1 /*- 2 * Copyright (c) 2018 Aniket Pandey 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * SUCH DAMAGE. 24 */ 25 26 #include <sys/param.h> 27 #include <sys/capsicum.h> 28 #include <sys/uio.h> 29 #include <sys/ktrace.h> 30 #include <sys/mman.h> 31 #include <sys/procctl.h> 32 #include <sys/ptrace.h> 33 #include <sys/resource.h> 34 #include <sys/rtprio.h> 35 #include <sys/stat.h> 36 #include <sys/sysctl.h> 37 #include <sys/time.h> 38 #include <sys/wait.h> 39 40 #include <atf-c.h> 41 #include <fcntl.h> 42 #include <signal.h> 43 #include <stdint.h> 44 #include <stdlib.h> 45 #include <unistd.h> 46 47 #include "utils.h" 48 49 #include "freebsd_test_suite/macros.h" 50 51 static pid_t pid; 52 static int filedesc, status; 53 static struct pollfd fds[1]; 54 static char pcregex[80]; 55 static const char *auclass = "pc"; 56 57 58 ATF_TC_WITH_CLEANUP(fork_success); 59 ATF_TC_HEAD(fork_success, tc) 60 { 61 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 62 "fork(2) call"); 63 } 64 65 ATF_TC_BODY(fork_success, tc) 66 { 67 pid = getpid(); 68 snprintf(pcregex, sizeof(pcregex), "fork.*%d.*return,success", pid); 69 70 FILE *pipefd = setup(fds, auclass); 71 /* Check if fork(2) succeded. If so, exit from the child process */ 72 ATF_REQUIRE((pid = fork()) != -1); 73 if (pid) 74 check_audit(fds, pcregex, pipefd); 75 else 76 _exit(0); 77 } 78 79 ATF_TC_CLEANUP(fork_success, tc) 80 { 81 cleanup(); 82 } 83 84 /* 85 * No fork(2) in failure mode since possibilities for failure are only when 86 * user is not privileged or when the number of processes exceed KERN_MAXPROC. 87 */ 88 89 90 ATF_TC_WITH_CLEANUP(_exit_success); 91 ATF_TC_HEAD(_exit_success, tc) 92 { 93 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 94 "_exit(2) call"); 95 } 96 97 ATF_TC_BODY(_exit_success, tc) 98 { 99 FILE *pipefd = setup(fds, auclass); 100 ATF_REQUIRE((pid = fork()) != -1); 101 if (pid) { 102 snprintf(pcregex, sizeof(pcregex), "exit.*%d.*success", pid); 103 check_audit(fds, pcregex, pipefd); 104 } 105 else 106 _exit(0); 107 } 108 109 ATF_TC_CLEANUP(_exit_success, tc) 110 { 111 cleanup(); 112 } 113 114 /* 115 * _exit(2) never returns, hence the auditing by default is always successful 116 */ 117 118 119 ATF_TC_WITH_CLEANUP(rfork_success); 120 ATF_TC_HEAD(rfork_success, tc) 121 { 122 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 123 "rfork(2) call"); 124 } 125 126 ATF_TC_BODY(rfork_success, tc) 127 { 128 pid = getpid(); 129 snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,success", pid); 130 131 FILE *pipefd = setup(fds, auclass); 132 ATF_REQUIRE((pid = rfork(RFPROC)) != -1); 133 if (pid) 134 check_audit(fds, pcregex, pipefd); 135 else 136 _exit(0); 137 } 138 139 ATF_TC_CLEANUP(rfork_success, tc) 140 { 141 cleanup(); 142 } 143 144 145 ATF_TC_WITH_CLEANUP(rfork_failure); 146 ATF_TC_HEAD(rfork_failure, tc) 147 { 148 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 149 "rfork(2) call"); 150 } 151 152 ATF_TC_BODY(rfork_failure, tc) 153 { 154 pid = getpid(); 155 snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,failure", pid); 156 157 FILE *pipefd = setup(fds, auclass); 158 /* Failure reason: Invalid argument */ 159 ATF_REQUIRE_EQ(-1, rfork(-1)); 160 check_audit(fds, pcregex, pipefd); 161 } 162 163 ATF_TC_CLEANUP(rfork_failure, tc) 164 { 165 cleanup(); 166 } 167 168 169 ATF_TC_WITH_CLEANUP(wait4_success); 170 ATF_TC_HEAD(wait4_success, tc) 171 { 172 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 173 "wait4(2) call"); 174 } 175 176 ATF_TC_BODY(wait4_success, tc) 177 { 178 pid = getpid(); 179 snprintf(pcregex, sizeof(pcregex), "wait4.*%d.*return,success", pid); 180 181 ATF_REQUIRE((pid = fork()) != -1); 182 if (pid) { 183 FILE *pipefd = setup(fds, auclass); 184 /* wpid = -1 : Wait for any child process */ 185 ATF_REQUIRE(wait4(-1, &status, 0, NULL) != -1); 186 check_audit(fds, pcregex, pipefd); 187 } 188 else 189 _exit(0); 190 } 191 192 ATF_TC_CLEANUP(wait4_success, tc) 193 { 194 cleanup(); 195 } 196 197 198 ATF_TC_WITH_CLEANUP(wait4_failure); 199 ATF_TC_HEAD(wait4_failure, tc) 200 { 201 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 202 "wait4(2) call"); 203 } 204 205 ATF_TC_BODY(wait4_failure, tc) 206 { 207 pid = getpid(); 208 snprintf(pcregex, sizeof(pcregex), "wait4.*%d.*return,failure", pid); 209 210 FILE *pipefd = setup(fds, auclass); 211 /* Failure reason: No child process to wait for */ 212 ATF_REQUIRE_EQ(-1, wait4(-1, NULL, 0, NULL)); 213 check_audit(fds, pcregex, pipefd); 214 } 215 216 ATF_TC_CLEANUP(wait4_failure, tc) 217 { 218 cleanup(); 219 } 220 221 222 ATF_TC_WITH_CLEANUP(wait6_success); 223 ATF_TC_HEAD(wait6_success, tc) 224 { 225 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 226 "wait6(2) call"); 227 } 228 229 ATF_TC_BODY(wait6_success, tc) 230 { 231 pid = getpid(); 232 snprintf(pcregex, sizeof(pcregex), "wait6.*%d.