xref: /freebsd/tests/sys/audit/process-control.c (revision 2e3507c25e42292b45a5482e116d278f5515d04d)
1 /*-
2  * Copyright (c) 2018 Aniket Pandey
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * SUCH DAMAGE.
24  */
25 
26 #include <sys/param.h>
27 #include <sys/capsicum.h>
28 #include <sys/uio.h>
29 #include <sys/ktrace.h>
30 #include <sys/mman.h>
31 #include <sys/procctl.h>
32 #include <sys/ptrace.h>
33 #include <sys/resource.h>
34 #include <sys/rtprio.h>
35 #include <sys/stat.h>
36 #include <sys/sysctl.h>
37 #include <sys/time.h>
38 #include <sys/wait.h>
39 
40 #include <atf-c.h>
41 #include <fcntl.h>
42 #include <signal.h>
43 #include <stdint.h>
44 #include <stdlib.h>
45 #include <unistd.h>
46 
47 #include "utils.h"
48 
49 #include "freebsd_test_suite/macros.h"
50 
51 static pid_t pid;
52 static int filedesc, status;
53 static struct pollfd fds[1];
54 static char pcregex[80];
55 static const char *auclass = "pc";
56 
57 
58 ATF_TC_WITH_CLEANUP(fork_success);
59 ATF_TC_HEAD(fork_success, tc)
60 {
61 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
62 					"fork(2) call");
63 }
64 
65 ATF_TC_BODY(fork_success, tc)
66 {
67 	pid = getpid();
68 	snprintf(pcregex, sizeof(pcregex), "fork.*%d.*return,success", pid);
69 
70 	FILE *pipefd = setup(fds, auclass);
71 	/* Check if fork(2) succeded. If so, exit from the child process */
72 	ATF_REQUIRE((pid = fork()) != -1);
73 	if (pid)
74 		check_audit(fds, pcregex, pipefd);
75 	else
76 		_exit(0);
77 }
78 
79 ATF_TC_CLEANUP(fork_success, tc)
80 {
81 	cleanup();
82 }
83 
84 /*
85  * No fork(2) in failure mode since possibilities for failure are only when
86  * user is not privileged or when the number of processes exceed KERN_MAXPROC.
87  */
88 
89 
90 ATF_TC_WITH_CLEANUP(_exit_success);
91 ATF_TC_HEAD(_exit_success, tc)
92 {
93 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
94 					"_exit(2) call");
95 }
96 
97 ATF_TC_BODY(_exit_success, tc)
98 {
99 	FILE *pipefd = setup(fds, auclass);
100 	ATF_REQUIRE((pid = fork()) != -1);
101 	if (pid) {
102 		snprintf(pcregex, sizeof(pcregex), "exit.*%d.*success", pid);
103 		check_audit(fds, pcregex, pipefd);
104 	}
105 	else
106 		_exit(0);
107 }
108 
109 ATF_TC_CLEANUP(_exit_success, tc)
110 {
111 	cleanup();
112 }
113 
114 /*
115  * _exit(2) never returns, hence the auditing by default is always successful
116  */
117 
118 
119 ATF_TC_WITH_CLEANUP(rfork_success);
120 ATF_TC_HEAD(rfork_success, tc)
121 {
122 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
123 					"rfork(2) call");
124 }
125 
126 ATF_TC_BODY(rfork_success, tc)
127 {
128 	pid = getpid();
129 	snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,success", pid);
130 
131 	FILE *pipefd = setup(fds, auclass);
132 	ATF_REQUIRE((pid = rfork(RFPROC)) != -1);
133 	if (pid)
134 		check_audit(fds, pcregex, pipefd);
135 	else
136 		_exit(0);
137 }
138 
139 ATF_TC_CLEANUP(rfork_success, tc)
140 {
141 	cleanup();
142 }
143 
144 
145 ATF_TC_WITH_CLEANUP(rfork_failure);
146 ATF_TC_HEAD(rfork_failure, tc)
147 {
148 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
149 					"rfork(2) call");
150 }
151 
152 ATF_TC_BODY(rfork_failure, tc)
153 {
154 	pid = getpid();
155 	snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,failure", pid);
156 
157 	FILE *pipefd = setup(fds, auclass);
158 	/* Failure reason: Invalid argument */
159 	ATF_REQUIRE_EQ(-1, rfork(-1));
160 	check_audit(fds, pcregex, pipefd);
161 }
162 
163 ATF_TC_CLEANUP(rfork_failure, tc)
164 {
165 	cleanup();
166 }
167 
168 
169 ATF_TC_WITH_CLEANUP(wait4_success);
170 ATF_TC_HEAD(wait4_success, tc)
171 {
172 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
173 					"wait4(2) call");
174 }
175 
176 ATF_TC_BODY(wait4_success, tc)
177 {
178 	pid = getpid();
179 	snprintf(pcregex, sizeof(pcregex), "wait4.*%d.*return,success", pid);
180 
181 	ATF_REQUIRE((pid = fork()) != -1);
182 	if (pid) {
183 		FILE *pipefd = setup(fds, auclass);
184 		/* wpid = -1 : Wait for any child process */
185 		ATF_REQUIRE(wait4(-1, &status, 0, NULL) != -1);
186 		check_audit(fds, pcregex, pipefd);
187 	}
188 	else
189 		_exit(0);
190 }
191 
192 ATF_TC_CLEANUP(wait4_success, tc)
193 {
194 	cleanup();
195 }
196 
197 
198 ATF_TC_WITH_CLEANUP(wait4_failure);
199 ATF_TC_HEAD(wait4_failure, tc)
200 {
201 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
202 					"wait4(2) call");
203 }
204 
205 ATF_TC_BODY(wait4_failure, tc)
206 {
207 	pid = getpid();
208 	snprintf(pcregex, sizeof(pcregex), "wait4.*%d.*return,failure", pid);
209 
210 	FILE *pipefd = setup(fds, auclass);
211 	/* Failure reason: No child process to wait for */
212 	ATF_REQUIRE_EQ(-1, wait4(-1, NULL, 0, NULL));
213 	check_audit(fds, pcregex, pipefd);
214 }
215 
216 ATF_TC_CLEANUP(wait4_failure, tc)
217 {
218 	cleanup();
219 }
220 
221 
222 ATF_TC_WITH_CLEANUP(wait6_success);
223 ATF_TC_HEAD(wait6_success, tc)
224 {
225 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
226 					"wait6(2) call");
227 }
228 
229 ATF_TC_BODY(wait6_success, tc)
230 {
231 	pid = getpid();
232 	snprintf(pcregex, sizeof(pcregex), "wait6.*%d.*return,success", pid);
233 
234 	ATF_REQUIRE((pid = fork()) != -1);
235 	if (pid) {
236 		FILE *pipefd = setup(fds, auclass);
237 		ATF_REQUIRE(wait6(P_ALL, 0, &status, WEXITED, NULL,NULL) != -1);
