  * 1. Redistributions of source code must retain the above copyright
8*70eaeb36SAlan Somers  *    notice, this list of conditions and the following disclaimer.
9*70eaeb36SAlan Somers  * 2. Redistributions in binary form must reproduce the above copyright
10*70eaeb36SAlan Somers  *    notice, this list of conditions and the following disclaimer in the
11*70eaeb36SAlan Somers  *    documentation and/or other materials provided with the distribution.
12*70eaeb36SAlan Somers  *
13*70eaeb36SAlan Somers  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14*70eaeb36SAlan Somers  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15*70eaeb36SAlan Somers  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16*70eaeb36SAlan Somers  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17*70eaeb36SAlan Somers  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18*70eaeb36SAlan Somers  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19*70eaeb36SAlan Somers  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20*70eaeb36SAlan Somers  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21*70eaeb36SAlan Somers  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22*70eaeb36SAlan Somers  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23*70eaeb36SAlan Somers  * SUCH DAMAGE.
24*70eaeb36SAlan Somers  */
25*70eaeb36SAlan Somers 
26*70eaeb36SAlan Somers #include <sys/types.h>
27*70eaeb36SAlan Somers #include <sys/sysctl.h>
28*70eaeb36SAlan Somers 
29*70eaeb36SAlan Somers #include <bsm/audit.h>
30*70eaeb36SAlan Somers #include <machine/sysarch.h>
31*70eaeb36SAlan Somers 
32*70eaeb36SAlan Somers #include <atf-c.h>
33*70eaeb36SAlan Somers #include <unistd.h>
34*70eaeb36SAlan Somers 
35*70eaeb36SAlan Somers #include "utils.h"
36*70eaeb36SAlan Somers 
37*70eaeb36SAlan Somers static pid_t pid;
38*70eaeb36SAlan Somers static char miscreg[80];
39*70eaeb36SAlan Somers static struct pollfd fds[1];
40*70eaeb36SAlan Somers static const char *auclass = "ot";
41*70eaeb36SAlan Somers 
42*70eaeb36SAlan Somers 
43*70eaeb36SAlan Somers /*
44*70eaeb36SAlan Somers  * Success case of audit(2) is skipped for now as the behaviour is quite
45*70eaeb36SAlan Somers  * undeterministic. It will be added when the intermittency is resolved.
46*70eaeb36SAlan Somers  */
47*70eaeb36SAlan Somers 
48*70eaeb36SAlan Somers 
49*70eaeb36SAlan Somers ATF_TC_WITH_CLEANUP(audit_failure);
ATF_TC_HEAD(audit_failure,tc)50*70eaeb36SAlan Somers ATF_TC_HEAD(audit_failure, tc)
51*70eaeb36SAlan Somers {
52*70eaeb36SAlan Somers 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
53*70eaeb36SAlan Somers 					"audit(2) call");
54*70eaeb36SAlan Somers }
55*70eaeb36SAlan Somers 
ATF_TC_BODY(audit_failure,tc)56*70eaeb36SAlan Somers ATF_TC_BODY(audit_failure, tc)
57*70eaeb36SAlan Somers {
58*70eaeb36SAlan Somers 	pid = getpid();