*return,success", pid); 233 234 ATF_REQUIRE((pid = fork()) != -1); 235 if (pid) { 236 FILE *pipefd = setup(fds, auclass); 237 ATF_REQUIRE(wait6(P_ALL, 0, &status, WEXITED, NULL,NULL) != -1); 238 check_audit(fds, pcregex, pipefd); 239 } 240 else 241 _exit(0); 242 } 243 244 ATF_TC_CLEANUP(wait6_success, tc) 245 { 246 cleanup(); 247 } 248 249 250 ATF_TC_WITH_CLEANUP(wait6_failure); 251 ATF_TC_HEAD(wait6_failure, tc) 252 { 253 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 254 "wait6(2) call"); 255 } 256 257 ATF_TC_BODY(wait6_failure, tc) 258 { 259 pid = getpid(); 260 snprintf(pcregex, sizeof(pcregex), "wait6.*%d.*return,failure", pid); 261 262 FILE *pipefd = setup(fds, auclass); 263 /* Failure reason: Invalid argument */ 264 ATF_REQUIRE_EQ(-1, wait6(0, 0, NULL, 0, NULL, NULL)); 265 check_audit(fds, pcregex, pipefd); 266 } 267 268 ATF_TC_CLEANUP(wait6_failure, tc) 269 { 270 cleanup(); 271 } 272 273 274 ATF_TC_WITH_CLEANUP(kill_success); 275 ATF_TC_HEAD(kill_success, tc) 276 { 277 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 278 "kill(2) call"); 279 } 280 281 ATF_TC_BODY(kill_success, tc) 282 { 283 pid = getpid(); 284 snprintf(pcregex, sizeof(pcregex), "kill.*%d.*return,success", pid); 285 286 FILE *pipefd = setup(fds, auclass); 287 /* Don't send any signal to anyone, live in peace! */ 288 ATF_REQUIRE_EQ(0, kill(0, 0)); 289 check_audit(fds, pcregex, pipefd); 290 } 291 292 ATF_TC_CLEANUP(kill_success, tc) 293 { 294 cleanup(); 295 } 296 297 298 ATF_TC_WITH_CLEANUP(kill_failure); 299 ATF_TC_HEAD(kill_failure, tc) 300 { 301 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 302 "kill(2) call"); 303 } 304 305 ATF_TC_BODY(kill_failure, tc) 306 { 307 pid = getpid(); 308 snprintf(pcregex, sizeof(pcregex), "kill.*%d.*return,failure", pid); 309 310 FILE *pipefd = setup(fds, auclass); 311 /* 312 * Failure reason: Non existent process with PID '-2' 313 * Note: '-1' is not used as it means sending no signal to 314 * all non-system processes: A successful invocation 315 */ 316 ATF_REQUIRE_EQ(-1, kill(0, -2)); 317 check_audit(fds, pcregex, pipefd); 318 } 319 320 ATF_TC_CLEANUP(kill_failure, tc) 321 { 322 cleanup(); 323 } 324 325 326 ATF_TC_WITH_CLEANUP(chdir_success); 327 ATF_TC_HEAD(chdir_success, tc) 328 { 329 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 330 "chdir(2) call"); 331 } 332 333 ATF_TC_BODY(chdir_success, tc) 334 { 335 pid = getpid(); 336 snprintf(pcregex, sizeof(pcregex), "chdir.*/.*%d.*return,success", pid); 337 338 FILE *pipefd = setup(fds, auclass); 339 ATF_REQUIRE_EQ(0, chdir("/")); 340 check_audit(fds, pcregex, pipefd); 341 } 342 343 ATF_TC_CLEANUP(chdir_success, tc) 344 { 345 cleanup(); 346 } 347 348 349 ATF_TC_WITH_CLEANUP(chdir_failure); 350 ATF_TC_HEAD(chdir_failure, tc) 351 { 352 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 353 "chdir(2) call"); 354 } 355 356 ATF_TC_BODY(chdir_failure, tc) 357 { 358 pid = getpid(); 359 snprintf(pcregex, sizeof(pcregex), "chdir.*%d.*return,failure", pid); 360 361 FILE *pipefd = setup(fds, auclass); 362 /* Failure reason: Bad address */ 363 ATF_REQUIRE_EQ(-1, chdir(NULL)); 364 check_audit(fds, pcregex, pipefd); 365 } 366 367 ATF_TC_CLEANUP(chdir_failure, tc) 368 { 369 cleanup(); 370 } 371 372 373 ATF_TC_WITH_CLEANUP(fchdir_success); 374 ATF_TC_HEAD(fchdir_success, tc) 375 { 376 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 377 "fchdir(2) call"); 378 } 379 380 ATF_TC_BODY(fchdir_success, tc) 381 { 382 /* Build an absolute path to the test-case directory */ 383 char dirpath[50]; 384 ATF_REQUIRE(getcwd(dirpath, sizeof(dirpath)) != NULL); 385 ATF_REQUIRE((filedesc = open(dirpath, O_RDONLY)) != -1); 386 387 /* Audit record generated by fchdir(2) does not contain filedesc */ 388 pid = getpid(); 389 snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,success", pid); 390 391 FILE *pipefd = setup(fds, auclass); 392 ATF_REQUIRE_EQ(0, fchdir(filedesc)); 393 check_audit(fds, pcregex, pipefd); 394 close(filedesc); 395 } 396 397 ATF_TC_CLEANUP(fchdir_success, tc) 398 { 399 cleanup(); 400 } 401 402 403 ATF_TC_WITH_CLEANUP(fchdir_failure); 404 ATF_TC_HEAD(fchdir_failure, tc) 405 { 406 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 407 "fchdir(2) call"); 408 } 409 410 ATF_TC_BODY(fchdir_failure, tc) 411 { 412 pid = getpid(); 413 snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,failure", pid); 414 415 FILE *pipefd = setup(fds, auclass); 416 /* Failure reason: Bad directory address */ 417 ATF_REQUIRE_EQ(-1, fchdir(-1)); 418 check_audit(fds, pcregex, pipefd); 419 } 420 421 ATF_TC_CLEANUP(fchdir_failure, tc) 422 { 423 cleanup(); 424 } 425 426 427 ATF_TC_WITH_CLEANUP(chroot_success); 428 ATF_TC_HEAD(chroot_success, tc) 429 { 430 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 431 "chroot(2) call"); 432 } 433 434 ATF_TC_BODY(chroot_success, tc) 435 { 436 pid = getpid(); 437 snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,success", pid); 438 439 FILE *pipefd = setup(fds, auclass); 440 /* We don't want to change the root directory, hence '/' */ 441 ATF_REQUIRE_EQ(0, chroot("/")); 442 check_audit(fds, pcregex, pipefd); 443 } 444 445 ATF_TC_CLEANUP(chroot_success, tc) 446 { 447 cleanup(); 448 } 449 450 451 ATF_TC_WITH_CLEANUP(chroot_failure); 452 ATF_TC_HEAD(chroot_failure, tc) 453 { 454 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 455 "chroot(2) call"); 456 } 457 458 ATF_TC_BODY(chroot_failure, tc) 459 { 460 pid = getpid(); 461 snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,failure", pid); 462 463 FILE *pipefd = setup(fds, auclass); 464 ATF_REQUIRE_EQ(-1, chroot(NULL)); 465 check_audit(fds, pcregex, pipefd); 466 } 467 468 ATF_TC_CLEANUP(chroot_failure, tc) 469 { 470 cleanup(); 471 } 472 473 474 ATF_TC_WITH_CLEANUP(umask_success); 475 ATF_TC_HEAD(umask_success, tc) 476 { 477 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 478 "umask(2) call"); 479 } 480 481 ATF_TC_BODY(umask_success, tc) 482 { 483 pid = getpid(); 484 snprintf(pcregex, sizeof(pcregex), "umask.