238 		check_audit(fds, pcregex, pipefd);
239 	}
240 	else
241 		_exit(0);
242 }
243 
244 ATF_TC_CLEANUP(wait6_success, tc)
245 {
246 	cleanup();
247 }
248 
249 
250 ATF_TC_WITH_CLEANUP(wait6_failure);
251 ATF_TC_HEAD(wait6_failure, tc)
252 {
253 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
254 					"wait6(2) call");
255 }
256 
257 ATF_TC_BODY(wait6_failure, tc)
258 {
259 	pid = getpid();
260 	snprintf(pcregex, sizeof(pcregex), "wait6.*%d.*return,failure", pid);
261 
262 	FILE *pipefd = setup(fds, auclass);
263 	/* Failure reason: Invalid argument */
264 	ATF_REQUIRE_EQ(-1, wait6(0, 0, NULL, 0, NULL, NULL));
265 	check_audit(fds, pcregex, pipefd);
266 }
267 
268 ATF_TC_CLEANUP(wait6_failure, tc)
269 {
270 	cleanup();
271 }
272 
273 
274 ATF_TC_WITH_CLEANUP(kill_success);
275 ATF_TC_HEAD(kill_success, tc)
276 {
277 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
278 					"kill(2) call");
279 }
280 
281 ATF_TC_BODY(kill_success, tc)
282 {
283 	pid = getpid();
284 	snprintf(pcregex, sizeof(pcregex), "kill.*%d.*return,success", pid);
285 
286 	FILE *pipefd = setup(fds, auclass);
287 	/* Don't send any signal to anyone, live in peace! */
288 	ATF_REQUIRE_EQ(0, kill(0, 0));
289 	check_audit(fds, pcregex, pipefd);
290 }
291 
292 ATF_TC_CLEANUP(kill_success, tc)
293 {
294 	cleanup();
295 }
296 
297 
298 ATF_TC_WITH_CLEANUP(kill_failure);
299 ATF_TC_HEAD(kill_failure, tc)
300 {
301 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
302 					"kill(2) call");
303 }
304 
305 ATF_TC_BODY(kill_failure, tc)
306 {
307 	pid = getpid();
308 	snprintf(pcregex, sizeof(pcregex), "kill.*%d.*return,failure", pid);
309 
310 	FILE *pipefd = setup(fds, auclass);
311 	/*
312 	 * Failure reason: Non existent process with PID '-2'
313 	 * Note: '-1' is not used as it means sending no signal to
314 	 * all non-system processes: A successful invocation
315 	 */
316 	ATF_REQUIRE_EQ(-1, kill(0, -2));
317 	check_audit(fds, pcregex, pipefd);
318 }
319 
320 ATF_TC_CLEANUP(kill_failure, tc)
321 {
322 	cleanup();
323 }
324 
325 
326 ATF_TC_WITH_CLEANUP(chdir_success);
327 ATF_TC_HEAD(chdir_success, tc)
328 {
329 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
330 					"chdir(2) call");
331 }
332 
333 ATF_TC_BODY(chdir_success, tc)
334 {
335 	pid = getpid();
336 	snprintf(pcregex, sizeof(pcregex), "chdir.*/.*%d.*return,success", pid);
337 
338 	FILE *pipefd = setup(fds, auclass);
339 	ATF_REQUIRE_EQ(0, chdir("/"));
340 	check_audit(fds, pcregex, pipefd);
341 }
342 
343 ATF_TC_CLEANUP(chdir_success, tc)
344 {
345 	cleanup();
346 }
347 
348 
349 ATF_TC_WITH_CLEANUP(chdir_failure);
350 ATF_TC_HEAD(chdir_failure, tc)
351 {
352 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
353 					"chdir(2) call");
354 }
355 
356 ATF_TC_BODY(chdir_failure, tc)
357 {
358 	pid = getpid();
359 	snprintf(pcregex, sizeof(pcregex), "chdir.*%d.*return,failure", pid);
360 
361 	FILE *pipefd = setup(fds, auclass);
362 	/* Failure reason: Bad address */
363 	ATF_REQUIRE_EQ(-1, chdir(NULL));
364 	check_audit(fds, pcregex, pipefd);
365 }
366 
367 ATF_TC_CLEANUP(chdir_failure, tc)
368 {
369 	cleanup();
370 }
371 
372 
373 ATF_TC_WITH_CLEANUP(fchdir_success);
374 ATF_TC_HEAD(fchdir_success, tc)
375 {
376 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
377 					"fchdir(2) call");
378 }
379 
380 ATF_TC_BODY(fchdir_success, tc)
381 {
382 	/* Build an absolute path to the test-case directory */
383 	char dirpath[50];
384 	ATF_REQUIRE(getcwd(dirpath, sizeof(dirpath)) != NULL);
385 	ATF_REQUIRE((filedesc = open(dirpath, O_RDONLY)) != -1);
386 
387 	/* Audit record generated by fchdir(2) does not contain filedesc */
388 	pid = getpid();
389 	snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,success", pid);
390 
391 	FILE *pipefd = setup(fds, auclass);
392 	ATF_REQUIRE_EQ(0, fchdir(filedesc));
393 	check_audit(fds, pcregex, pipefd);
394 	close(filedesc);
395 }
396 
397 ATF_TC_CLEANUP(fchdir_success, tc)
398 {
399 	cleanup();
400 }
401 
402 
403 ATF_TC_WITH_CLEANUP(fchdir_failure);
404 ATF_TC_HEAD(fchdir_failure, tc)
405 {
406 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
407 					"fchdir(2) call");
408 }
409 
410 ATF_TC_BODY(fchdir_failure, tc)
411 {
412 	pid = getpid();
413 	snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,failure", pid);
414 
415 	FILE *pipefd = setup(fds, auclass);
416 	/* Failure reason: Bad directory address */
417 	ATF_REQUIRE_EQ(-1, fchdir(-1));
418 	check_audit(fds, pcregex, pipefd);
419 }
420 
421 ATF_TC_CLEANUP(fchdir_failure, tc)
422 {
423 	cleanup();
424 }
425 
426 
427 ATF_TC_WITH_CLEANUP(chroot_success);
428 ATF_TC_HEAD(chroot_success, tc)
429 {
430 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
431 					"chroot(2) call");
432 }
433 
434 ATF_TC_BODY(chroot_success, tc)
435 {
436 	pid = getpid();
437 	snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,success", pid);
438 
439 	FILE *pipefd = setup(fds, auclass);
440 	/* We don't want to change the root directory, hence '/' */
441 	ATF_REQUIRE_EQ(0, chroot("/"));
442 	check_audit(fds, pcregex, pipefd);
443 }
444 
445 ATF_TC_CLEANUP(chroot_success, tc)
446 {
447 	cleanup();
448 }
449 
450 
451 ATF_TC_WITH_CLEANUP(chroot_failure);
452 ATF_TC_HEAD(chroot_failure, tc)
453 {