59*70eaeb36SAlan Somers 	snprintf(miscreg, sizeof(miscreg), "audit.*%d.*return,failure", pid);
60*70eaeb36SAlan Somers 
61*70eaeb36SAlan Somers 	FILE *pipefd = setup(fds, auclass);
62*70eaeb36SAlan Somers 	/* Failure reason: Invalid argument */
63*70eaeb36SAlan Somers 	ATF_REQUIRE_EQ(-1, audit(NULL, -1));
64*70eaeb36SAlan Somers 	check_audit(fds, miscreg, pipefd);
65*70eaeb36SAlan Somers }
66*70eaeb36SAlan Somers 
ATF_TC_CLEANUP(audit_failure,tc)67*70eaeb36SAlan Somers ATF_TC_CLEANUP(audit_failure, tc)
68*70eaeb36SAlan Somers {
69*70eaeb36SAlan Somers 	cleanup();
70*70eaeb36SAlan Somers }
71*70eaeb36SAlan Somers 
72*70eaeb36SAlan Somers 
73*70eaeb36SAlan Somers ATF_TC_WITH_CLEANUP(sysarch_success);
ATF_TC_HEAD(sysarch_success,tc)74*70eaeb36SAlan Somers ATF_TC_HEAD(sysarch_success, tc)
75*70eaeb36SAlan Somers {
76*70eaeb36SAlan Somers 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
77*70eaeb36SAlan Somers 					"sysarch(2) call");
78*70eaeb36SAlan Somers }
79*70eaeb36SAlan Somers 
ATF_TC_BODY(sysarch_success,tc)80*70eaeb36SAlan Somers ATF_TC_BODY(sysarch_success, tc)
81*70eaeb36SAlan Somers {
82*70eaeb36SAlan Somers 	pid = getpid();
83*70eaeb36SAlan Somers 	snprintf(miscreg, sizeof(miscreg), "sysarch.*%d.*return,success", pid);
84*70eaeb36SAlan Somers 
85*70eaeb36SAlan Somers 	/* Set sysnum to the syscall corresponding to the system architecture */
86*70eaeb36SAlan Somers #if defined(I386_GET_IOPERM)		/* i386 */
87*70eaeb36SAlan Somers 	struct i386_ioperm_args i3sysarg;
88*70eaeb36SAlan Somers 	bzero(&i3sysarg, sizeof(i3sysarg));
89*70eaeb36SAlan Somers 
90*70eaeb36SAlan Somers #elif defined(AMD64_GET_FSBASE)		/* amd64 */
91*70eaeb36SAlan Somers 	register_t amd64arg;
92*70eaeb36SAlan Somers 
93*70eaeb36SAlan Somers #elif defined(ARM_SYNC_ICACHE)		/* ARM */
94*70eaeb36SAlan Somers 	struct arm_sync_icache_args armsysarg;
95*70eaeb36SAlan Somers 	bzero(&armsysarg, sizeof(armsysarg));
96*70eaeb36SAlan Somers 
97*70eaeb36SAlan Somers #elif defined(SPARC_UTRAP_INSTALL)	/* Sparc64 */
98*70eaeb36SAlan Somers 	struct sparc_utrap_args handler = {
99*70eaeb36SAlan Somers 		.type		= UT_DIVISION_BY_ZERO,
100*70eaeb36SAlan Somers 		/* We don't want to change the previous handlers */
101*70eaeb36SAlan Somers 		.new_precise	= (void *)UTH_NOCHANGE,
102*70eaeb36SAlan Somers 		.new_deferred	= (void *)UTH_NOCHANGE,
103*70eaeb36SAlan Somers 		.old_precise	= NULL,
104*70eaeb36SAlan Somers 		.old_deferred	= NULL
105*70eaeb36SAlan Somers 	};
106*70eaeb36SAlan Somers 
107*70eaeb36SAlan Somers 	struct sparc_utrap_install_args sparc64arg = {
108*70eaeb36SAlan Somers 		.num 		= ST_DIVISION_BY_ZERO,
109*70eaeb36SAlan Somers 		.handlers	= &handler
110*70eaeb36SAlan Somers 	};
111*70eaeb36SAlan Somers #else
112*70eaeb36SAlan Somers 	/* For PowerPC, ARM64, RISCV archs, sysarch(2) is not supported */