*%d.*return,success", pid); 485 486 FILE *pipefd = setup(fds, auclass); 487 umask(0); 488 check_audit(fds, pcregex, pipefd); 489 } 490 491 ATF_TC_CLEANUP(umask_success, tc) 492 { 493 cleanup(); 494 } 495 496 /* 497 * umask(2) system call never fails. Hence, no test case for failure mode 498 */ 499 500 501 ATF_TC_WITH_CLEANUP(setuid_success); 502 ATF_TC_HEAD(setuid_success, tc) 503 { 504 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 505 "setuid(2) call"); 506 } 507 508 ATF_TC_BODY(setuid_success, tc) 509 { 510 pid = getpid(); 511 snprintf(pcregex, sizeof(pcregex), "setuid.*%d.*return,success", pid); 512 513 FILE *pipefd = setup(fds, auclass); 514 /* Since we're privileged, we'll let ourselves be privileged! */ 515 ATF_REQUIRE_EQ(0, setuid(0)); 516 check_audit(fds, pcregex, pipefd); 517 } 518 519 ATF_TC_CLEANUP(setuid_success, tc) 520 { 521 cleanup(); 522 } 523 524 /* 525 * setuid(2) fails only when the current user is not root. So no test case for 526 * failure mode since the required_user="root" 527 */ 528 529 530 ATF_TC_WITH_CLEANUP(seteuid_success); 531 ATF_TC_HEAD(seteuid_success, tc) 532 { 533 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 534 "seteuid(2) call"); 535 } 536 537 ATF_TC_BODY(seteuid_success, tc) 538 { 539 pid = getpid(); 540 snprintf(pcregex, sizeof(pcregex), "seteuid.*%d.*return,success", pid); 541 542 FILE *pipefd = setup(fds, auclass); 543 /* This time, we'll let ourselves be 'effectively' privileged! */ 544 ATF_REQUIRE_EQ(0, seteuid(0)); 545 check_audit(fds, pcregex, pipefd); 546 } 547 548 ATF_TC_CLEANUP(seteuid_success, tc) 549 { 550 cleanup(); 551 } 552 553 /* 554 * seteuid(2) fails only when the current user is not root. So no test case for 555 * failure mode since the required_user="root" 556 */ 557 558 559 ATF_TC_WITH_CLEANUP(setgid_success); 560 ATF_TC_HEAD(setgid_success, tc) 561 { 562 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 563 "setgid(2) call"); 564 } 565 566 ATF_TC_BODY(setgid_success, tc) 567 { 568 pid = getpid(); 569 snprintf(pcregex, sizeof(pcregex), "setgid.*%d.*return,success", pid); 570 571 FILE *pipefd = setup(fds, auclass); 572 ATF_REQUIRE_EQ(0, setgid(0)); 573 check_audit(fds, pcregex, pipefd); 574 } 575 576 ATF_TC_CLEANUP(setgid_success, tc) 577 { 578 cleanup(); 579 } 580 581 /* 582 * setgid(2) fails only when the current user is not root. So no test case for 583 * failure mode since the required_user="root" 584 */ 585 586 587 ATF_TC_WITH_CLEANUP(setegid_success); 588 ATF_TC_HEAD(setegid_success, tc) 589 { 590 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 591 "setegid(2) call"); 592 } 593 594 ATF_TC_BODY(setegid_success, tc) 595 { 596 pid = getpid(); 597 snprintf(pcregex, sizeof(pcregex), "setegid.*%d.*return,success", pid); 598 599 FILE *pipefd = setup(fds, auclass); 600 ATF_REQUIRE_EQ(0, setegid(0)); 601 check_audit(fds, pcregex, pipefd); 602 } 603 604 ATF_TC_CLEANUP(setegid_success, tc) 605 { 606 cleanup(); 607 } 608 609 /* 610 * setegid(2) fails only when the current user is not root. So no test case for 611 * failure mode since the required_user="root" 612 */ 613 614 615 ATF_TC_WITH_CLEANUP(setregid_success); 616 ATF_TC_HEAD(setregid_success, tc) 617 { 618 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 619 "setregid(2) call"); 620 } 621 622 ATF_TC_BODY(setregid_success, tc) 623 { 624 pid = getpid(); 625 snprintf(pcregex, sizeof(pcregex), "setregid.*%d.*return,success", pid); 626 627 FILE *pipefd = setup(fds, auclass); 628 /* setregid(-1, -1) does not change any real or effective GIDs */ 629 ATF_REQUIRE_EQ(0, setregid(-1, -1)); 630 check_audit(fds, pcregex, pipefd); 631 } 632 633 ATF_TC_CLEANUP(setregid_success, tc) 634 { 635 cleanup(); 636 } 637 638 /* 639 * setregid(2) fails only when the current user is not root. So no test case for 640 * failure mode since the required_user="root" 641 */ 642 643 644 ATF_TC_WITH_CLEANUP(setreuid_success); 645 ATF_TC_HEAD(setreuid_success, tc) 646 { 647 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 648 "setreuid(2) call"); 649 } 650 651 ATF_TC_BODY(setreuid_success, tc) 652 { 653 pid = getpid(); 654 snprintf(pcregex, sizeof(pcregex), "setreuid.*%d.