454 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
455 					"chroot(2) call");
456 }
457 
458 ATF_TC_BODY(chroot_failure, tc)
459 {
460 	pid = getpid();
461 	snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,failure", pid);
462 
463 	FILE *pipefd = setup(fds, auclass);
464 	ATF_REQUIRE_EQ(-1, chroot(NULL));
465 	check_audit(fds, pcregex, pipefd);
466 }
467 
468 ATF_TC_CLEANUP(chroot_failure, tc)
469 {
470 	cleanup();
471 }
472 
473 
474 ATF_TC_WITH_CLEANUP(umask_success);
475 ATF_TC_HEAD(umask_success, tc)
476 {
477 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
478 					"umask(2) call");
479 }
480 
481 ATF_TC_BODY(umask_success, tc)
482 {
483 	pid = getpid();
484 	snprintf(pcregex, sizeof(pcregex), "umask.*%d.*return,success", pid);
485 
486 	FILE *pipefd = setup(fds, auclass);
487 	umask(0);
488 	check_audit(fds, pcregex, pipefd);
489 }
490 
491 ATF_TC_CLEANUP(umask_success, tc)
492 {
493 	cleanup();
494 }
495 
496 /*
497  * umask(2) system call never fails. Hence, no test case for failure mode
498  */
499 
500 
501 ATF_TC_WITH_CLEANUP(setuid_success);
502 ATF_TC_HEAD(setuid_success, tc)
503 {
504 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
505 					"setuid(2) call");
506 }
507 
508 ATF_TC_BODY(setuid_success, tc)
509 {
510 	pid = getpid();
511 	snprintf(pcregex, sizeof(pcregex), "setuid.*%d.*return,success", pid);
512 
513 	FILE *pipefd = setup(fds, auclass);
514 	/* Since we're privileged, we'll let ourselves be privileged! */
515 	ATF_REQUIRE_EQ(0, setuid(0));
516 	check_audit(fds, pcregex, pipefd);
517 }
518 
519 ATF_TC_CLEANUP(setuid_success, tc)
520 {
521 	cleanup();
522 }
523 
524 /*
525  * setuid(2) fails only when the current user is not root. So no test case for
526  * failure mode since the required_user="root"
527  */
528 
529 
530 ATF_TC_WITH_CLEANUP(seteuid_success);
531 ATF_TC_HEAD(seteuid_success, tc)
532 {
533 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
534 					"seteuid(2) call");
535 }
536 
537 ATF_TC_BODY(seteuid_success, tc)
538 {
539 	pid = getpid();
540 	snprintf(pcregex, sizeof(pcregex), "seteuid.*%d.*return,success", pid);
541 
542 	FILE *pipefd = setup(fds, auclass);
543 	/* This time, we'll let ourselves be 'effectively' privileged! */
544 	ATF_REQUIRE_EQ(0, seteuid(0));
545 	check_audit(fds, pcregex, pipefd);
546 }
547 
548 ATF_TC_CLEANUP(seteuid_success, tc)
549 {
550 	cleanup();
551 }
552 
553 /*
554  * seteuid(2) fails only when the current user is not root. So no test case for
555  * failure mode since the required_user="root"
556  */
557 
558 
559 ATF_TC_WITH_CLEANUP(setgid_success);
560 ATF_TC_HEAD(setgid_success, tc)
561 {
562 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
563 					"setgid(2) call");
564 }
565 
566 ATF_TC_BODY(setgid_success, tc)
567 {
568 	pid = getpid();
569 	snprintf(pcregex, sizeof(pcregex), "setgid.*%d.*return,success", pid);
570 
571 	FILE *pipefd = setup(fds, auclass);
572 	ATF_REQUIRE_EQ(0, setgid(0));
573 	check_audit(fds, pcregex, pipefd);
574 }
575 
576 ATF_TC_CLEANUP(setgid_success, tc)
577 {
578 	cleanup();
579 }
580 
581 /*
582  * setgid(2) fails only when the current user is not root. So no test case for
583  * failure mode since the required_user="root"
584  */
585 
586 
587 ATF_TC_WITH_CLEANUP(setegid_success);
588 ATF_TC_HEAD(setegid_success, tc)
589 {
590 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
591 					"setegid(2) call");
592 }
593 
594 ATF_TC_BODY(setegid_success, tc)
595 {
596 	pid = getpid();
597 	snprintf(pcregex, sizeof(pcregex), "setegid.*%d.*return,success", pid);
598 
599 	FILE *pipefd = setup(fds, auclass);
600 	ATF_REQUIRE_EQ(0, setegid(0));
601 	check_audit(fds, pcregex, pipefd);
602 }
603 
604 ATF_TC_CLEANUP(setegid_success, tc)
605 {
606 	cleanup();
607 }
608 
609 /*
610  * setegid(2) fails only when the current user is not root. So no test case for
611  * failure mode since the required_user="root"
612  */
613 
614 
615 ATF_TC_WITH_CLEANUP(setregid_success);
616 ATF_TC_HEAD(setregid_success, tc)
617 {
618 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
619 					"setregid(2) call");
620 }
621 
622 ATF_TC_BODY(setregid_success, tc)
623 {
624 	pid = getpid();
625 	snprintf(pcregex, sizeof(pcregex), "setregid.*%d.*return,success", pid);
626 
627 	FILE *pipefd = setup(fds, auclass);
628 	/* setregid(-1, -1) does not change any real or effective GIDs */
629 	ATF_REQUIRE_EQ(0, setregid(-1, -1));
630 	check_audit(fds, pcregex, pipefd);
631 }
632 
633 ATF_TC_CLEANUP(setregid_success, tc)
634 {
635 	cleanup();
636 }
637 
638 /*
639  * setregid(2) fails only when the current user is not root. So no test case for
640  * failure mode since the required_user="root"
641  */
642 
643 
644 ATF_TC_WITH_CLEANUP(setreuid_success);
645 ATF_TC_HEAD(setreuid_success, tc)
646 {
647 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
648 					"setreuid(2) call");
649 }
650 
651 ATF_TC_BODY(setreuid_success, tc)
652 {
653 	pid = getpid();
654 	snprintf(pcregex, sizeof(pcregex), "setreuid.*%d.*return,success", pid);
655 
656 	FILE *pipefd = setup(fds, auclass);
657 	/* setreuid(-1, -1) does not change any real or effective UIDs */
658 	ATF_REQUIRE_EQ(0, setreuid(-1, -1));
659 	check_audit(fds, pcregex, pipefd);
660 }
661 
662 ATF_TC_CLEANUP(setreuid_success, tc)
663 {