113*70eaeb36SAlan Somers 	atf_tc_skip("sysarch(2) is not supported for the system architecture");
114*70eaeb36SAlan Somers #endif
115*70eaeb36SAlan Somers 
116*70eaeb36SAlan Somers 	FILE *pipefd = setup(fds, auclass);
117*70eaeb36SAlan Somers #if defined(I386_GET_IOPERM)
118*70eaeb36SAlan Somers 	ATF_REQUIRE_EQ(0, sysarch(I386_GET_IOPERM, &i3sysarg));
119*70eaeb36SAlan Somers #elif defined(AMD64_GET_FSBASE)
120*70eaeb36SAlan Somers 	ATF_REQUIRE_EQ(0, sysarch(AMD64_GET_FSBASE, &amd64arg));
121*70eaeb36SAlan Somers #elif defined(ARM_SYNC_ICACHE)
122*70eaeb36SAlan Somers 	ATF_REQUIRE_EQ(0, sysarch(ARM_SYNC_ICACHE, &armsysarg));
123*70eaeb36SAlan Somers #elif defined(SPARC_UTRAP_INSTALL)
124*70eaeb36SAlan Somers 	ATF_REQUIRE_EQ(0, sysarch(SPARC_UTRAP_INSTALL, &sparc64arg));
125*70eaeb36SAlan Somers #endif
126*70eaeb36SAlan Somers 	check_audit(fds, miscreg, pipefd);
127*70eaeb36SAlan Somers }
128*70eaeb36SAlan Somers 
ATF_TC_CLEANUP(sysarch_success,tc)129*70eaeb36SAlan Somers ATF_TC_CLEANUP(sysarch_success, tc)
130*70eaeb36SAlan Somers {
131*70eaeb36SAlan Somers 	cleanup();
132*70eaeb36SAlan Somers }
133*70eaeb36SAlan Somers 
134*70eaeb36SAlan Somers 
135*70eaeb36SAlan Somers ATF_TC_WITH_CLEANUP(sysarch_failure);
ATF_TC_HEAD(sysarch_failure,tc)136*70eaeb36SAlan Somers ATF_TC_HEAD(sysarch_failure, tc)
137*70eaeb36SAlan Somers {
138*70eaeb36SAlan Somers 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
139*70eaeb36SAlan Somers 				       "sysarch(2) call for any architecture");
140*70eaeb36SAlan Somers }
141*70eaeb36SAlan Somers 
ATF_TC_BODY(sysarch_failure,tc)142*70eaeb36SAlan Somers ATF_TC_BODY(sysarch_failure, tc)
143*70eaeb36SAlan Somers {
144*70eaeb36SAlan Somers 	pid = getpid();
145*70eaeb36SAlan Somers 	snprintf(miscreg, sizeof(miscreg), "sysarch.*%d.*return,failure", pid);
146*70eaeb36SAlan Somers 
147*70eaeb36SAlan Somers 	FILE *pipefd = setup(fds, auclass);
148*70eaeb36SAlan Somers 	/* Failure reason: Invalid argument and Bad address */
149*70eaeb36SAlan Somers 	ATF_REQUIRE_EQ(-1, sysarch(-1, NULL));
150*70eaeb36SAlan Somers 	check_audit(fds, miscreg, pipefd);
151*70eaeb36SAlan Somers }
152*70eaeb36SAlan Somers 
ATF_TC_CLEANUP(sysarch_failure,tc)153*70eaeb36SAlan Somers ATF_TC_CLEANUP(sysarch_failure, tc)
154*70eaeb36SAlan Somers {
155*70eaeb36SAlan Somers 	cleanup();
156*70eaeb36SAlan Somers }
157*70eaeb36SAlan Somers 
158*70eaeb36SAlan Somers 
159*70eaeb36SAlan Somers ATF_TC_WITH_CLEANUP(sysctl_success);
ATF_TC_HEAD(sysctl_success,tc)160*70eaeb36SAlan Somers ATF_TC_HEAD(sysctl_success, tc)
161*70eaeb36SAlan Somers {
162*70eaeb36SAlan Somers 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
163*70eaeb36SAlan Somers 					"sysctl(3) call");
164*70eaeb36SAlan Somers }
165*70eaeb36SAlan Somers 
ATF_TC_BODY(sysctl_success,tc)166*70eaeb36SAlan Somers ATF_TC_BODY(sysctl_success, tc)