*return,success", pid); 655 656 FILE *pipefd = setup(fds, auclass); 657 /* setreuid(-1, -1) does not change any real or effective UIDs */ 658 ATF_REQUIRE_EQ(0, setreuid(-1, -1)); 659 check_audit(fds, pcregex, pipefd); 660 } 661 662 ATF_TC_CLEANUP(setreuid_success, tc) 663 { 664 cleanup(); 665 } 666 667 /* 668 * setregid(2) fails only when the current user is not root. So no test case for 669 * failure mode since the required_user="root" 670 */ 671 672 673 ATF_TC_WITH_CLEANUP(setresuid_success); 674 ATF_TC_HEAD(setresuid_success, tc) 675 { 676 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 677 "setresuid(2) call"); 678 } 679 680 ATF_TC_BODY(setresuid_success, tc) 681 { 682 pid = getpid(); 683 snprintf(pcregex, sizeof(pcregex), "setresuid.*%d.*return,success", pid); 684 685 FILE *pipefd = setup(fds, auclass); 686 /* setresuid(-1, -1, -1) does not change real, effective & saved UIDs */ 687 ATF_REQUIRE_EQ(0, setresuid(-1, -1, -1)); 688 check_audit(fds, pcregex, pipefd); 689 } 690 691 ATF_TC_CLEANUP(setresuid_success, tc) 692 { 693 cleanup(); 694 } 695 696 /* 697 * setresuid(2) fails only when the current user is not root. So no test case 698 * for failure mode since the required_user="root" 699 */ 700 701 702 ATF_TC_WITH_CLEANUP(setresgid_success); 703 ATF_TC_HEAD(setresgid_success, tc) 704 { 705 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 706 "setresgid(2) call"); 707 } 708 709 ATF_TC_BODY(setresgid_success, tc) 710 { 711 pid = getpid(); 712 snprintf(pcregex, sizeof(pcregex), "setresgid.*%d.*ret.*success", pid); 713 714 FILE *pipefd = setup(fds, auclass); 715 /* setresgid(-1, -1, -1) does not change real, effective & saved GIDs */ 716 ATF_REQUIRE_EQ(0, setresgid(-1, -1, -1)); 717 check_audit(fds, pcregex, pipefd); 718 } 719 720 ATF_TC_CLEANUP(setresgid_success, tc) 721 { 722 cleanup(); 723 } 724 725 /* 726 * setresgid(2) fails only when the current user is not root. So no test case 727 * for failure mode since the required_user="root" 728 */ 729 730 731 ATF_TC_WITH_CLEANUP(getresuid_success); 732 ATF_TC_HEAD(getresuid_success, tc) 733 { 734 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 735 "getresuid(2) call"); 736 } 737 738 ATF_TC_BODY(getresuid_success, tc) 739 { 740 pid = getpid(); 741 snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*success", pid); 742 743 FILE *pipefd = setup(fds, auclass); 744 ATF_REQUIRE_EQ(0, getresuid(NULL, NULL, NULL)); 745 check_audit(fds, pcregex, pipefd); 746 } 747 748 ATF_TC_CLEANUP(getresuid_success, tc) 749 { 750 cleanup(); 751 } 752 753 754 ATF_TC_WITH_CLEANUP(getresuid_failure); 755 ATF_TC_HEAD(getresuid_failure, tc) 756 { 757 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 758 "getresuid(2) call"); 759 } 760 761 ATF_TC_BODY(getresuid_failure, tc) 762 { 763 pid = getpid(); 764 snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*failure", pid); 765 766 FILE *pipefd = setup(fds, auclass); 767 /* Failure reason: Invalid address "-1" */ 768 ATF_REQUIRE_EQ(-1, getresuid((uid_t *)-1, NULL, NULL)); 769 check_audit(fds, pcregex, pipefd); 770 } 771 772 ATF_TC_CLEANUP(getresuid_failure, tc) 773 { 774 cleanup(); 775 } 776 777 778 ATF_TC_WITH_CLEANUP(getresgid_success); 779 ATF_TC_HEAD(getresgid_success, tc) 780 { 781 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 782 "getresgid(2) call"); 783 } 784 785 ATF_TC_BODY(getresgid_success, tc) 786 { 787 pid = getpid(); 788 snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*success", pid); 789 790 FILE *pipefd = setup(fds, auclass); 791 ATF_REQUIRE_EQ(0, getresgid(NULL, NULL, NULL)); 792 check_audit(fds, pcregex, pipefd); 793 } 794 795 ATF_TC_CLEANUP(getresgid_success, tc) 796 { 797 cleanup(); 798 } 799 800 801 ATF_TC_WITH_CLEANUP(getresgid_failure); 802 ATF_TC_HEAD(getresgid_failure, tc) 803 { 804 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 805 "getresgid(2) call"); 806 } 807 808 ATF_TC_BODY(getresgid_failure, tc) 809 { 810 pid = getpid(); 811 snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*failure", pid); 812 813 FILE *pipefd = setup(fds, auclass); 814 /* Failure reason: Invalid address "-1" */ 815 ATF_REQUIRE_EQ(-1, getresgid((gid_t *)-1, NULL, NULL)); 816 check_audit(fds, pcregex, pipefd); 817 } 818 819 ATF_TC_CLEANUP(getresgid_failure, tc) 820 { 821 cleanup(); 822 } 823 824 825 ATF_TC_WITH_CLEANUP(setpriority_success); 826 ATF_TC_HEAD(setpriority_success, tc) 827 { 828 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 829 "setpriority(2) call"); 830 } 831 832 ATF_TC_BODY(setpriority_success, tc) 833 { 834 pid = getpid(); 835 snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*success", pid); 836 837 FILE *pipefd = setup(fds, auclass); 838 ATF_REQUIRE_EQ(0, setpriority(PRIO_PROCESS, 0, 0)); 839 check_audit(fds, pcregex, pipefd); 840 } 841 842 ATF_TC_CLEANUP(setpriority_success, tc) 843 { 844 cleanup(); 845 } 846 847 848 ATF_TC_WITH_CLEANUP(setpriority_failure); 849 ATF_TC_HEAD(setpriority_failure, tc) 850 { 851 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 852 "setpriority(2) call"); 853 } 854 855 ATF_TC_BODY(setpriority_failure, tc) 856 { 857 pid = getpid(); 858 snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*failure", pid); 859 860 FILE *pipefd = setup(fds, auclass); 861 ATF_REQUIRE_EQ(-1, setpriority(-1, -1, -1)); 862 check_audit(fds, pcregex, pipefd); 863 } 864 865 ATF_TC_CLEANUP(setpriority_failure, tc) 866 { 867 cleanup(); 868 } 869 870 871 ATF_TC_WITH_CLEANUP(setgroups_success); 