664 	cleanup();
665 }
666 
667 /*
668  * setregid(2) fails only when the current user is not root. So no test case for
669  * failure mode since the required_user="root"
670  */
671 
672 
673 ATF_TC_WITH_CLEANUP(setresuid_success);
674 ATF_TC_HEAD(setresuid_success, tc)
675 {
676 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
677 					"setresuid(2) call");
678 }
679 
680 ATF_TC_BODY(setresuid_success, tc)
681 {
682 	pid = getpid();
683 	snprintf(pcregex, sizeof(pcregex), "setresuid.*%d.*return,success", pid);
684 
685 	FILE *pipefd = setup(fds, auclass);
686 	/* setresuid(-1, -1, -1) does not change real, effective & saved UIDs */
687 	ATF_REQUIRE_EQ(0, setresuid(-1, -1, -1));
688 	check_audit(fds, pcregex, pipefd);
689 }
690 
691 ATF_TC_CLEANUP(setresuid_success, tc)
692 {
693 	cleanup();
694 }
695 
696 /*
697  * setresuid(2) fails only when the current user is not root. So no test case
698  * for failure mode since the required_user="root"
699  */
700 
701 
702 ATF_TC_WITH_CLEANUP(setresgid_success);
703 ATF_TC_HEAD(setresgid_success, tc)
704 {
705 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
706 					"setresgid(2) call");
707 }
708 
709 ATF_TC_BODY(setresgid_success, tc)
710 {
711 	pid = getpid();
712 	snprintf(pcregex, sizeof(pcregex), "setresgid.*%d.*ret.*success", pid);
713 
714 	FILE *pipefd = setup(fds, auclass);
715 	/* setresgid(-1, -1, -1) does not change real, effective & saved GIDs */
716 	ATF_REQUIRE_EQ(0, setresgid(-1, -1, -1));
717 	check_audit(fds, pcregex, pipefd);
718 }
719 
720 ATF_TC_CLEANUP(setresgid_success, tc)
721 {
722 	cleanup();
723 }
724 
725 /*
726  * setresgid(2) fails only when the current user is not root. So no test case
727  * for failure mode since the required_user="root"
728  */
729 
730 
731 ATF_TC_WITH_CLEANUP(getresuid_success);
732 ATF_TC_HEAD(getresuid_success, tc)
733 {
734 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
735 					"getresuid(2) call");
736 }
737 
738 ATF_TC_BODY(getresuid_success, tc)
739 {
740 	pid = getpid();
741 	snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*success", pid);
742 
743 	FILE *pipefd = setup(fds, auclass);
744 	ATF_REQUIRE_EQ(0, getresuid(NULL, NULL, NULL));
745 	check_audit(fds, pcregex, pipefd);
746 }
747 
748 ATF_TC_CLEANUP(getresuid_success, tc)
749 {
750 	cleanup();
751 }
752 
753 
754 ATF_TC_WITH_CLEANUP(getresuid_failure);
755 ATF_TC_HEAD(getresuid_failure, tc)
756 {
757 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
758 					"getresuid(2) call");
759 }
760 
761 ATF_TC_BODY(getresuid_failure, tc)
762 {
763 	pid = getpid();
764 	snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*failure", pid);
765 
766 	FILE *pipefd = setup(fds, auclass);
767 	/* Failure reason: Invalid address "-1" */
768 	ATF_REQUIRE_EQ(-1, getresuid((uid_t *)-1, NULL, NULL));
769 	check_audit(fds, pcregex, pipefd);
770 }
771 
772 ATF_TC_CLEANUP(getresuid_failure, tc)
773 {
774 	cleanup();
775 }
776 
777 
778 ATF_TC_WITH_CLEANUP(getresgid_success);
779 ATF_TC_HEAD(getresgid_success, tc)
780 {
781 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
782 					"getresgid(2) call");
783 }
784 
785 ATF_TC_BODY(getresgid_success, tc)
786 {
787 	pid = getpid();
788 	snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*success", pid);
789 
790 	FILE *pipefd = setup(fds, auclass);
791 	ATF_REQUIRE_EQ(0, getresgid(NULL, NULL, NULL));
792 	check_audit(fds, pcregex, pipefd);
793 }
794 
795 ATF_TC_CLEANUP(getresgid_success, tc)
796 {
797 	cleanup();
798 }
799 
800 
801 ATF_TC_WITH_CLEANUP(getresgid_failure);
802 ATF_TC_HEAD(getresgid_failure, tc)
803 {
804 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
805 					"getresgid(2) call");
806 }
807 
808 ATF_TC_BODY(getresgid_failure, tc)
809 {
810 	pid = getpid();
811 	snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*failure", pid);
812 
813 	FILE *pipefd = setup(fds, auclass);
814 	/* Failure reason: Invalid address "-1" */
815 	ATF_REQUIRE_EQ(-1, getresgid((gid_t *)-1, NULL, NULL));
816 	check_audit(fds, pcregex, pipefd);
817 }
818 
819 ATF_TC_CLEANUP(getresgid_failure, tc)
820 {
821 	cleanup();
822 }
823 
824 
825 ATF_TC_WITH_CLEANUP(setpriority_success);
826 ATF_TC_HEAD(setpriority_success, tc)
827 {
828 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
829 					"setpriority(2) call");
830 }
831 
832 ATF_TC_BODY(setpriority_success, tc)
833 {
834 	pid = getpid();
835 	snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*success", pid);
836 
837 	FILE *pipefd = setup(fds, auclass);
838 	ATF_REQUIRE_EQ(0, setpriority(PRIO_PROCESS, 0, 0));
839 	check_audit(fds, pcregex, pipefd);
840 }
841 
842 ATF_TC_CLEANUP(setpriority_success, tc)
843 {
844 	cleanup();
845 }
846 
847 
848 ATF_TC_WITH_CLEANUP(setpriority_failure);
849 ATF_TC_HEAD(setpriority_failure, tc)
850 {
851 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
852 					"setpriority(2) call");
853 }
854 
855 ATF_TC_BODY(setpriority_failure, tc)
856 {
857 	pid = getpid();
858 	snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*failure", pid);
859 
860 	FILE *pipefd = setup(fds, auclass);
861 	ATF_REQUIRE_EQ(-1, setpriority(-1, -1, -1));
862 	check_audit(fds, pcregex, pipefd);
863 }
864 
865 ATF_TC_CLEANUP(setpriority_failure, tc)
866 {
867 	cleanup();
868 }