167*70eaeb36SAlan Somers {
168*70eaeb36SAlan Somers 	int mib[2], maxproc;
169*70eaeb36SAlan Somers 	size_t proclen;
170*70eaeb36SAlan Somers 
171*70eaeb36SAlan Somers 	/* Set mib to retrieve the maximum number of allowed processes */
172*70eaeb36SAlan Somers 	mib[0] = CTL_KERN;
173*70eaeb36SAlan Somers 	mib[1] = KERN_MAXPROC;
174*70eaeb36SAlan Somers 	proclen = sizeof(maxproc);
175*70eaeb36SAlan Somers 
176*70eaeb36SAlan Somers 	pid = getpid();
177*70eaeb36SAlan Somers 	snprintf(miscreg, sizeof(miscreg), "sysctl.*%d.*return,success", pid);
178*70eaeb36SAlan Somers 
179*70eaeb36SAlan Somers 	FILE *pipefd = setup(fds, auclass);
180*70eaeb36SAlan Somers 	ATF_REQUIRE_EQ(0, sysctl(mib, 2, &maxproc, &proclen, NULL, 0));
181*70eaeb36SAlan Somers 	check_audit(fds, miscreg, pipefd);
182*70eaeb36SAlan Somers }
183*70eaeb36SAlan Somers 
ATF_TC_CLEANUP(sysctl_success,tc)184*70eaeb36SAlan Somers ATF_TC_CLEANUP(sysctl_success, tc)
185*70eaeb36SAlan Somers {
186*70eaeb36SAlan Somers 	cleanup();
187*70eaeb36SAlan Somers }
188*70eaeb36SAlan Somers 
189*70eaeb36SAlan Somers 
190*70eaeb36SAlan Somers ATF_TC_WITH_CLEANUP(sysctl_failure);
ATF_TC_HEAD(sysctl_failure,tc)191*70eaeb36SAlan Somers ATF_TC_HEAD(sysctl_failure, tc)
192*70eaeb36SAlan Somers {
193*70eaeb36SAlan Somers 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
194*70eaeb36SAlan Somers 					"sysctl(3) call");
195*70eaeb36SAlan Somers }
196*70eaeb36SAlan Somers 
ATF_TC_BODY(sysctl_failure,tc)197*70eaeb36SAlan Somers ATF_TC_BODY(sysctl_failure, tc)
198*70eaeb36SAlan Somers {
199*70eaeb36SAlan Somers 	pid = getpid();
200*70eaeb36SAlan Somers 	snprintf(miscreg, sizeof(miscreg), "sysctl.*%d.*return,failure", pid);
201*70eaeb36SAlan Somers 
202*70eaeb36SAlan Somers 	FILE *pipefd = setup(fds, auclass);
203*70eaeb36SAlan Somers 	/* Failure reason: Invalid arguments */
204*70eaeb36SAlan Somers 	ATF_REQUIRE_EQ(-1, sysctl(NULL, 0, NULL, NULL, NULL, 0));
205*70eaeb36SAlan Somers 	check_audit(fds, miscreg, pipefd);
206*70eaeb36SAlan Somers }
207*70eaeb36SAlan Somers 
ATF_TC_CLEANUP(sysctl_failure,tc)208*70eaeb36SAlan Somers ATF_TC_CLEANUP(sysctl_failure, tc)
209*70eaeb36SAlan Somers {
210*70eaeb36SAlan Somers 	cleanup();
211*70eaeb36SAlan Somers }
212*70eaeb36SAlan Somers 
213*70eaeb36SAlan Somers 
ATF_TP_ADD_TCS(tp)214*70eaeb36SAlan Somers ATF_TP_ADD_TCS(tp)
215*70eaeb36SAlan Somers {
216*70eaeb36SAlan Somers 	ATF_TP_ADD_TC(tp, audit_failure);
217*70eaeb36SAlan Somers 
218*70eaeb36SAlan Somers 	ATF_TP_ADD_TC(tp, sysarch_success);
219*70eaeb36SAlan Somers 	ATF_TP_ADD_TC(tp, sysarch_failure);
220*70eaeb36SAlan Somers 
221*70eaeb36SAlan Somers 	ATF_TP_ADD_TC(tp, sysctl_success);
222*70eaeb36SAlan Somers 	ATF_TP_ADD_TC(tp, sysctl_failure);
223*70eaeb36SAlan Somers 
224*70eaeb36SAlan Somers 	return (atf_no_error());
225*70eaeb36SAlan Somers }
226