xref: /freebsd/tests/sys/audit/process-control.c (revision cab6a39d7b343596a5823e65c0f7b426551ec22d)
1 /*-
2  * Copyright (c) 2018 Aniket Pandey
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * SUCH DAMAGE.
24  *
25  * $FreeBSD$
26  */
27 
28 #include <sys/param.h>
29 #include <sys/capsicum.h>
30 #include <sys/uio.h>
31 #include <sys/ktrace.h>
32 #include <sys/mman.h>
33 #include <sys/procctl.h>
34 #include <sys/ptrace.h>
35 #include <sys/resource.h>
36 #include <sys/rtprio.h>
37 #include <sys/stat.h>
38 #include <sys/sysctl.h>
39 #include <sys/time.h>
40 #include <sys/wait.h>
41 
42 #include <atf-c.h>
43 #include <fcntl.h>
44 #include <signal.h>
45 #include <stdint.h>
46 #include <stdlib.h>
47 #include <unistd.h>
48 
49 #include "utils.h"
50 
51 #include "freebsd_test_suite/macros.h"
52 
53 static pid_t pid;
54 static int filedesc, status;
55 static struct pollfd fds[1];
56 static char pcregex[80];
57 static const char *auclass = "pc";
58 
59 
60 ATF_TC_WITH_CLEANUP(fork_success);
61 ATF_TC_HEAD(fork_success, tc)
62 {
63 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
64 					"fork(2) call");
65 }
66 
67 ATF_TC_BODY(fork_success, tc)
68 {
69 	pid = getpid();
70 	snprintf(pcregex, sizeof(pcregex), "fork.*%d.*return,success", pid);
71 
72 	FILE *pipefd = setup(fds, auclass);
73 	/* Check if fork(2) succeded. If so, exit from the child process */
74 	ATF_REQUIRE((pid = fork()) != -1);
75 	if (pid)
76 		check_audit(fds, pcregex, pipefd);
77 	else
78 		_exit(0);
79 }
80 
81 ATF_TC_CLEANUP(fork_success, tc)
82 {
83 	cleanup();
84 }
85 
86 /*
87  * No fork(2) in failure mode since possibilities for failure are only when
88  * user is not privileged or when the number of processes exceed KERN_MAXPROC.
89  */
90 
91 
92 ATF_TC_WITH_CLEANUP(_exit_success);
93 ATF_TC_HEAD(_exit_success, tc)
94 {
95 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
96 					"_exit(2) call");
97 }
98 
99 ATF_TC_BODY(_exit_success, tc)
100 {
101 	FILE *pipefd = setup(fds, auclass);
102 	ATF_REQUIRE((pid = fork()) != -1);
103 	if (pid) {
104 		snprintf(pcregex, sizeof(pcregex), "exit.*%d.*success", pid);
105 		check_audit(fds, pcregex, pipefd);
106 	}
107 	else
108 		_exit(0);
109 }
110 
111 ATF_TC_CLEANUP(_exit_success, tc)
112 {
113 	cleanup();
114 }
115 
116 /*
117  * _exit(2) never returns, hence the auditing by default is always successful
118  */
119 
120 
121 ATF_TC_WITH_CLEANUP(rfork_success);
122 ATF_TC_HEAD(rfork_success, tc)
123 {
124 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
125 					"rfork(2) call");
126 }
127 
128 ATF_TC_BODY(rfork_success, tc)
129 {
130 	pid = getpid();
131 	snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,success", pid);
132 
133 	FILE *pipefd = setup(fds, auclass);
134 	ATF_REQUIRE((pid = rfork(RFPROC)) != -1);
135 	if (pid)
136 		check_audit(fds, pcregex, pipefd);
137 	else
138 		_exit(0);
139 }
140 
141 ATF_TC_CLEANUP(rfork_success, tc)
142 {
143 	cleanup();
144 }
145 
146 
147 ATF_TC_WITH_CLEANUP(rfork_failure);
148 ATF_TC_HEAD(rfork_failure, tc)
149 {
150 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
151 					"rfork(2) call");
152 }
153 
154 ATF_TC_BODY(rfork_failure, tc)
155 {
156 	pid = getpid();
157 	snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,failure", pid);
158 
159 	FILE *pipefd = setup(fds, auclass);
160 	/* Failure reason: Invalid argument */
161 	ATF_REQUIRE_EQ(-1, rfork(-1));
162 	check_audit(fds, pcregex, pipefd);
163 }
164 
165 ATF_TC_CLEANUP(rfork_failure, tc)
166 {
167 	cleanup();
168 }
169 
170 
171 ATF_TC_WITH_CLEANUP(wait4_success);
172 ATF_TC_HEAD(wait4_success, tc)
173 {
174 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
175 					"wait4(2) call");
176 }
177 
178 ATF_TC_BODY(wait4_success, tc)
179 {
180 	pid = getpid();
181 	snprintf(pcregex, sizeof(pcregex), "wait4.*%d.*return,success", pid);
182 
183 	ATF_REQUIRE((pid = fork()) != -1);
184 	if (pid) {
185 		FILE *pipefd = setup(fds, auclass);
186 		/* wpid = -1 : Wait for any child process */
187 		ATF_REQUIRE(wait4(-1, &status, 0, NULL) != -1);
188 		check_audit(fds, pcregex, pipefd);
189 	}
190 	else
191 		_exit(0);
192 }
193 
194 ATF_TC_CLEANUP(wait4_success, tc)
195 {
196 	cleanup();
197 }
198 
199 
200 ATF_TC_WITH_CLEANUP(wait4_failure);
201 ATF_TC_HEAD(wait4_failure, tc)
202 {
203 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
204 					"wait4(2) call");
205 }
206 
207 ATF_TC_BODY(wait4_failure, tc)
208 {
209 	pid = getpid();
210 	snprintf(pcregex, sizeof(pcregex), "wait4.*%d.*return,failure", pid);
211 
212 	FILE *pipefd = setup(fds, auclass);
213 	/* Failure reason: No child process to wait for */
214 	ATF_REQUIRE_EQ(-1, wait4(-1, NULL, 0, NULL));
215 	check_audit(fds, pcregex, pipefd);
216 }
217 
218 ATF_TC_CLEANUP(wait4_failure, tc)
219 {
220 	cleanup();
221 }
222 
223 
224 ATF_TC_WITH_CLEANUP(wait6_success);
225 ATF_TC_HEAD(wait6_success, tc)
226 {
227 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
228 					"wait6(2) call");
229 }
230 