872 ATF_TC_HEAD(setgroups_success, tc) 873 { 874 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 875 "setgroups(2) call"); 876 } 877 878 ATF_TC_BODY(setgroups_success, tc) 879 { 880 gid_t gids[5]; 881 pid = getpid(); 882 snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*success", pid); 883 /* Retrieve the current group access list to be used with setgroups */ 884 ATF_REQUIRE(getgroups(sizeof(gids)/sizeof(gids[0]), gids) != -1); 885 886 FILE *pipefd = setup(fds, auclass); 887 ATF_REQUIRE_EQ(0, setgroups(sizeof(gids)/sizeof(gids[0]), gids)); 888 check_audit(fds, pcregex, pipefd); 889 } 890 891 ATF_TC_CLEANUP(setgroups_success, tc) 892 { 893 cleanup(); 894 } 895 896 897 ATF_TC_WITH_CLEANUP(setgroups_failure); 898 ATF_TC_HEAD(setgroups_failure, tc) 899 { 900 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 901 "setgroups(2) call"); 902 } 903 904 ATF_TC_BODY(setgroups_failure, tc) 905 { 906 pid = getpid(); 907 snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*failure", pid); 908 909 FILE *pipefd = setup(fds, auclass); 910 ATF_REQUIRE_EQ(-1, setgroups(-1, NULL)); 911 check_audit(fds, pcregex, pipefd); 912 } 913 914 ATF_TC_CLEANUP(setgroups_failure, tc) 915 { 916 cleanup(); 917 } 918 919 920 ATF_TC_WITH_CLEANUP(setpgrp_success); 921 ATF_TC_HEAD(setpgrp_success, tc) 922 { 923 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 924 "setpgrp(2) call"); 925 } 926 927 ATF_TC_BODY(setpgrp_success, tc) 928 { 929 /* Main procedure is carried out from within the child process */ 930 ATF_REQUIRE((pid = fork()) != -1); 931 if (pid) { 932 ATF_REQUIRE(wait(&status) != -1); 933 } else { 934 pid = getpid(); 935 snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*success", pid); 936 937 FILE *pipefd = setup(fds, auclass); 938 ATF_REQUIRE_EQ(0, setpgrp(0, 0)); 939 check_audit(fds, pcregex, pipefd); 940 } 941 } 942 943 ATF_TC_CLEANUP(setpgrp_success, tc) 944 { 945 cleanup(); 946 } 947 948 949 ATF_TC_WITH_CLEANUP(setpgrp_failure); 950 ATF_TC_HEAD(setpgrp_failure, tc) 951 { 952 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 953 "setpgrp(2) call"); 954 } 955 956 ATF_TC_BODY(setpgrp_failure, tc) 957 { 958 pid = getpid(); 959 snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*return,failure", pid); 960 961 FILE *pipefd = setup(fds, auclass); 962 ATF_REQUIRE_EQ(-1, setpgrp(-1, -1)); 963 check_audit(fds, pcregex, pipefd); 964 } 965 966 ATF_TC_CLEANUP(setpgrp_failure, tc) 967 { 968 cleanup(); 969 } 970 971 972 ATF_TC_WITH_CLEANUP(setsid_success); 973 ATF_TC_HEAD(setsid_success, tc) 974 { 975 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 976 "setsid(2) call"); 977 } 978 979 ATF_TC_BODY(setsid_success, tc) 980 { 981 /* Main procedure is carried out from within the child process */ 982 ATF_REQUIRE((pid = fork()) != -1); 983 if (pid) { 984 ATF_REQUIRE(wait(&status) != -1); 985 } else { 986 pid = getpid(); 987 snprintf(pcregex, sizeof(pcregex), "setsid.*%d.*success", pid); 988 989 FILE *pipefd = setup(fds, auclass); 990 ATF_REQUIRE(setsid() != -1); 991 check_audit(fds, pcregex, pipefd); 992 } 993 } 994 995 ATF_TC_CLEANUP(setsid_success, tc) 996 { 997 cleanup(); 998 } 999 1000 1001 ATF_TC_WITH_CLEANUP(setsid_failure); 1002 ATF_TC_HEAD(setsid_failure, tc) 1003 { 1004 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1005 "setsid(2) call"); 1006 } 1007 1008 ATF_TC_BODY(setsid_failure, tc) 1009 { 1010 pid = getpid(); 1011 snprintf(pcregex, sizeof(pcregex), "setsid.*%d.*return,failure", pid); 1012 1013 /* 1014 * Here, we are intentionally ignoring the output of the setsid() 1015 * call because it may or may not be a process leader already. But it 1016 * ensures that the next invocation of setsid() will definitely fail. 1017 */ 1018 setsid(); 1019 FILE *pipefd = setup(fds, auclass); 1020 /* 1021 * Failure reason: [EPERM] Creating a new session is not permitted 1022 * as the PID of calling process matches the PGID of a process group 1023 * created by premature setsid() call. 1024 */ 1025 ATF_REQUIRE_EQ(-1, setsid()); 1026 check_audit(fds, pcregex, pipefd); 1027 } 1028 1029 ATF_TC_CLEANUP(setsid_failure, tc) 1030 { 1031 cleanup(); 1032 } 1033 1034 1035 ATF_TC_WITH_CLEANUP(setrlimit_success); 1036 ATF_TC_HEAD(setrlimit_success, tc) 1037 { 1038 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1039 "setrlimit(2) call"); 1040 } 1041 1042 ATF_TC_BODY(setrlimit_success, tc) 1043 { 1044 struct rlimit rlp; 1045 pid = getpid(); 1046 snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*success", pid); 1047 /* Retrieve the system resource consumption limit to be used later on */ 1048 ATF_REQUIRE_EQ(0, getrlimit(RLIMIT_FSIZE, &rlp)); 1049 1050 FILE *pipefd = setup(fds, auclass); 1051 ATF_REQUIRE_EQ(0, setrlimit(RLIMIT_FSIZE, &rlp)); 1052 check_audit(fds, pcregex, pipefd); 1053 } 1054 1055 ATF_TC_CLEANUP(setrlimit_success, tc) 1056 { 1057 cleanup(); 1058 } 1059 1060 1061 ATF_TC_WITH_CLEANUP(setrlimit_failure); 1062 ATF_TC_HEAD(setrlimit_failure, tc) 1063 { 1064 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1065 "setrlimit(2) call"); 1066 } 1067 1068 ATF_TC_BODY(setrlimit_failure, tc) 1069 { 1070 