869 
870 
871 ATF_TC_WITH_CLEANUP(setgroups_success);
872 ATF_TC_HEAD(setgroups_success, tc)
873 {
874 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
875 					"setgroups(2) call");
876 }
877 
878 ATF_TC_BODY(setgroups_success, tc)
879 {
880 	gid_t gids[5];
881 	pid = getpid();
882 	snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*success", pid);
883 	/* Retrieve the current group access list to be used with setgroups */
884 	ATF_REQUIRE(getgroups(sizeof(gids)/sizeof(gids[0]), gids) != -1);
885 
886 	FILE *pipefd = setup(fds, auclass);
887 	ATF_REQUIRE_EQ(0, setgroups(sizeof(gids)/sizeof(gids[0]), gids));
888 	check_audit(fds, pcregex, pipefd);
889 }
890 
891 ATF_TC_CLEANUP(setgroups_success, tc)
892 {
893 	cleanup();
894 }
895 
896 
897 ATF_TC_WITH_CLEANUP(setgroups_failure);
898 ATF_TC_HEAD(setgroups_failure, tc)
899 {
900 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
901 					"setgroups(2) call");
902 }
903 
904 ATF_TC_BODY(setgroups_failure, tc)
905 {
906 	pid = getpid();
907 	snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*failure", pid);
908 
909 	FILE *pipefd = setup(fds, auclass);
910 	ATF_REQUIRE_EQ(-1, setgroups(-1, NULL));
911 	check_audit(fds, pcregex, pipefd);
912 }
913 
914 ATF_TC_CLEANUP(setgroups_failure, tc)
915 {
916 	cleanup();
917 }
918 
919 
920 ATF_TC_WITH_CLEANUP(setpgrp_success);
921 ATF_TC_HEAD(setpgrp_success, tc)
922 {
923 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
924 					"setpgrp(2) call");
925 }
926 
927 ATF_TC_BODY(setpgrp_success, tc)
928 {
929 	/* Main procedure is carried out from within the child process */
930 	ATF_REQUIRE((pid = fork()) != -1);
931 	if (pid) {
932 		ATF_REQUIRE(wait(&status) != -1);
933 	} else {
934 		pid = getpid();
935 		snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*success", pid);
936 
937 		FILE *pipefd = setup(fds, auclass);
938 		ATF_REQUIRE_EQ(0, setpgrp(0, 0));
939 		check_audit(fds, pcregex, pipefd);
940 	}
941 }
942 
943 ATF_TC_CLEANUP(setpgrp_success, tc)
944 {
945 	cleanup();
946 }
947 
948 
949 ATF_TC_WITH_CLEANUP(setpgrp_failure);
950 ATF_TC_HEAD(setpgrp_failure, tc)
951 {
952 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
953 					"setpgrp(2) call");
954 }
955 
956 ATF_TC_BODY(setpgrp_failure, tc)
957 {
958 	pid = getpid();
959 	snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*return,failure", pid);
960 
961 	FILE *pipefd = setup(fds, auclass);
962 	ATF_REQUIRE_EQ(-1, setpgrp(-1, -1));
963 	check_audit(fds, pcregex, pipefd);
964 }
965 
966 ATF_TC_CLEANUP(setpgrp_failure, tc)
967 {
968 	cleanup();
969 }
970 
971 
972 ATF_TC_WITH_CLEANUP(setsid_success);
973 ATF_TC_HEAD(setsid_success, tc)
974 {
975 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
976 					"setsid(2) call");
977 }
978 
979 ATF_TC_BODY(setsid_success, tc)
980 {
981 	/* Main procedure is carried out from within the child process */
982 	ATF_REQUIRE((pid = fork()) != -1);
983 	if (pid) {
984 		ATF_REQUIRE(wait(&status) != -1);
985 	} else {
986 		pid = getpid();
987 		snprintf(pcregex, sizeof(pcregex), "setsid.*%d.*success", pid);
988 
989 		FILE *pipefd = setup(fds, auclass);
990 		ATF_REQUIRE(setsid() != -1);
991 		check_audit(fds, pcregex, pipefd);
992 	}
993 }
994 
995 ATF_TC_CLEANUP(setsid_success, tc)
996 {
997 	cleanup();
998 }
999 
1000 
1001 ATF_TC_WITH_CLEANUP(setsid_failure);
1002 ATF_TC_HEAD(setsid_failure, tc)
1003 {
1004 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1005 					"setsid(2) call");
1006 }
1007 
1008 ATF_TC_BODY(setsid_failure, tc)
1009 {
1010 	pid = getpid();
1011 	snprintf(pcregex, sizeof(pcregex), "setsid.*%d.*return,failure", pid);
1012 
1013 	/*
1014 	 * Here, we are intentionally ignoring the output of the setsid()
1015 	 * call because it may or may not be a process leader already. But it
1016 	 * ensures that the next invocation of setsid() will definitely fail.
1017 	 */
1018 	setsid();
1019 	FILE *pipefd = setup(fds, auclass);
1020 	/*
1021 	 * Failure reason: [EPERM] Creating a new session is not permitted
1022 	 * as the PID of calling process matches the PGID of a process group
1023 	 * created by premature setsid() call.
1024 	 */
1025 	ATF_REQUIRE_EQ(-1, setsid());
1026 	check_audit(fds, pcregex, pipefd);
1027 }
1028 
1029 ATF_TC_CLEANUP(setsid_failure, tc)
1030 {
1031 	cleanup();
1032 }
1033 
1034 
1035 ATF_TC_WITH_CLEANUP(setrlimit_success);
1036 ATF_TC_HEAD(setrlimit_success, tc)
1037 {
1038 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1039 					"setrlimit(2) call");
1040 }
1041 
1042 ATF_TC_BODY(setrlimit_success, tc)
1043 {
1044 	struct rlimit rlp;
1045 	pid = getpid();
1046 	snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*success", pid);
1047 	/* Retrieve the system resource consumption limit to be used later on */
1048 	ATF_REQUIRE_EQ(0, getrlimit(RLIMIT_FSIZE, &rlp));
1049 
1050 	FILE *pipefd = setup(fds, auclass);
1051 	ATF_REQUIRE_EQ(0, setrlimit(RLIMIT_FSIZE, &rlp));
1052 	check_audit(fds, pcregex, pipefd);
1053 }
1054 
1055 ATF_TC_CLEANUP(setrlimit_success, tc)
1056 {
1057 	cleanup();
1058 }
1059 
1060 
1061 ATF_TC_WITH_CLEANUP(setrlimit_failure);
1062 ATF_TC_HEAD(setrlimit_failure, tc)
1063 {
1064 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1065 					"setrlimit(2) call");
1066 }
1067 