231 ATF_TC_BODY(wait6_success, tc)
232 {
233 	pid = getpid();
234 	snprintf(pcregex, sizeof(pcregex), "wait6.*%d.*return,success", pid);
235 
236 	ATF_REQUIRE((pid = fork()) != -1);
237 	if (pid) {
238 		FILE *pipefd = setup(fds, auclass);
239 		ATF_REQUIRE(wait6(P_ALL, 0, &status, WEXITED, NULL,NULL) != -1);
240 		check_audit(fds, pcregex, pipefd);
241 	}
242 	else
243 		_exit(0);
244 }
245 
246 ATF_TC_CLEANUP(wait6_success, tc)
247 {
248 	cleanup();
249 }
250 
251 
252 ATF_TC_WITH_CLEANUP(wait6_failure);
253 ATF_TC_HEAD(wait6_failure, tc)
254 {
255 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
256 					"wait6(2) call");
257 }
258 
259 ATF_TC_BODY(wait6_failure, tc)
260 {
261 	pid = getpid();
262 	snprintf(pcregex, sizeof(pcregex), "wait6.*%d.*return,failure", pid);
263 
264 	FILE *pipefd = setup(fds, auclass);
265 	/* Failure reason: Invalid argument */
266 	ATF_REQUIRE_EQ(-1, wait6(0, 0, NULL, 0, NULL, NULL));
267 	check_audit(fds, pcregex, pipefd);
268 }
269 
270 ATF_TC_CLEANUP(wait6_failure, tc)
271 {
272 	cleanup();
273 }
274 
275 
276 ATF_TC_WITH_CLEANUP(kill_success);
277 ATF_TC_HEAD(kill_success, tc)
278 {
279 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
280 					"kill(2) call");
281 }
282 
283 ATF_TC_BODY(kill_success, tc)
284 {
285 	pid = getpid();
286 	snprintf(pcregex, sizeof(pcregex), "kill.*%d.*return,success", pid);
287 
288 	FILE *pipefd = setup(fds, auclass);
289 	/* Don't send any signal to anyone, live in peace! */
290 	ATF_REQUIRE_EQ(0, kill(0, 0));
291 	check_audit(fds, pcregex, pipefd);
292 }
293 
294 ATF_TC_CLEANUP(kill_success, tc)
295 {
296 	cleanup();
297 }
298 
299 
300 ATF_TC_WITH_CLEANUP(kill_failure);
301 ATF_TC_HEAD(kill_failure, tc)
302 {
303 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
304 					"kill(2) call");
305 }
306 
307 ATF_TC_BODY(kill_failure, tc)
308 {
309 	pid = getpid();
310 	snprintf(pcregex, sizeof(pcregex), "kill.*%d.*return,failure", pid);
311 
312 	FILE *pipefd = setup(fds, auclass);
313 	/*
314 	 * Failure reason: Non existent process with PID '-2'
315 	 * Note: '-1' is not used as it means sending no signal to
316 	 * all non-system processes: A successful invocation
317 	 */
318 	ATF_REQUIRE_EQ(-1, kill(0, -2));
319 	check_audit(fds, pcregex, pipefd);
320 }
321 
322 ATF_TC_CLEANUP(kill_failure, tc)
323 {
324 	cleanup();
325 }
326 
327 
328 ATF_TC_WITH_CLEANUP(chdir_success);
329 ATF_TC_HEAD(chdir_success, tc)
330 {
331 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
332 					"chdir(2) call");
333 }
334 
335 ATF_TC_BODY(chdir_success, tc)
336 {
337 	pid = getpid();
338 	snprintf(pcregex, sizeof(pcregex), "chdir.*/.*%d.*return,success", pid);
339 
340 	FILE *pipefd = setup(fds, auclass);
341 	ATF_REQUIRE_EQ(0, chdir("/"));
342 	check_audit(fds, pcregex, pipefd);
343 }
344 
345 ATF_TC_CLEANUP(chdir_success, tc)
346 {
347 	cleanup();
348 }
349 
350 
351 ATF_TC_WITH_CLEANUP(chdir_failure);
352 ATF_TC_HEAD(chdir_failure, tc)
353 {
354 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
355 					"chdir(2) call");
356 }
357 
358 ATF_TC_BODY(chdir_failure, tc)
359 {
360 	pid = getpid();
361 	snprintf(pcregex, sizeof(pcregex), "chdir.*%d.*return,failure", pid);
362 
363 	FILE *pipefd = setup(fds, auclass);
364 	/* Failure reason: Bad address */
365 	ATF_REQUIRE_EQ(-1, chdir(NULL));
366 	check_audit(fds, pcregex, pipefd);
367 }
368 
369 ATF_TC_CLEANUP(chdir_failure, tc)
370 {
371 	cleanup();
372 }
373 
374 
375 ATF_TC_WITH_CLEANUP(fchdir_success);
376 ATF_TC_HEAD(fchdir_success, tc)
377 {
378 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
379 					"fchdir(2) call");
380 }
381 
382 ATF_TC_BODY(fchdir_success, tc)
383 {
384 	/* Build an absolute path to the test-case directory */
385 	char dirpath[50];
386 	ATF_REQUIRE(getcwd(dirpath, sizeof(dirpath)) != NULL);
387 	ATF_REQUIRE((filedesc = open(dirpath, O_RDONLY)) != -1);
388 
389 	/* Audit record generated by fchdir(2) does not contain filedesc */
390 	pid = getpid();
391 	snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,success", pid);
392 
393 	FILE *pipefd = setup(fds, auclass);
394 	ATF_REQUIRE_EQ(0, fchdir(filedesc));
395 	check_audit(fds, pcregex, pipefd);
396 	close(filedesc);
397 }
398 
399 ATF_TC_CLEANUP(fchdir_success, tc)
400 {
401 	cleanup();
402 }
403 
404 
405 ATF_TC_WITH_CLEANUP(fchdir_failure);
406 ATF_TC_HEAD(fchdir_failure, tc)
407 {
408 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
409 					"fchdir(2) call");
410 }
411 
412 ATF_TC_BODY(fchdir_failure, tc)
413 {
414 	pid = getpid();
415 	snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,failure", pid);
416 
417 	FILE *pipefd = setup(fds, auclass);
418 	/* Failure reason: Bad directory address */
419 	ATF_REQUIRE_EQ(-1, fchdir(-1));
420 	check_audit(fds, pcregex, pipefd);
421 }
422 
423 ATF_TC_CLEANUP(fchdir_failure, tc)
424 {
425 	cleanup();
426 }
427 
428 
429 ATF_TC_WITH_CLEANUP(chroot_success);
430 ATF_TC_HEAD(chroot_success, tc)
431 {
432 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