pid = getpid(); 1071 snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*failure", pid); 1072 1073 FILE *pipefd = setup(fds, auclass); 1074 ATF_REQUIRE_EQ(-1, setrlimit(RLIMIT_FSIZE, NULL)); 1075 check_audit(fds, pcregex, pipefd); 1076 } 1077 1078 ATF_TC_CLEANUP(setrlimit_failure, tc) 1079 { 1080 cleanup(); 1081 } 1082 1083 1084 ATF_TC_WITH_CLEANUP(mlock_success); 1085 ATF_TC_HEAD(mlock_success, tc) 1086 { 1087 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1088 "mlock(2) call"); 1089 } 1090 1091 ATF_TC_BODY(mlock_success, tc) 1092 { 1093 pid = getpid(); 1094 snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,success", pid); 1095 1096 FILE *pipefd = setup(fds, auclass); 1097 ATF_REQUIRE_EQ(0, mlock(NULL, 0)); 1098 check_audit(fds, pcregex, pipefd); 1099 } 1100 1101 ATF_TC_CLEANUP(mlock_success, tc) 1102 { 1103 cleanup(); 1104 } 1105 1106 1107 ATF_TC_WITH_CLEANUP(mlock_failure); 1108 ATF_TC_HEAD(mlock_failure, tc) 1109 { 1110 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1111 "mlock(2) call"); 1112 } 1113 1114 ATF_TC_BODY(mlock_failure, tc) 1115 { 1116 pid = getpid(); 1117 snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,failure", pid); 1118 1119 FILE *pipefd = setup(fds, auclass); 1120 ATF_REQUIRE_EQ(-1, mlock((void *)(-1), -1)); 1121 check_audit(fds, pcregex, pipefd); 1122 } 1123 1124 ATF_TC_CLEANUP(mlock_failure, tc) 1125 { 1126 cleanup(); 1127 } 1128 1129 1130 ATF_TC_WITH_CLEANUP(munlock_success); 1131 ATF_TC_HEAD(munlock_success, tc) 1132 { 1133 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1134 "munlock(2) call"); 1135 } 1136 1137 ATF_TC_BODY(munlock_success, tc) 1138 { 1139 pid = getpid(); 1140 snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,success", pid); 1141 1142 FILE *pipefd = setup(fds, auclass); 1143 ATF_REQUIRE_EQ(0, munlock(NULL, 0)); 1144 check_audit(fds, pcregex, pipefd); 1145 } 1146 1147 ATF_TC_CLEANUP(munlock_success, tc) 1148 { 1149 cleanup(); 1150 } 1151 1152 1153 ATF_TC_WITH_CLEANUP(munlock_failure); 1154 ATF_TC_HEAD(munlock_failure, tc) 1155 { 1156 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1157 "munlock(2) call"); 1158 } 1159 1160 ATF_TC_BODY(munlock_failure, tc) 1161 { 1162 pid = getpid(); 1163 snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,failure", pid); 1164 1165 FILE *pipefd = setup(fds, auclass); 1166 ATF_REQUIRE_EQ(-1, munlock((void *)(-1), -1)); 1167 check_audit(fds, pcregex, pipefd); 1168 } 1169 1170 ATF_TC_CLEANUP(munlock_failure, tc) 1171 { 1172 cleanup(); 1173 } 1174 1175 1176 ATF_TC_WITH_CLEANUP(minherit_success); 1177 ATF_TC_HEAD(minherit_success, tc) 1178 { 1179 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1180 "minherit(2) call"); 1181 } 1182 1183 ATF_TC_BODY(minherit_success, tc) 1184 { 1185 pid = getpid(); 1186 snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,success", pid); 1187 1188 FILE *pipefd = setup(fds, auclass); 1189 ATF_REQUIRE_EQ(0, minherit(NULL, 0, INHERIT_ZERO)); 1190 check_audit(fds, pcregex, pipefd); 1191 } 1192 1193 ATF_TC_CLEANUP(minherit_success, tc) 1194 { 1195 cleanup(); 1196 } 1197 1198 1199 ATF_TC_WITH_CLEANUP(minherit_failure); 1200 ATF_TC_HEAD(minherit_failure, tc) 1201 { 1202 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1203 "minherit(2) call"); 1204 } 1205 1206 ATF_TC_BODY(minherit_failure, tc) 1207 { 1208 pid = getpid(); 1209 snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,failure", pid); 1210 1211 FILE *pipefd = setup(fds, auclass); 1212 ATF_REQUIRE_EQ(-1, minherit((void *)(-1), -1, 0)); 1213 check_audit(fds, pcregex, pipefd); 1214 } 1215 1216 ATF_TC_CLEANUP(minherit_failure, tc) 1217 { 1218 cleanup(); 1219 } 1220 1221 1222 ATF_TC_WITH_CLEANUP(setlogin_success); 1223 ATF_TC_HEAD(setlogin_success, tc) 1224 { 1225 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1226 "setlogin(2) call"); 1227 } 1228 1229 ATF_TC_BODY(setlogin_success, tc) 1230 { 1231 char *name; 1232 pid = getpid(); 1233 snprintf(pcregex, sizeof(pcregex), "setlogin.*%d.*return,success", pid); 1234 1235 /* Retrieve the current user's login name to be used with setlogin(2) */ 1236 ATF_REQUIRE((name = getlogin()) != NULL); 1237 FILE *pipefd = setup(fds, auclass); 1238 ATF_REQUIRE_EQ(0, setlogin(name)); 1239 check_audit(fds, pcregex, pipefd); 1240 } 1241 1242 ATF_TC_CLEANUP(setlogin_success, tc) 1243 { 1244 cleanup(); 1245 } 1246 1247 1248 ATF_TC_WITH_CLEANUP(setlogin_failure); 1249 ATF_TC_HEAD(setlogin_failure, tc) 1250 { 1251 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1252 "setlogin(2) call"); 1253 } 1254 1255 ATF_TC_BODY(setlogin_failure, tc) 1256 { 1257 pid = getpid(); 1258 snprintf(pcregex, sizeof(pcregex), "setlogin.*%d.*return,failure", pid); 1259 1260 FILE *pipefd = setup(fds, auclass); 1261 ATF_REQUIRE_EQ(-1, setlogin(NULL)); 1262 check_audit(fds, pcregex, pipefd); 1263 } 1264 1265 ATF_TC_CLEANUP(setlogin_failure, tc) 1266 { 1267 cleanup(); 1268 } 1269 1270 1271 ATF_TC_WITH_CLEANUP(rtprio_success); 1272 ATF_TC_HEAD(rtprio_success, tc) 1273 { 1274 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1275 "rtprio(2) call"); 1276 } 1277 1278 ATF_TC_BODY(rtprio_success, tc) 1279 { 1280 struct rtprio rtp; 1281 pid = getpid(); 1282 snprintf(pcregex, sizeof(pcregex), "rtprio.