1068 ATF_TC_BODY(setrlimit_failure, tc)
1069 {
1070 	pid = getpid();
1071 	snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*failure", pid);
1072 
1073 	FILE *pipefd = setup(fds, auclass);
1074 	ATF_REQUIRE_EQ(-1, setrlimit(RLIMIT_FSIZE, NULL));
1075 	check_audit(fds, pcregex, pipefd);
1076 }
1077 
1078 ATF_TC_CLEANUP(setrlimit_failure, tc)
1079 {
1080 	cleanup();
1081 }
1082 
1083 
1084 ATF_TC_WITH_CLEANUP(mlock_success);
1085 ATF_TC_HEAD(mlock_success, tc)
1086 {
1087 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1088 					"mlock(2) call");
1089 }
1090 
1091 ATF_TC_BODY(mlock_success, tc)
1092 {
1093 	pid = getpid();
1094 	snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,success", pid);
1095 
1096 	FILE *pipefd = setup(fds, auclass);
1097 	ATF_REQUIRE_EQ(0, mlock(NULL, 0));
1098 	check_audit(fds, pcregex, pipefd);
1099 }
1100 
1101 ATF_TC_CLEANUP(mlock_success, tc)
1102 {
1103 	cleanup();
1104 }
1105 
1106 
1107 ATF_TC_WITH_CLEANUP(mlock_failure);
1108 ATF_TC_HEAD(mlock_failure, tc)
1109 {
1110 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1111 					"mlock(2) call");
1112 }
1113 
1114 ATF_TC_BODY(mlock_failure, tc)
1115 {
1116 	pid = getpid();
1117 	snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,failure", pid);
1118 
1119 	FILE *pipefd = setup(fds, auclass);
1120 	ATF_REQUIRE_EQ(-1, mlock((void *)(-1), -1));
1121 	check_audit(fds, pcregex, pipefd);
1122 }
1123 
1124 ATF_TC_CLEANUP(mlock_failure, tc)
1125 {
1126 	cleanup();
1127 }
1128 
1129 
1130 ATF_TC_WITH_CLEANUP(munlock_success);
1131 ATF_TC_HEAD(munlock_success, tc)
1132 {
1133 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1134 					"munlock(2) call");
1135 }
1136 
1137 ATF_TC_BODY(munlock_success, tc)
1138 {
1139 	pid = getpid();
1140 	snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,success", pid);
1141 
1142 	FILE *pipefd = setup(fds, auclass);
1143 	ATF_REQUIRE_EQ(0, munlock(NULL, 0));
1144 	check_audit(fds, pcregex, pipefd);
1145 }
1146 
1147 ATF_TC_CLEANUP(munlock_success, tc)
1148 {
1149 	cleanup();
1150 }
1151 
1152 
1153 ATF_TC_WITH_CLEANUP(munlock_failure);
1154 ATF_TC_HEAD(munlock_failure, tc)
1155 {
1156 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1157 					"munlock(2) call");
1158 }
1159 
1160 ATF_TC_BODY(munlock_failure, tc)
1161 {
1162 	pid = getpid();
1163 	snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,failure", pid);
1164 
1165 	FILE *pipefd = setup(fds, auclass);
1166 	ATF_REQUIRE_EQ(-1, munlock((void *)(-1), -1));
1167 	check_audit(fds, pcregex, pipefd);
1168 }
1169 
1170 ATF_TC_CLEANUP(munlock_failure, tc)
1171 {
1172 	cleanup();
1173 }
1174 
1175 
1176 ATF_TC_WITH_CLEANUP(minherit_success);
1177 ATF_TC_HEAD(minherit_success, tc)
1178 {
1179 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1180 					"minherit(2) call");
1181 }
1182 
1183 ATF_TC_BODY(minherit_success, tc)
1184 {
1185 	pid = getpid();
1186 	snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,success", pid);
1187 
1188 	FILE *pipefd = setup(fds, auclass);
1189 	ATF_REQUIRE_EQ(0, minherit(NULL, 0, INHERIT_ZERO));
1190 	check_audit(fds, pcregex, pipefd);
1191 }
1192 
1193 ATF_TC_CLEANUP(minherit_success, tc)
1194 {
1195 	cleanup();
1196 }
1197 
1198 
1199 ATF_TC_WITH_CLEANUP(minherit_failure);
1200 ATF_TC_HEAD(minherit_failure, tc)
1201 {
1202 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1203 					"minherit(2) call");
1204 }
1205 
1206 ATF_TC_BODY(minherit_failure, tc)
1207 {
1208 	pid = getpid();
1209 	snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,failure", pid);
1210 
1211 	FILE *pipefd = setup(fds, auclass);
1212 	ATF_REQUIRE_EQ(-1, minherit((void *)(-1), -1, 0));
1213 	check_audit(fds, pcregex, pipefd);
1214 }
1215 
1216 ATF_TC_CLEANUP(minherit_failure, tc)
1217 {
1218 	cleanup();
1219 }
1220 
1221 
1222 ATF_TC_WITH_CLEANUP(setlogin_success);
1223 ATF_TC_HEAD(setlogin_success, tc)
1224 {
1225 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1226 					"setlogin(2) call");
1227 }
1228 
1229 ATF_TC_BODY(setlogin_success, tc)
1230 {
1231 	char *name;
1232 	pid = getpid();
1233 	snprintf(pcregex, sizeof(pcregex), "setlogin.*%d.*return,success", pid);
1234 
1235 	/* Retrieve the current user's login name to be used with setlogin(2) */
1236 	ATF_REQUIRE((name = getlogin()) != NULL);
1237 	FILE *pipefd = setup(fds, auclass);
1238 	ATF_REQUIRE_EQ(0, setlogin(name));
1239 	check_audit(fds, pcregex, pipefd);
1240 }
1241 
1242 ATF_TC_CLEANUP(setlogin_success, tc)
1243 {
1244 	cleanup();
1245 }
1246 
1247 
1248 ATF_TC_WITH_CLEANUP(setlogin_failure);
1249 ATF_TC_HEAD(setlogin_failure, tc)
1250 {
1251 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1252 					"setlogin(2) call");
1253 }
1254 
1255 ATF_TC_BODY(setlogin_failure, tc)
1256 {
1257 	pid = getpid();
1258 	snprintf(pcregex, sizeof(pcregex), "setlogin.*%d.*return,failure", pid);
1259 
1260 	FILE *pipefd = setup(fds, auclass);
1261 	ATF_REQUIRE_EQ(-1, setlogin(NULL));
1262 	check_audit(fds, pcregex, pipefd);
1263 }
1264 
1265 ATF_TC_CLEANUP(setlogin_failure, tc)
1266 {
1267 	cleanup();
1268 }
1269 
1270 
1271 ATF_TC_WITH_CLEANUP(rtprio_success);
1272 ATF_TC_HEAD(rtprio_success, tc)
1273 {
1274 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1275 					"rtprio(2) call");
1276 }