433 					"chroot(2) call");
434 }
435 
436 ATF_TC_BODY(chroot_success, tc)
437 {
438 	pid = getpid();
439 	snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,success", pid);
440 
441 	FILE *pipefd = setup(fds, auclass);
442 	/* We don't want to change the root directory, hence '/' */
443 	ATF_REQUIRE_EQ(0, chroot("/"));
444 	check_audit(fds, pcregex, pipefd);
445 }
446 
447 ATF_TC_CLEANUP(chroot_success, tc)
448 {
449 	cleanup();
450 }
451 
452 
453 ATF_TC_WITH_CLEANUP(chroot_failure);
454 ATF_TC_HEAD(chroot_failure, tc)
455 {
456 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
457 					"chroot(2) call");
458 }
459 
460 ATF_TC_BODY(chroot_failure, tc)
461 {
462 	pid = getpid();
463 	snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,failure", pid);
464 
465 	FILE *pipefd = setup(fds, auclass);
466 	ATF_REQUIRE_EQ(-1, chroot(NULL));
467 	check_audit(fds, pcregex, pipefd);
468 }
469 
470 ATF_TC_CLEANUP(chroot_failure, tc)
471 {
472 	cleanup();
473 }
474 
475 
476 ATF_TC_WITH_CLEANUP(umask_success);
477 ATF_TC_HEAD(umask_success, tc)
478 {
479 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
480 					"umask(2) call");
481 }
482 
483 ATF_TC_BODY(umask_success, tc)
484 {
485 	pid = getpid();
486 	snprintf(pcregex, sizeof(pcregex), "umask.*%d.*return,success", pid);
487 
488 	FILE *pipefd = setup(fds, auclass);
489 	umask(0);
490 	check_audit(fds, pcregex, pipefd);
491 }
492 
493 ATF_TC_CLEANUP(umask_success, tc)
494 {
495 	cleanup();
496 }
497 
498 /*
499  * umask(2) system call never fails. Hence, no test case for failure mode
500  */
501 
502 
503 ATF_TC_WITH_CLEANUP(setuid_success);
504 ATF_TC_HEAD(setuid_success, tc)
505 {
506 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
507 					"setuid(2) call");
508 }
509 
510 ATF_TC_BODY(setuid_success, tc)
511 {
512 	pid = getpid();
513 	snprintf(pcregex, sizeof(pcregex), "setuid.*%d.*return,success", pid);
514 
515 	FILE *pipefd = setup(fds, auclass);
516 	/* Since we're privileged, we'll let ourselves be privileged! */
517 	ATF_REQUIRE_EQ(0, setuid(0));
518 	check_audit(fds, pcregex, pipefd);
519 }
520 
521 ATF_TC_CLEANUP(setuid_success, tc)
522 {
523 	cleanup();
524 }
525 
526 /*
527  * setuid(2) fails only when the current user is not root. So no test case for
528  * failure mode since the required_user="root"
529  */
530 
531 
532 ATF_TC_WITH_CLEANUP(seteuid_success);
533 ATF_TC_HEAD(seteuid_success, tc)
534 {
535 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
536 					"seteuid(2) call");
537 }
538 
539 ATF_TC_BODY(seteuid_success, tc)
540 {
541 	pid = getpid();
542 	snprintf(pcregex, sizeof(pcregex), "seteuid.*%d.*return,success", pid);
543 
544 	FILE *pipefd = setup(fds, auclass);
545 	/* This time, we'll let ourselves be 'effectively' privileged! */
546 	ATF_REQUIRE_EQ(0, seteuid(0));
547 	check_audit(fds, pcregex, pipefd);
548 }
549 
550 ATF_TC_CLEANUP(seteuid_success, tc)
551 {
552 	cleanup();
553 }
554 
555 /*
556  * seteuid(2) fails only when the current user is not root. So no test case for
557  * failure mode since the required_user="root"
558  */
559 
560 
561 ATF_TC_WITH_CLEANUP(setgid_success);
562 ATF_TC_HEAD(setgid_success, tc)
563 {
564 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
565 					"setgid(2) call");
566 }
567 
568 ATF_TC_BODY(setgid_success, tc)
569 {
570 	pid = getpid();
571 	snprintf(pcregex, sizeof(pcregex), "setgid.*%d.*return,success", pid);
572 
573 	FILE *pipefd = setup(fds, auclass);
574 	ATF_REQUIRE_EQ(0, setgid(0));
575 	check_audit(fds, pcregex, pipefd);
576 }
577 
578 ATF_TC_CLEANUP(setgid_success, tc)
579 {
580 	cleanup();
581 }
582 
583 /*
584  * setgid(2) fails only when the current user is not root. So no test case for
585  * failure mode since the required_user="root"
586  */
587 
588 
589 ATF_TC_WITH_CLEANUP(setegid_success);
590 ATF_TC_HEAD(setegid_success, tc)
591 {
592 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
593 					"setegid(2) call");
594 }
595 
596 ATF_TC_BODY(setegid_success, tc)
597 {
598 	pid = getpid();
599 	snprintf(pcregex, sizeof(pcregex), "setegid.*%d.*return,success", pid);
600 
601 	FILE *pipefd = setup(fds, auclass);
602 	ATF_REQUIRE_EQ(0, setegid(0));
603 	check_audit(fds, pcregex, pipefd);
604 }
605 
606 ATF_TC_CLEANUP(setegid_success, tc)
607 {
608 	cleanup();
609 }
610 
611 /*
612  * setegid(2) fails only when the current user is not root. So no test case for
613  * failure mode since the required_user="root"
614  */
615 
616 
617 ATF_TC_WITH_CLEANUP(setregid_success);
618 ATF_TC_HEAD(setregid_success, tc)
619 {
620 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
621 					"setregid(2) call");
622 }
623 
624 ATF_TC_BODY(setregid_success, tc)
625 {
626 	pid = getpid();
627 	snprintf(pcregex, sizeof(pcregex), "setregid.*%d.*return,success", pid);
628 
629 	FILE *pipefd = setup(fds, auclass);
630 	/* setregid(-1, -1) does not change any real or effective GIDs */
631 	ATF_REQUIRE_EQ(0, setregid(-1, -1));
632 	check_audit(fds, pcregex, pipefd);