*%d.*return,success", pid); 1283 1284 FILE *pipefd = setup(fds, auclass); 1285 ATF_REQUIRE_EQ(0, rtprio(RTP_LOOKUP, 0, &rtp)); 1286 check_audit(fds, pcregex, pipefd); 1287 } 1288 1289 ATF_TC_CLEANUP(rtprio_success, tc) 1290 { 1291 cleanup(); 1292 } 1293 1294 1295 ATF_TC_WITH_CLEANUP(rtprio_failure); 1296 ATF_TC_HEAD(rtprio_failure, tc) 1297 { 1298 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1299 "rtprio(2) call"); 1300 } 1301 1302 ATF_TC_BODY(rtprio_failure, tc) 1303 { 1304 pid = getpid(); 1305 snprintf(pcregex, sizeof(pcregex), "rtprio.*%d.*return,failure", pid); 1306 1307 FILE *pipefd = setup(fds, auclass); 1308 ATF_REQUIRE_EQ(-1, rtprio(-1, -1, NULL)); 1309 check_audit(fds, pcregex, pipefd); 1310 } 1311 1312 ATF_TC_CLEANUP(rtprio_failure, tc) 1313 { 1314 cleanup(); 1315 } 1316 1317 1318 ATF_TC_WITH_CLEANUP(profil_success); 1319 ATF_TC_HEAD(profil_success, tc) 1320 { 1321 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1322 "profil(2) call"); 1323 } 1324 1325 ATF_TC_BODY(profil_success, tc) 1326 { 1327 pid = getpid(); 1328 snprintf(pcregex, sizeof(pcregex), "profil.*%d.*return,success", pid); 1329 1330 char samples[20]; 1331 FILE *pipefd = setup(fds, auclass); 1332 /* Set scale argument as 0 to disable profiling of current process */ 1333 ATF_REQUIRE_EQ(0, profil(samples, sizeof(samples), 0, 0)); 1334 check_audit(fds, pcregex, pipefd); 1335 } 1336 1337 ATF_TC_CLEANUP(profil_success, tc) 1338 { 1339 cleanup(); 1340 } 1341 1342 1343 ATF_TC_WITH_CLEANUP(profil_failure); 1344 ATF_TC_HEAD(profil_failure, tc) 1345 { 1346 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1347 "profil(2) call"); 1348 } 1349 1350 ATF_TC_BODY(profil_failure, tc) 1351 { 1352 pid = getpid(); 1353 snprintf(pcregex, sizeof(pcregex), "profil.*%d.*return,failure", pid); 1354 1355 FILE *pipefd = setup(fds, auclass); 1356 ATF_REQUIRE_EQ(-1, profil((char *)(SIZE_MAX), -1, -1, -1)); 1357 check_audit(fds, pcregex, pipefd); 1358 } 1359 1360 ATF_TC_CLEANUP(profil_failure, tc) 1361 { 1362 cleanup(); 1363 } 1364 1365 1366 ATF_TC_WITH_CLEANUP(ptrace_success); 1367 ATF_TC_HEAD(ptrace_success, tc) 1368 { 1369 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1370 "ptrace(2) call"); 1371 } 1372 1373 ATF_TC_BODY(ptrace_success, tc) 1374 { 1375 pid = getpid(); 1376 snprintf(pcregex, sizeof(pcregex), "ptrace.*%d.*return,success", pid); 1377 1378 FILE *pipefd = setup(fds, auclass); 1379 ATF_REQUIRE_EQ(0, ptrace(PT_TRACE_ME, 0, NULL, 0)); 1380 check_audit(fds, pcregex, pipefd); 1381 } 1382 1383 ATF_TC_CLEANUP(ptrace_success, tc) 1384 { 1385 cleanup(); 1386 } 1387 1388 1389 ATF_TC_WITH_CLEANUP(ptrace_failure); 1390 ATF_TC_HEAD(ptrace_failure, tc) 1391 { 1392 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1393 "ptrace(2) call"); 1394 } 1395 1396 ATF_TC_BODY(ptrace_failure, tc) 1397 { 1398 pid = getpid(); 1399 snprintf(pcregex, sizeof(pcregex), "ptrace.*%d.*return,failure", pid); 1400 1401 FILE *pipefd = setup(fds, auclass); 1402 ATF_REQUIRE_EQ(-1, ptrace(-1, 0, NULL, 0)); 1403 check_audit(fds, pcregex, pipefd); 1404 } 1405 1406 ATF_TC_CLEANUP(ptrace_failure, tc) 1407 { 1408 cleanup(); 1409 } 1410 1411 1412 ATF_TC_WITH_CLEANUP(ktrace_success); 1413 ATF_TC_HEAD(ktrace_success, tc) 1414 { 1415 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1416 "ktrace(2) call"); 1417 } 1418 1419 ATF_TC_BODY(ktrace_success, tc) 1420 { 1421 pid = getpid(); 1422 snprintf(pcregex, sizeof(pcregex), "ktrace.*%d.*return,success", pid); 1423 1424 FILE *pipefd = setup(fds, auclass); 1425 ATF_REQUIRE_EQ(0, ktrace(NULL, KTROP_CLEAR, KTRFAC_SYSCALL, pid)); 1426 check_audit(fds, pcregex, pipefd); 1427 } 1428 1429 ATF_TC_CLEANUP(ktrace_success, tc) 1430 { 1431 cleanup(); 1432 } 1433 1434 1435 ATF_TC_WITH_CLEANUP(ktrace_failure); 1436 ATF_TC_HEAD(ktrace_failure, tc) 1437 { 1438 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1439 "ktrace(2) call"); 1440 } 1441 1442 ATF_TC_BODY(ktrace_failure, tc) 1443 { 1444 pid = getpid(); 1445 snprintf(pcregex, sizeof(pcregex), "ktrace.*%d.*return,failure", pid); 1446 1447 FILE *pipefd = setup(fds, auclass); 1448 ATF_REQUIRE_EQ(-1, ktrace(NULL, -1, -1, 0)); 1449 check_audit(fds, pcregex, pipefd); 1450 } 1451 1452 ATF_TC_CLEANUP(ktrace_failure, tc) 1453 { 1454 cleanup(); 1455 } 1456 1457 1458 ATF_TC_WITH_CLEANUP(procctl_success); 1459 ATF_TC_HEAD(procctl_success, tc) 1460 { 1461 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1462 "procctl(2) call"); 1463 } 1464 1465 ATF_TC_BODY(procctl_success, tc) 1466 { 1467 pid = getpid(); 1468 snprintf(pcregex, sizeof(pcregex), "procctl.*%d.*return,success", pid); 1469 1470 struct procctl_reaper_status reapstat; 1471 FILE *pipefd = setup(fds, auclass); 1472 /* Retrieve information about the reaper of current process (pid) */ 1473 ATF_REQUIRE_EQ(0, procctl(P_PID, pid, PROC_REAP_STATUS, &reapstat)); 1474 check_audit(fds, pcregex, pipefd); 1475 } 1476 1477 ATF_TC_CLEANUP(procctl_success, tc) 1478 { 1479 cleanup(); 1480 } 1481 1482 1483 ATF_TC_WITH_CLEANUP(procctl_failure); 1484 ATF_TC_HEAD(procctl_failure, tc) 1485 { 1486 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1487 "procctl(2) call"); 1488 } 1489 1490 ATF_TC_BODY(procctl_failure, tc) 1491 { 1492 pid = getpid(); 1493 snprintf(pcregex, sizeof(pcregex), "procctl.