1277 
1278 ATF_TC_BODY(rtprio_success, tc)
1279 {
1280 	struct rtprio rtp;
1281 	pid = getpid();
1282 	snprintf(pcregex, sizeof(pcregex), "rtprio.*%d.*return,success", pid);
1283 
1284 	FILE *pipefd = setup(fds, auclass);
1285 	ATF_REQUIRE_EQ(0, rtprio(RTP_LOOKUP, 0, &rtp));
1286 	check_audit(fds, pcregex, pipefd);
1287 }
1288 
1289 ATF_TC_CLEANUP(rtprio_success, tc)
1290 {
1291 	cleanup();
1292 }
1293 
1294 
1295 ATF_TC_WITH_CLEANUP(rtprio_failure);
1296 ATF_TC_HEAD(rtprio_failure, tc)
1297 {
1298 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1299 					"rtprio(2) call");
1300 }
1301 
1302 ATF_TC_BODY(rtprio_failure, tc)
1303 {
1304 	pid = getpid();
1305 	snprintf(pcregex, sizeof(pcregex), "rtprio.*%d.*return,failure", pid);
1306 
1307 	FILE *pipefd = setup(fds, auclass);
1308 	ATF_REQUIRE_EQ(-1, rtprio(-1, -1, NULL));
1309 	check_audit(fds, pcregex, pipefd);
1310 }
1311 
1312 ATF_TC_CLEANUP(rtprio_failure, tc)
1313 {
1314 	cleanup();
1315 }
1316 
1317 
1318 ATF_TC_WITH_CLEANUP(profil_success);
1319 ATF_TC_HEAD(profil_success, tc)
1320 {
1321 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1322 					"profil(2) call");
1323 }
1324 
1325 ATF_TC_BODY(profil_success, tc)
1326 {
1327 	pid = getpid();
1328 	snprintf(pcregex, sizeof(pcregex), "profil.*%d.*return,success", pid);
1329 
1330 	char samples[20];
1331 	FILE *pipefd = setup(fds, auclass);
1332 	/* Set scale argument as 0 to disable profiling of current process */
1333 	ATF_REQUIRE_EQ(0, profil(samples, sizeof(samples), 0, 0));
1334 	check_audit(fds, pcregex, pipefd);
1335 }
1336 
1337 ATF_TC_CLEANUP(profil_success, tc)
1338 {
1339 	cleanup();
1340 }
1341 
1342 
1343 ATF_TC_WITH_CLEANUP(profil_failure);
1344 ATF_TC_HEAD(profil_failure, tc)
1345 {
1346 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1347 					"profil(2) call");
1348 }
1349 
1350 ATF_TC_BODY(profil_failure, tc)
1351 {
1352 	pid = getpid();
1353 	snprintf(pcregex, sizeof(pcregex), "profil.*%d.*return,failure", pid);
1354 
1355 	FILE *pipefd = setup(fds, auclass);
1356 	ATF_REQUIRE_EQ(-1, profil((char *)(SIZE_MAX), -1, -1, -1));
1357 	check_audit(fds, pcregex, pipefd);
1358 }
1359 
1360 ATF_TC_CLEANUP(profil_failure, tc)
1361 {
1362 	cleanup();
1363 }
1364 
1365 
1366 ATF_TC_WITH_CLEANUP(ptrace_success);
1367 ATF_TC_HEAD(ptrace_success, tc)
1368 {
1369 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1370 					"ptrace(2) call");
1371 }
1372 
1373 ATF_TC_BODY(ptrace_success, tc)
1374 {
1375 	pid = getpid();
1376 	snprintf(pcregex, sizeof(pcregex), "ptrace.*%d.*return,success", pid);
1377 
1378 	FILE *pipefd = setup(fds, auclass);
1379 	ATF_REQUIRE_EQ(0, ptrace(PT_TRACE_ME, 0, NULL, 0));
1380 	check_audit(fds, pcregex, pipefd);
1381 }
1382 
1383 ATF_TC_CLEANUP(ptrace_success, tc)
1384 {
1385 	cleanup();
1386 }
1387 
1388 
1389 ATF_TC_WITH_CLEANUP(ptrace_failure);
1390 ATF_TC_HEAD(ptrace_failure, tc)
1391 {
1392 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1393 					"ptrace(2) call");
1394 }
1395 
1396 ATF_TC_BODY(ptrace_failure, tc)
1397 {
1398 	pid = getpid();
1399 	snprintf(pcregex, sizeof(pcregex), "ptrace.*%d.*return,failure", pid);
1400 
1401 	FILE *pipefd = setup(fds, auclass);
1402 	ATF_REQUIRE_EQ(-1, ptrace(-1, 0, NULL, 0));
1403 	check_audit(fds, pcregex, pipefd);
1404 }
1405 
1406 ATF_TC_CLEANUP(ptrace_failure, tc)
1407 {
1408 	cleanup();
1409 }
1410 
1411 
1412 ATF_TC_WITH_CLEANUP(ktrace_success);
1413 ATF_TC_HEAD(ktrace_success, tc)
1414 {
1415 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1416 					"ktrace(2) call");
1417 }
1418 
1419 ATF_TC_BODY(ktrace_success, tc)
1420 {
1421 	pid = getpid();
1422 	snprintf(pcregex, sizeof(pcregex), "ktrace.*%d.*return,success", pid);
1423 
1424 	FILE *pipefd = setup(fds, auclass);
1425 	ATF_REQUIRE_EQ(0, ktrace(NULL, KTROP_CLEAR, KTRFAC_SYSCALL, pid));
1426 	check_audit(fds, pcregex, pipefd);
1427 }
1428 
1429 ATF_TC_CLEANUP(ktrace_success, tc)
1430 {
1431 	cleanup();
1432 }
1433 
1434 
1435 ATF_TC_WITH_CLEANUP(ktrace_failure);
1436 ATF_TC_HEAD(ktrace_failure, tc)
1437 {
1438 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1439 					"ktrace(2) call");
1440 }
1441 
1442 ATF_TC_BODY(ktrace_failure, tc)
1443 {
1444 	pid = getpid();
1445 	snprintf(pcregex, sizeof(pcregex), "ktrace.*%d.*return,failure", pid);
1446 
1447 	FILE *pipefd = setup(fds, auclass);
1448 	ATF_REQUIRE_EQ(-1, ktrace(NULL, -1, -1, 0));
1449 	check_audit(fds, pcregex, pipefd);
1450 }
1451 
1452 ATF_TC_CLEANUP(ktrace_failure, tc)
1453 {
1454 	cleanup();
1455 }
1456 
1457 
1458 ATF_TC_WITH_CLEANUP(procctl_success);
1459 ATF_TC_HEAD(procctl_success, tc)
1460 {
1461 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1462 					"procctl(2) call");
1463 }
1464 
1465 ATF_TC_BODY(procctl_success, tc)
1466 {
1467 	pid = getpid();
1468 	snprintf(pcregex, sizeof(pcregex), "procctl.*%d.*return,success", pid);
1469 
1470 	struct procctl_reaper_status reapstat;
1471 	FILE *pipefd = setup(fds, auclass);
1472 	/* Retrieve information about the reaper of current process (pid) */
1473 	ATF_REQUIRE_EQ(0, procctl(P_PID, pid, PROC_REAP_STATUS, &reapstat));
1474 	check_audit(fds, pcregex, pipefd);
1475 }
1476 
1477 ATF_TC_CLEANUP(procctl_success, tc)
1478 {
1479 	cleanup();
1480 }
1481 
1482 
1483 ATF_TC_WITH_CLEANUP(procctl_failure);