633 }
634 
635 ATF_TC_CLEANUP(setregid_success, tc)
636 {
637 	cleanup();
638 }
639 
640 /*
641  * setregid(2) fails only when the current user is not root. So no test case for
642  * failure mode since the required_user="root"
643  */
644 
645 
646 ATF_TC_WITH_CLEANUP(setreuid_success);
647 ATF_TC_HEAD(setreuid_success, tc)
648 {
649 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
650 					"setreuid(2) call");
651 }
652 
653 ATF_TC_BODY(setreuid_success, tc)
654 {
655 	pid = getpid();
656 	snprintf(pcregex, sizeof(pcregex), "setreuid.*%d.*return,success", pid);
657 
658 	FILE *pipefd = setup(fds, auclass);
659 	/* setreuid(-1, -1) does not change any real or effective UIDs */
660 	ATF_REQUIRE_EQ(0, setreuid(-1, -1));
661 	check_audit(fds, pcregex, pipefd);
662 }
663 
664 ATF_TC_CLEANUP(setreuid_success, tc)
665 {
666 	cleanup();
667 }
668 
669 /*
670  * setregid(2) fails only when the current user is not root. So no test case for
671  * failure mode since the required_user="root"
672  */
673 
674 
675 ATF_TC_WITH_CLEANUP(setresuid_success);
676 ATF_TC_HEAD(setresuid_success, tc)
677 {
678 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
679 					"setresuid(2) call");
680 }
681 
682 ATF_TC_BODY(setresuid_success, tc)
683 {
684 	pid = getpid();
685 	snprintf(pcregex, sizeof(pcregex), "setresuid.*%d.*return,success", pid);
686 
687 	FILE *pipefd = setup(fds, auclass);
688 	/* setresuid(-1, -1, -1) does not change real, effective & saved UIDs */
689 	ATF_REQUIRE_EQ(0, setresuid(-1, -1, -1));
690 	check_audit(fds, pcregex, pipefd);
691 }
692 
693 ATF_TC_CLEANUP(setresuid_success, tc)
694 {
695 	cleanup();
696 }
697 
698 /*
699  * setresuid(2) fails only when the current user is not root. So no test case
700  * for failure mode since the required_user="root"
701  */
702 
703 
704 ATF_TC_WITH_CLEANUP(setresgid_success);
705 ATF_TC_HEAD(setresgid_success, tc)
706 {
707 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
708 					"setresgid(2) call");
709 }
710 
711 ATF_TC_BODY(setresgid_success, tc)
712 {
713 	pid = getpid();
714 	snprintf(pcregex, sizeof(pcregex), "setresgid.*%d.*ret.*success", pid);
715 
716 	FILE *pipefd = setup(fds, auclass);
717 	/* setresgid(-1, -1, -1) does not change real, effective & saved GIDs */
718 	ATF_REQUIRE_EQ(0, setresgid(-1, -1, -1));
719 	check_audit(fds, pcregex, pipefd);
720 }
721 
722 ATF_TC_CLEANUP(setresgid_success, tc)
723 {
724 	cleanup();
725 }
726 
727 /*
728  * setresgid(2) fails only when the current user is not root. So no test case
729  * for failure mode since the required_user="root"
730  */
731 
732 
733 ATF_TC_WITH_CLEANUP(getresuid_success);
734 ATF_TC_HEAD(getresuid_success, tc)
735 {
736 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
737 					"getresuid(2) call");
738 }
739 
740 ATF_TC_BODY(getresuid_success, tc)
741 {
742 	pid = getpid();
743 	snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*success", pid);
744 
745 	FILE *pipefd = setup(fds, auclass);
746 	ATF_REQUIRE_EQ(0, getresuid(NULL, NULL, NULL));
747 	check_audit(fds, pcregex, pipefd);
748 }
749 
750 ATF_TC_CLEANUP(getresuid_success, tc)
751 {
752 	cleanup();
753 }
754 
755 
756 ATF_TC_WITH_CLEANUP(getresuid_failure);
757 ATF_TC_HEAD(getresuid_failure, tc)
758 {
759 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
760 					"getresuid(2) call");
761 }
762 
763 ATF_TC_BODY(getresuid_failure, tc)
764 {
765 	pid = getpid();
766 	snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*failure", pid);
767 
768 	FILE *pipefd = setup(fds, auclass);
769 	/* Failure reason: Invalid address "-1" */
770 	ATF_REQUIRE_EQ(-1, getresuid((uid_t *)-1, NULL, NULL));
771 	check_audit(fds, pcregex, pipefd);
772 }
773 
774 ATF_TC_CLEANUP(getresuid_failure, tc)
775 {
776 	cleanup();
777 }
778 
779 
780 ATF_TC_WITH_CLEANUP(getresgid_success);
781 ATF_TC_HEAD(getresgid_success, tc)
782 {
783 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
784 					"getresgid(2) call");
785 }
786 
787 ATF_TC_BODY(getresgid_success, tc)
788 {
789 	pid = getpid();
790 	snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*success", pid);
791 
792 	FILE *pipefd = setup(fds, auclass);
793 	ATF_REQUIRE_EQ(0, getresgid(NULL, NULL, NULL));
794 	check_audit(fds, pcregex, pipefd);
795 }
796 
797 ATF_TC_CLEANUP(getresgid_success, tc)
798 {
799 	cleanup();
800 }
801 
802 
803 ATF_TC_WITH_CLEANUP(getresgid_failure);
804 ATF_TC_HEAD(getresgid_failure, tc)
805 {
806 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
807 					"getresgid(2) call");
808 }
809 
810 ATF_TC_BODY(getresgid_failure, tc)
811 {
812 	pid = getpid();
813 	snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*failure", pid);
814 
815 	FILE *pipefd = setup(fds, auclass);
816 	/* Failure reason: Invalid address "-1" */
817 	ATF_REQUIRE_EQ(-1, getresgid((gid_t *)-1, NULL, NULL));
818 	check_audit(fds, pcregex, pipefd);
819 }
820 
821 ATF_TC_CLEANUP(getresgid_failure, tc)
822 {
823 	cleanup();
824 }
825 
826 