*%d.*return,failure", pid); 1494 1495 FILE *pipefd = setup(fds, auclass); 1496 ATF_REQUIRE_EQ(-1, procctl(-1, -1, -1, NULL)); 1497 check_audit(fds, pcregex, pipefd); 1498 } 1499 1500 ATF_TC_CLEANUP(procctl_failure, tc) 1501 { 1502 cleanup(); 1503 } 1504 1505 1506 ATF_TC_WITH_CLEANUP(cap_enter_success); 1507 ATF_TC_HEAD(cap_enter_success, tc) 1508 { 1509 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1510 "cap_enter(2) call"); 1511 } 1512 1513 ATF_TC_BODY(cap_enter_success, tc) 1514 { 1515 ATF_REQUIRE_FEATURE("security_capability_mode"); 1516 1517 FILE *pipefd = setup(fds, auclass); 1518 ATF_REQUIRE((pid = fork()) != -1); 1519 if (pid) { 1520 snprintf(pcregex, sizeof(pcregex), 1521 "cap_enter.*%d.*return,success", pid); 1522 ATF_REQUIRE(wait(&status) != -1); 1523 check_audit(fds, pcregex, pipefd); 1524 } 1525 else { 1526 ATF_REQUIRE_EQ(0, cap_enter()); 1527 _exit(0); 1528 } 1529 } 1530 1531 ATF_TC_CLEANUP(cap_enter_success, tc) 1532 { 1533 cleanup(); 1534 } 1535 1536 1537 ATF_TC_WITH_CLEANUP(cap_getmode_success); 1538 ATF_TC_HEAD(cap_getmode_success, tc) 1539 { 1540 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1541 "cap_getmode(2) call"); 1542 } 1543 1544 ATF_TC_BODY(cap_getmode_success, tc) 1545 { 1546 int modep; 1547 1548 ATF_REQUIRE_FEATURE("security_capability_mode"); 1549 1550 pid = getpid(); 1551 snprintf(pcregex, sizeof(pcregex), "cap_getmode.*%d.*success", pid); 1552 1553 FILE *pipefd = setup(fds, auclass); 1554 ATF_REQUIRE_EQ(0, cap_getmode(&modep)); 1555 check_audit(fds, pcregex, pipefd); 1556 } 1557 1558 ATF_TC_CLEANUP(cap_getmode_success, tc) 1559 { 1560 cleanup(); 1561 } 1562 1563 1564 ATF_TC_WITH_CLEANUP(cap_getmode_failure); 1565 ATF_TC_HEAD(cap_getmode_failure, tc) 1566 { 1567 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1568 "cap_getmode(2) call"); 1569 } 1570 1571 ATF_TC_BODY(cap_getmode_failure, tc) 1572 { 1573 pid = getpid(); 1574 snprintf(pcregex, sizeof(pcregex), "cap_getmode.*%d.*failure", pid); 1575 1576 FILE *pipefd = setup(fds, auclass); 1577 /* cap_getmode(2) can either fail with EFAULT or ENOSYS */ 1578 ATF_REQUIRE_EQ(-1, cap_getmode(NULL)); 1579 check_audit(fds, pcregex, pipefd); 1580 } 1581 1582 ATF_TC_CLEANUP(cap_getmode_failure, tc) 1583 { 1584 cleanup(); 1585 } 1586 1587 1588 ATF_TP_ADD_TCS(tp) 1589 { 1590 ATF_TP_ADD_TC(tp, fork_success); 1591 ATF_TP_ADD_TC(tp, _exit_success); 1592 ATF_TP_ADD_TC(tp, rfork_success); 1593 ATF_TP_ADD_TC(tp, rfork_failure); 1594 1595 ATF_TP_ADD_TC(tp, wait4_success); 1596 ATF_TP_ADD_TC(tp, wait4_failure); 1597 ATF_TP_ADD_TC(tp, wait6_success); 1598 ATF_TP_ADD_TC(tp, wait6_failure); 1599 ATF_TP_ADD_TC(tp, kill_success); 1600 ATF_TP_ADD_TC(tp, kill_failure); 1601 1602 ATF_TP_ADD_TC(tp, chdir_success); 1603 ATF_TP_ADD_TC(tp, chdir_failure); 1604 ATF_TP_ADD_TC(tp, fchdir_success); 1605 ATF_TP_ADD_TC(tp, fchdir_failure); 1606 ATF_TP_ADD_TC(tp, chroot_success); 1607 ATF_TP_ADD_TC(tp, chroot_failure); 1608 1609 ATF_TP_ADD_TC(tp, umask_success); 1610 ATF_TP_ADD_TC(tp, setuid_success); 1611 ATF_TP_ADD_TC(tp, seteuid_success); 1612 ATF_TP_ADD_TC(tp, setgid_success); 1613 ATF_TP_ADD_TC(tp, setegid_success); 1614 1615 ATF_TP_ADD_TC(tp, setreuid_success); 1616 ATF_TP_ADD_TC(tp, setregid_success); 1617 ATF_TP_ADD_TC(tp, setresuid_success); 1618 ATF_TP_ADD_TC(tp, setresgid_success); 1619 1620 ATF_TP_ADD_TC(tp, getresuid_success); 1621 ATF_TP_ADD_TC(tp, getresuid_failure); 1622 ATF_TP_ADD_TC(tp, getresgid_success); 1623 ATF_TP_ADD_TC(tp, getresgid_failure); 1624 1625 ATF_TP_ADD_TC(tp, setpriority_success); 1626 ATF_TP_ADD_TC(tp, setpriority_failure); 1627 ATF_TP_ADD_TC(tp, setgroups_success); 1628 ATF_TP_ADD_TC(tp, setgroups_failure); 1629 ATF_TP_ADD_TC(tp, setpgrp_success); 1630 ATF_TP_ADD_TC(tp, setpgrp_failure); 1631 ATF_TP_ADD_TC(tp, setsid_success); 1632 ATF_TP_ADD_TC(tp, setsid_failure); 1633 ATF_TP_ADD_TC(tp, setrlimit_success); 1634 ATF_TP_ADD_TC(tp, setrlimit_failure); 1635 1636 ATF_TP_ADD_TC(tp, mlock_success); 1637 ATF_TP_ADD_TC(tp, mlock_failure); 1638 ATF_TP_ADD_TC(tp, munlock_success); 1639 ATF_TP_ADD_TC(tp, munlock_failure); 1640 ATF_TP_ADD_TC(tp, minherit_success); 1641 ATF_TP_ADD_TC(tp, minherit_failure); 1642 1643 ATF_TP_ADD_TC(tp, setlogin_success); 1644 ATF_TP_ADD_TC(tp, setlogin_failure); 1645 ATF_TP_ADD_TC(tp, rtprio_success); 1646 ATF_TP_ADD_TC(tp, rtprio_failure); 1647 1648 ATF_TP_ADD_TC(tp, profil_success); 1649 ATF_TP_ADD_TC(tp, profil_failure); 1650 ATF_TP_ADD_TC(tp, ptrace_success); 1651 ATF_TP_ADD_TC(tp, ptrace_failure); 1652 ATF_TP_ADD_TC(tp, ktrace_success); 1653 ATF_TP_ADD_TC(tp, ktrace_failure); 1654 ATF_TP_ADD_TC(tp, procctl_success); 1655 ATF_TP_ADD_TC(tp, procctl_failure); 1656 1657 ATF_TP_ADD_TC(tp, cap_enter_success); 1658 ATF_TP_ADD_TC(tp, cap_getmode_success); 1659 ATF_TP_ADD_TC(tp, cap_getmode_failure); 1660 1661 return (atf_no_error()); 1662 } 1663