1484 ATF_TC_HEAD(procctl_failure, tc)
1485 {
1486 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1487 					"procctl(2) call");
1488 }
1489 
1490 ATF_TC_BODY(procctl_failure, tc)
1491 {
1492 	pid = getpid();
1493 	snprintf(pcregex, sizeof(pcregex), "procctl.*%d.*return,failure", pid);
1494 
1495 	FILE *pipefd = setup(fds, auclass);
1496 	ATF_REQUIRE_EQ(-1, procctl(-1, -1, -1, NULL));
1497 	check_audit(fds, pcregex, pipefd);
1498 }
1499 
1500 ATF_TC_CLEANUP(procctl_failure, tc)
1501 {
1502 	cleanup();
1503 }
1504 
1505 
1506 ATF_TC_WITH_CLEANUP(cap_enter_success);
1507 ATF_TC_HEAD(cap_enter_success, tc)
1508 {
1509 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1510 					"cap_enter(2) call");
1511 }
1512 
1513 ATF_TC_BODY(cap_enter_success, tc)
1514 {
1515 	ATF_REQUIRE_FEATURE("security_capability_mode");
1516 
1517 	FILE *pipefd = setup(fds, auclass);
1518 	ATF_REQUIRE((pid = fork()) != -1);
1519 	if (pid) {
1520 		snprintf(pcregex, sizeof(pcregex),
1521 			"cap_enter.*%d.*return,success", pid);
1522 		ATF_REQUIRE(wait(&status) != -1);
1523 		check_audit(fds, pcregex, pipefd);
1524 	}
1525 	else {
1526 		ATF_REQUIRE_EQ(0, cap_enter());
1527 		_exit(0);
1528 	}
1529 }
1530 
1531 ATF_TC_CLEANUP(cap_enter_success, tc)
1532 {
1533 	cleanup();
1534 }
1535 
1536 
1537 ATF_TC_WITH_CLEANUP(cap_getmode_success);
1538 ATF_TC_HEAD(cap_getmode_success, tc)
1539 {
1540 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1541 					"cap_getmode(2) call");
1542 }
1543 
1544 ATF_TC_BODY(cap_getmode_success, tc)
1545 {
1546 	int modep;
1547 
1548 	ATF_REQUIRE_FEATURE("security_capability_mode");
1549 
1550 	pid = getpid();
1551 	snprintf(pcregex, sizeof(pcregex), "cap_getmode.*%d.*success", pid);
1552 
1553 	FILE *pipefd = setup(fds, auclass);
1554 	ATF_REQUIRE_EQ(0, cap_getmode(&modep));
1555 	check_audit(fds, pcregex, pipefd);
1556 }
1557 
1558 ATF_TC_CLEANUP(cap_getmode_success, tc)
1559 {
1560 	cleanup();
1561 }
1562 
1563 
1564 ATF_TC_WITH_CLEANUP(cap_getmode_failure);
1565 ATF_TC_HEAD(cap_getmode_failure, tc)
1566 {
1567 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1568 					"cap_getmode(2) call");
1569 }
1570 
1571 ATF_TC_BODY(cap_getmode_failure, tc)
1572 {
1573 	pid = getpid();
1574 	snprintf(pcregex, sizeof(pcregex), "cap_getmode.*%d.*failure", pid);
1575 
1576 	FILE *pipefd = setup(fds, auclass);
1577 	/* cap_getmode(2) can either fail with EFAULT or ENOSYS */
1578 	ATF_REQUIRE_EQ(-1, cap_getmode(NULL));
1579 	check_audit(fds, pcregex, pipefd);
1580 }
1581 
1582 ATF_TC_CLEANUP(cap_getmode_failure, tc)
1583 {
1584 	cleanup();
1585 }
1586 
1587 
1588 ATF_TP_ADD_TCS(tp)
1589 {
1590 	ATF_TP_ADD_TC(tp, fork_success);
1591 	ATF_TP_ADD_TC(tp, _exit_success);
1592 	ATF_TP_ADD_TC(tp, rfork_success);
1593 	ATF_TP_ADD_TC(tp, rfork_failure);
1594 
1595 	ATF_TP_ADD_TC(tp, wait4_success);
1596 	ATF_TP_ADD_TC(tp, wait4_failure);
1597 	ATF_TP_ADD_TC(tp, wait6_success);
1598 	ATF_TP_ADD_TC(tp, wait6_failure);
1599 	ATF_TP_ADD_TC(tp, kill_success);
1600 	ATF_TP_ADD_TC(tp, kill_failure);
1601 
1602 	ATF_TP_ADD_TC(tp, chdir_success);
1603 	ATF_TP_ADD_TC(tp, chdir_failure);
1604 	ATF_TP_ADD_TC(tp, fchdir_success);
1605 	ATF_TP_ADD_TC(tp, fchdir_failure);
1606 	ATF_TP_ADD_TC(tp, chroot_success);
1607 	ATF_TP_ADD_TC(tp, chroot_failure);
1608 
1609 	ATF_TP_ADD_TC(tp, umask_success);
1610 	ATF_TP_ADD_TC(tp, setuid_success);
1611 	ATF_TP_ADD_TC(tp, seteuid_success);
1612 	ATF_TP_ADD_TC(tp, setgid_success);
1613 	ATF_TP_ADD_TC(tp, setegid_success);
1614 
1615 	ATF_TP_ADD_TC(tp, setreuid_success);
1616 	ATF_TP_ADD_TC(tp, setregid_success);
1617 	ATF_TP_ADD_TC(tp, setresuid_success);
1618 	ATF_TP_ADD_TC(tp, setresgid_success);
1619 
1620 	ATF_TP_ADD_TC(tp, getresuid_success);
1621 	ATF_TP_ADD_TC(tp, getresuid_failure);
1622 	ATF_TP_ADD_TC(tp, getresgid_success);
1623 	ATF_TP_ADD_TC(tp, getresgid_failure);
1624 
1625 	ATF_TP_ADD_TC(tp, setpriority_success);
1626 	ATF_TP_ADD_TC(tp, setpriority_failure);
1627 	ATF_TP_ADD_TC(tp, setgroups_success);
1628 	ATF_TP_ADD_TC(tp, setgroups_failure);
1629 	ATF_TP_ADD_TC(tp, setpgrp_success);
1630 	ATF_TP_ADD_TC(tp, setpgrp_failure);
1631 	ATF_TP_ADD_TC(tp, setsid_success);
1632 	ATF_TP_ADD_TC(tp, setsid_failure);
1633 	ATF_TP_ADD_TC(tp, setrlimit_success);
1634 	ATF_TP_ADD_TC(tp, setrlimit_failure);
1635 
1636 	ATF_TP_ADD_TC(tp, mlock_success);
1637 	ATF_TP_ADD_TC(tp, mlock_failure);
1638 	ATF_TP_ADD_TC(tp, munlock_success);
1639 	ATF_TP_ADD_TC(tp, munlock_failure);
1640 	ATF_TP_ADD_TC(tp, minherit_success);
1641 	ATF_TP_ADD_TC(tp, minherit_failure);
1642 
1643 	ATF_TP_ADD_TC(tp, setlogin_success);
1644 	ATF_TP_ADD_TC(tp, setlogin_failure);
1645 	ATF_TP_ADD_TC(tp, rtprio_success);
1646 	ATF_TP_ADD_TC(tp, rtprio_failure);
1647 
1648 	ATF_TP_ADD_TC(tp, profil_success);
1649 	ATF_TP_ADD_TC(tp, profil_failure);
1650 	ATF_TP_ADD_TC(tp, ptrace_success);
1651 	ATF_TP_ADD_TC(tp, ptrace_failure);
1652 	ATF_TP_ADD_TC(tp, ktrace_success);
1653 	ATF_TP_ADD_TC(tp, ktrace_failure);
1654 	ATF_TP_ADD_TC(tp, procctl_success);
1655 	ATF_TP_ADD_TC(tp, procctl_failure);
1656 
1657 	ATF_TP_ADD_TC(tp, cap_enter_success);
1658 	ATF_TP_ADD_TC(tp, cap_getmode_success);
1659 	ATF_TP_ADD_TC(tp, cap_getmode_failure);
1660 
1661 	return (atf_no_error());
1662 }
1663