827 ATF_TC_WITH_CLEANUP(setpriority_success);
828 ATF_TC_HEAD(setpriority_success, tc)
829 {
830 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
831 					"setpriority(2) call");
832 }
833 
834 ATF_TC_BODY(setpriority_success, tc)
835 {
836 	pid = getpid();
837 	snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*success", pid);
838 
839 	FILE *pipefd = setup(fds, auclass);
840 	ATF_REQUIRE_EQ(0, setpriority(PRIO_PROCESS, 0, 0));
841 	check_audit(fds, pcregex, pipefd);
842 }
843 
844 ATF_TC_CLEANUP(setpriority_success, tc)
845 {
846 	cleanup();
847 }
848 
849 
850 ATF_TC_WITH_CLEANUP(setpriority_failure);
851 ATF_TC_HEAD(setpriority_failure, tc)
852 {
853 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
854 					"setpriority(2) call");
855 }
856 
857 ATF_TC_BODY(setpriority_failure, tc)
858 {
859 	pid = getpid();
860 	snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*failure", pid);
861 
862 	FILE *pipefd = setup(fds, auclass);
863 	ATF_REQUIRE_EQ(-1, setpriority(-1, -1, -1));
864 	check_audit(fds, pcregex, pipefd);
865 }
866 
867 ATF_TC_CLEANUP(setpriority_failure, tc)
868 {
869 	cleanup();
870 }
871 
872 
873 ATF_TC_WITH_CLEANUP(setgroups_success);
874 ATF_TC_HEAD(setgroups_success, tc)
875 {
876 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
877 					"setgroups(2) call");
878 }
879 
880 ATF_TC_BODY(setgroups_success, tc)
881 {
882 	gid_t gids[5];
883 	pid = getpid();
884 	snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*success", pid);
885 	/* Retrieve the current group access list to be used with setgroups */
886 	ATF_REQUIRE(getgroups(sizeof(gids)/sizeof(gids[0]), gids) != -1);
887 
888 	FILE *pipefd = setup(fds, auclass);
889 	ATF_REQUIRE_EQ(0, setgroups(sizeof(gids)/sizeof(gids[0]), gids));
890 	check_audit(fds, pcregex, pipefd);
891 }
892 
893 ATF_TC_CLEANUP(setgroups_success, tc)
894 {
895 	cleanup();
896 }
897 
898 
899 ATF_TC_WITH_CLEANUP(setgroups_failure);
900 ATF_TC_HEAD(setgroups_failure, tc)
901 {
902 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
903 					"setgroups(2) call");
904 }
905 
906 ATF_TC_BODY(setgroups_failure, tc)
907 {
908 	pid = getpid();
909 	snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*failure", pid);
910 
911 	FILE *pipefd = setup(fds, auclass);
912 	ATF_REQUIRE_EQ(-1, setgroups(-1, NULL));
913 	check_audit(fds, pcregex, pipefd);
914 }
915 
916 ATF_TC_CLEANUP(setgroups_failure, tc)
917 {
918 	cleanup();
919 }
920 
921 
922 ATF_TC_WITH_CLEANUP(setpgrp_success);
923 ATF_TC_HEAD(setpgrp_success, tc)
924 {
925 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
926 					"setpgrp(2) call");
927 }
928 
929 ATF_TC_BODY(setpgrp_success, tc)
930 {
931 	/* Main procedure is carried out from within the child process */
932 	ATF_REQUIRE((pid = fork()) != -1);
933 	if (pid) {
934 		ATF_REQUIRE(wait(&status) != -1);
935 	} else {
936 		pid = getpid();
937 		snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*success", pid);
938 
939 		FILE *pipefd = setup(fds, auclass);
940 		ATF_REQUIRE_EQ(0, setpgrp(0, 0));
941 		check_audit(fds, pcregex, pipefd);
942 	}
943 }
944 
945 ATF_TC_CLEANUP(setpgrp_success, tc)
946 {
947 	cleanup();
948 }
949 
950 
951 ATF_TC_WITH_CLEANUP(setpgrp_failure);
952 ATF_TC_HEAD(setpgrp_failure, tc)
953 {
954 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
955 					"setpgrp(2) call");
956 }
957 
958 ATF_TC_BODY(setpgrp_failure, tc)
959 {
960 	pid = getpid();
961 	snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*return,failure", pid);
962 
963 	FILE *pipefd = setup(fds, auclass);
964 	ATF_REQUIRE_EQ(-1, setpgrp(-1, -1));
965 	check_audit(fds, pcregex, pipefd);
966 }
967 
968 ATF_TC_CLEANUP(setpgrp_failure, tc)
969 {
970 	cleanup();
971 }
972 
973 
974 ATF_TC_WITH_CLEANUP(setsid_success);
975 ATF_TC_HEAD(setsid_success, tc)
976 {
977 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
978 					"setsid(2) call");
979 }
980 
981 ATF_TC_BODY(setsid_success, tc)
982 {
983 	/* Main procedure is carried out from within the child process */
984 	ATF_REQUIRE((pid = fork()) != -1);
985 	if (pid) {
986 		ATF_REQUIRE(wait(&status) != -1);
987 	} else {
988 		pid = getpid();
989 		snprintf(pcregex, sizeof(pcregex), "setsid.*%d.*success", pid);
990 
991 		FILE *pipefd = setup(fds, auclass);
992 		ATF_REQUIRE(setsid() != -1);
993 		check_audit(fds, pcregex, pipefd);
994 	}
995 }
996 
997 ATF_TC_CLEANUP(setsid_success, tc)
998 {
999 	cleanup();
1000 }
1001 
1002 
1003 ATF_TC_WITH_CLEANUP(setsid_failure);
1004 ATF_TC_HEAD(setsid_failure, tc)
1005 {
1006 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1007 					"setsid(2) call");
1008 }
1009 
1010 ATF_TC_BODY(setsid_failure, tc)
1011 {
1012 	pid = getpid();
1013 	snprintf(pcregex, sizeof(pcregex), "setsid.*%d.*return,failure", pid);
1014 
1015 	/*
1016 	 * Here, we are intentionally ignoring the output of the setsid()
1017 	 * call because it may or may not be a process leader already. But it
1018 	 * ensures that the next invocation of setsid() will definitely fail.
1019 	 */
1020 	setsid();
1021 	FILE *pipefd = setup(fds, auclass);
1022 	/*
1023 	 * Failure reason: [EPERM] Creating a new session is not permitted
1024 	 * as the PID of calling process matches the PGID of a process group
1025 	 * created by premature setsid() call.
1026 	 */
1027 	ATF_REQUIRE_EQ(-1, setsid());
1028 	check_audit(fds, pcregex, pipefd);
1029 }
1030 
1031 ATF_TC_CLEANUP(setsid_failure, tc)
1032 {
1033 	cleanup();
1034 }
1035 
1036 
1037 ATF_TC_WITH_CLEANUP(setrlimit_success);
1038 ATF_TC_HEAD(setrlimit_success, tc)
1039 {
1040 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1041 					"setrlimit(2) call");
1042 }
1043 
1044 ATF_TC_BODY(setrlimit_success, tc)
1045 {
1046 	struct rlimit rlp;
1047 	pid = getpid();
1048 	snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*success", pid);
1049 	/* Retrieve the system resource consumption limit to be used later on */
1050 	ATF_REQUIRE_EQ(0, getrlimit(RLIMIT_FSIZE, &rlp));
1051 
1052 	FILE *pipefd = setup(fds, auclass);
1053 	ATF_REQUIRE_EQ(0, setrlimit(RLIMIT_FSIZE, &rlp));
1054 	check_audit(fds, pcregex, pipefd);
1055 }
1056 
1057 ATF_TC_CLEANUP(setrlimit_success, tc)
1058 {
1059 	cleanup();
1060 }
1061 
1062 
1063 ATF_TC_WITH_CLEANUP(setrlimit_failure);
1064 ATF_TC_HEAD(setrlimit_failure, tc)
1065 {
1066 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1067 					"setrlimit(2) call");
1068 }
1069 
1070 ATF_TC_BODY(setrlimit_failure, tc)
1071 {
1072 	pid = getpid();
1073 	snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*failure", pid);
1074 
1075 	FILE *pipefd = setup(fds, auclass);
1076 	ATF_REQUIRE_EQ(-1, setrlimit(RLIMIT_FSIZE, NULL));
1077 	check_audit(fds, pcregex, pipefd);
1078 }
1079 
1080 ATF_TC_CLEANUP(setrlimit_failure, tc)
1081 {
1082 	cleanup();
1083 }
1084 
1085 
1086 ATF_TC_WITH_CLEANUP(mlock_success);
1087 ATF_TC_HEAD(mlock_success, tc)
1088 {
1089 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1090 					"mlock(2) call");
1091 }
1092 
1093 ATF_TC_BODY(mlock_success, tc)
1094 {
1095 	pid = getpid();
1096 	snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,success", pid);
1097 
1098 	FILE *pipefd = setup(fds, auclass);
1099 	ATF_REQUIRE_EQ(0, mlock(NULL, 0));
1100 	check_audit(fds, pcregex, pipefd);
1101 }
1102 
1103 ATF_TC_CLEANUP(mlock_success, tc)
1104 {
1105 	cleanup();
1106 }
1107 
1108 
1109 ATF_TC_WITH_CLEANUP(mlock_failure);
1110 ATF_TC_HEAD(mlock_failure, tc)
1111 {
1112 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1113 					"mlock(2) call");
1114 }
1115 
1116 ATF_TC_BODY(mlock_failure, tc)
1117 {
1118 	pid = getpid();
1119 	snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,failure", pid);
1120 
1121 	FILE *pipefd = setup(fds, auclass);
1122 	ATF_REQUIRE_EQ(-1, mlock((void *)(-1), -1));
1123 	check_audit(fds, pcregex, pipefd);
1124 }
1125 
1126 ATF_TC_CLEANUP(mlock_failure, tc)
1127 {
1128 	cleanup();
1129 }
1130 
1131 
1132 ATF_TC_WITH_CLEANUP(munlock_success);
1133 ATF_TC_HEAD(munlock_success, tc)
1134 {
1135 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1136 					"munlock(2) call");
1137 }
1138 
1139 ATF_TC_BODY(munlock_success, tc)
1140 {
1141 	pid = getpid();
1142 	snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,success", pid);
1143 
1144 	FILE *pipefd = setup(fds, auclass);
1145 	ATF_REQUIRE_EQ(0, munlock(NULL, 0));
1146 	check_audit(fds, pcregex, pipefd);
1147 }
1148 
1149 ATF_TC_CLEANUP(munlock_success, tc)
1150 {
1151 	cleanup();
1152 }
1153 
1154 
1155 ATF_TC_WITH_CLEANUP(munlock_failure);
1156 ATF_TC_HEAD(munlock_failure, tc)
1157 {
1158 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1159 					"munlock(2) call");
1160 }
1161 
1162 ATF_TC_BODY(munlock_failure, tc)
1163 {
1164 	pid = getpid();
1165 	snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,failure", pid);
1166 
1167 	FILE *pipefd = setup(fds, auclass);
1168 	ATF_REQUIRE_EQ(-1, munlock((void *)(-1), -1));
1169 	check_audit(fds, pcregex, pipefd);
1170 }
1171 
1172 ATF_TC_CLEANUP(munlock_failure, tc)
1173 {
1174 	cleanup();
1175 }
1176 
1177 
1178 ATF_TC_WITH_CLEANUP(minherit_success);
1179 ATF_TC_HEAD(minherit_success, tc)
1180 {
1181 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1182 					"minherit(2) call");
1183 }
1184 
1185 ATF_TC_BODY(minherit_success, tc)
1186 {
1187 	pid = getpid();
1188 	snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,success", pid);
1189 
1190 	FILE *pipefd = setup(fds, auclass);
1191 	ATF_REQUIRE_EQ(0, minherit(NULL, 0, INHERIT_ZERO));
1192 	check_audit(fds, pcregex, pipefd);
1193 }
1194 
1195 ATF_TC_CLEANUP(minherit_success, tc)
1196 {
1197 	cleanup();
1198 }
1199 
1200 
1201 ATF_TC_WITH_CLEANUP(minherit_failure);
1202 ATF_TC_HEAD(minherit_failure, tc)
1203 {
1204 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1205 					"minherit(2) call");
1206 }
1207 
1208 ATF_TC_BODY(minherit_failure, tc)
1209 {
1210 	pid = getpid();
1211 	snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,failure", pid);
1212 
1213 	FILE *pipefd = setup(fds, auclass);
1214 	ATF_REQUIRE_EQ(-1, minherit((void *)(-1), -1, 0));
1215 	check_audit(fds, pcregex, pipefd);
1216 }
1217 
1218 ATF_TC_CLEANUP(minherit_failure, tc)
1219 {
1220 	cleanup();
1221 }
1222 
1223 
1224 ATF_TC_WITH_CLEANUP(setlogin_success);
1225 ATF_TC_HEAD(setlogin_success, tc)
1226 {
1227 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1228 					"setlogin(2) call");
1229 }
1230 
1231 ATF_TC_BODY(setlogin_success, tc)
1232 {
1233 	char *name;
1234 	pid = getpid();
1235 	snprintf(pcregex, sizeof(pcregex), "setlogin.*%d.*return,success", pid);
1236 
1237 	/* Retrieve the current user's login name to be used with setlogin(2) */
1238 	ATF_REQUIRE((name = getlogin()) != NULL);
1239 	FILE *pipefd = setup(fds, auclass);
1240 	ATF_REQUIRE_EQ(0, setlogin(name));
1241 	check_audit(fds, pcregex, pipefd);
1242 }
1243 
1244 ATF_TC_CLEANUP(setlogin_success, tc)
1245 {
1246 	cleanup();
1247 }
1248 
1249 
1250 ATF_TC_WITH_CLEANUP(setlogin_failure);
1251 ATF_TC_HEAD(setlogin_failure, tc)
1252 {
1253 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1254 					"setlogin(2) call");
1255 }
1256 
1257 ATF_TC_BODY(setlogin_failure, tc)
1258 {
1259 	pid = getpid();
1260 	snprintf(pcregex, sizeof(pcregex), "setlogin.*%d.*return,failure", pid);
1261 
1262 	FILE *pipefd = setup(fds, auclass);
1263 	ATF_REQUIRE_EQ(-1, setlogin(NULL));
1264 	check_audit(fds, pcregex, pipefd);
1265 }
1266 
1267 ATF_TC_CLEANUP(setlogin_failure, tc)
1268 {
1269 	cleanup();
1270 }
1271 
1272 
1273 ATF_TC_WITH_CLEANUP(rtprio_success);
1274 ATF_TC_HEAD(rtprio_success, tc)
1275 {
1276 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1277 					"rtprio(2) call");
1278 }
1279 
1280 ATF_TC_BODY(rtprio_success, tc)
1281 {
1282 	struct rtprio rtp;
1283 	pid = getpid();
1284 	snprintf(pcregex, sizeof(pcregex), "rtprio.*%d.*return,success", pid);
1285 
1286 	FILE *pipefd = setup(fds, auclass);
1287 	ATF_REQUIRE_EQ(0, rtprio(RTP_LOOKUP, 0, &rtp));
1288 	check_audit(fds, pcregex, pipefd);
1289 }
1290 
1291 ATF_TC_CLEANUP(rtprio_success, tc)
1292 {
1293 	cleanup();
1294 }
1295 
1296 
1297 ATF_TC_WITH_CLEANUP(rtprio_failure);
1298 ATF_TC_HEAD(rtprio_failure, tc)
1299 {
1300 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1301 					"rtprio(2) call");
1302 }
1303 
1304 ATF_TC_BODY(rtprio_failure, tc)
1305 {
1306 	pid = getpid();
1307 	snprintf(pcregex, sizeof(pcregex), "rtprio.*%d.*return,failure", pid);
1308 
1309 	FILE *pipefd = setup(fds, auclass);
1310 	ATF_REQUIRE_EQ(-1, rtprio(-1, -1, NULL));
1311 	check_audit(fds, pcregex, pipefd);
1312 }
1313 
1314 ATF_TC_CLEANUP(rtprio_failure, tc)
1315 {
1316 	cleanup();
1317 }
1318 
1319 
1320 ATF_TC_WITH_CLEANUP(profil_success);
1321 ATF_TC_HEAD(profil_success, tc)
1322 {
1323 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1324 					"profil(2) call");
1325 }
1326 
1327 ATF_TC_BODY(profil_success, tc)
1328 {
1329 	pid = getpid();
1330 	snprintf(pcregex, sizeof(pcregex), "profil.*%d.*return,success", pid);
1331 
1332 	char samples[20];
1333 	FILE *pipefd = setup(fds, auclass);
1334 	/* Set scale argument as 0 to disable profiling of current process */
1335 	ATF_REQUIRE_EQ(0, profil(samples, sizeof(samples), 0, 0));
1336 	check_audit(fds, pcregex, pipefd);
1337 }
1338 
1339 ATF_TC_CLEANUP(profil_success, tc)
1340 {
1341 	cleanup();
1342 }
1343 
1344 
1345 ATF_TC_WITH_CLEANUP(profil_failure);
1346 ATF_TC_HEAD(profil_failure, tc)
1347 {
1348 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1349 					"profil(2) call");
1350 }
1351 
1352 ATF_TC_BODY(profil_failure, tc)
1353 {
1354 	pid = getpid();
1355 	snprintf(pcregex, sizeof(pcregex), "profil.*%d.*return,failure", pid);
1356 
1357 	FILE *pipefd = setup(fds, auclass);
1358 	ATF_REQUIRE_EQ(-1, profil((char *)(SIZE_MAX), -1, -1, -1));
1359 	check_audit(fds, pcregex, pipefd);
1360 }
1361 
1362 ATF_TC_CLEANUP(profil_failure, tc)
1363 {
1364 	cleanup();
1365 }
1366 
1367 
1368 ATF_TC_WITH_CLEANUP(ptrace_success);
1369 ATF_TC_HEAD(ptrace_success, tc)
1370 {
1371 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1372 					"ptrace(2) call");
1373 }
1374 
1375 ATF_TC_BODY(ptrace_success, tc)
1376 {
1377 	pid = getpid();
1378 	snprintf(pcregex, sizeof(pcregex), "ptrace.*%d.*return,success", pid);
1379 
1380 	FILE *pipefd = setup(fds, auclass);
1381 	ATF_REQUIRE_EQ(0, ptrace(PT_TRACE_ME, 0, NULL, 0));
1382 	check_audit(fds, pcregex, pipefd);
1383 }
1384 
1385 ATF_TC_CLEANUP(ptrace_success, tc)
1386 {
1387 	cleanup();
1388 }
1389 
1390 
1391 ATF_TC_WITH_CLEANUP(ptrace_failure);
1392 ATF_TC_HEAD(ptrace_failure, tc)
1393 {
1394 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1395 					"ptrace(2) call");
1396 }
1397 
1398 ATF_TC_BODY(ptrace_failure, tc)
1399 {
1400 	pid = getpid();
1401 	snprintf(pcregex, sizeof(pcregex), "ptrace.*%d.*return,failure", pid);
1402 
1403 	FILE *pipefd = setup(fds, auclass);
1404 	ATF_REQUIRE_EQ(-1, ptrace(-1, 0, NULL, 0));
1405 	check_audit(fds, pcregex, pipefd);
1406 }
1407 
1408 ATF_TC_CLEANUP(ptrace_failure, tc)
1409 {
1410 	cleanup();
1411 }
1412 
1413 
1414 ATF_TC_WITH_CLEANUP(ktrace_success);
1415 ATF_TC_HEAD(ktrace_success, tc)
1416 {
1417 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1418 					"ktrace(2) call");
1419 }
1420 
1421 ATF_TC_BODY(ktrace_success, tc)
1422 {
1423 	pid = getpid();
1424 	snprintf(pcregex, sizeof(pcregex), "ktrace.*%d.*return,success", pid);
1425 
1426 	FILE *pipefd = setup(fds, auclass);
1427 	ATF_REQUIRE_EQ(0, ktrace(NULL, KTROP_CLEAR, KTRFAC_SYSCALL, pid));
1428 	check_audit(fds, pcregex, pipefd);
1429 }
1430 
1431 ATF_TC_CLEANUP(ktrace_success, tc)
1432 {
1433 	cleanup();
1434 }
1435 
1436 
1437 ATF_TC_WITH_CLEANUP(ktrace_failure);
1438 ATF_TC_HEAD(ktrace_failure, tc)
1439 {
1440 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1441 					"ktrace(2) call");
1442 }
1443 
1444 ATF_TC_BODY(ktrace_failure, tc)
1445 {
1446 	pid = getpid();
1447 	snprintf(pcregex, sizeof(pcregex), "ktrace.*%d.*return,failure", pid);
1448 
1449 	FILE *pipefd = setup(fds, auclass);
1450 	ATF_REQUIRE_EQ(-1, ktrace(NULL, -1, -1, 0));
1451 	check_audit(fds, pcregex, pipefd);
1452 }
1453 
1454 ATF_TC_CLEANUP(ktrace_failure, tc)
1455 {
1456 	cleanup();
1457 }
1458 
1459 
1460 ATF_TC_WITH_CLEANUP(procctl_success);
1461 ATF_TC_HEAD(procctl_success, tc)
1462 {
1463 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1464 					"procctl(2) call");
1465 }
1466 
1467 ATF_TC_BODY(procctl_success, tc)
1468 {
1469 	pid = getpid();
1470 	snprintf(pcregex, sizeof(pcregex), "procctl.*%d.*return,success", pid);
1471 
1472 	struct procctl_reaper_status reapstat;
1473 	FILE *pipefd = setup(fds, auclass);
1474 	/* Retrieve information about the reaper of current process (pid) */
1475 	ATF_REQUIRE_EQ(0, procctl(P_PID, pid, PROC_REAP_STATUS, &reapstat));
1476 	check_audit(fds, pcregex, pipefd);
1477 }
1478 
1479 ATF_TC_CLEANUP(procctl_success, tc)
1480 {
1481 	cleanup();
1482 }
1483 
1484 
1485 ATF_TC_WITH_CLEANUP(procctl_failure);
1486 ATF_TC_HEAD(procctl_failure, tc)
1487 {
1488 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1489 					"procctl(2) call");
1490 }
1491 
1492 ATF_TC_BODY(procctl_failure, tc)
1493 {
1494 	pid = getpid();
1495 	snprintf(pcregex, sizeof(pcregex), "procctl.*%d.*return,failure", pid);
1496 
1497 	FILE *pipefd = setup(fds, auclass);
1498 	ATF_REQUIRE_EQ(-1, procctl(-1, -1, -1, NULL));
1499 	check_audit(fds, pcregex, pipefd);
1500 }
1501 
1502 ATF_TC_CLEANUP(procctl_failure, tc)
1503 {
1504 	cleanup();
1505 }
1506 
1507 
1508 ATF_TC_WITH_CLEANUP(cap_enter_success);
1509 ATF_TC_HEAD(cap_enter_success, tc)
1510 {
1511 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1512 					"cap_enter(2) call");
1513 }
1514 
1515 ATF_TC_BODY(cap_enter_success, tc)
1516 {
1517 	ATF_REQUIRE_FEATURE("security_capability_mode");
1518 
1519 	FILE *pipefd = setup(fds, auclass);
1520 	ATF_REQUIRE((pid = fork()) != -1);
1521 	if (pid) {
1522 		snprintf(pcregex, sizeof(pcregex),
1523 			"cap_enter.*%d.*return,success", pid);
1524 		ATF_REQUIRE(wait(&status) != -1);
1525 		check_audit(fds, pcregex, pipefd);
1526 	}
1527 	else {
1528 		ATF_REQUIRE_EQ(0, cap_enter());
1529 		_exit(0);
1530 	}
1531 }
1532 
1533 ATF_TC_CLEANUP(cap_enter_success, tc)
1534 {
1535 	cleanup();
1536 }
1537 
1538 
1539 ATF_TC_WITH_CLEANUP(cap_getmode_success);
1540 ATF_TC_HEAD(cap_getmode_success, tc)
1541 {
1542 	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1543 					"cap_getmode(2) call");
1544 }
1545 
1546 ATF_TC_BODY(cap_getmode_success, tc)
1547 {
1548 	int modep;
1549 
1550 	ATF_REQUIRE_FEATURE("security_capability_mode");
1551 
1552 	pid = getpid();
1553 	snprintf(pcregex, sizeof(pcregex), "cap_getmode.*%d.*success", pid);
1554 
1555 	FILE *pipefd = setup(fds, auclass);
1556 	ATF_REQUIRE_EQ(0, cap_getmode(&modep));
1557 	check_audit(fds, pcregex, pipefd);
1558 }
1559 
1560 ATF_TC_CLEANUP(cap_getmode_success, tc)
1561 {
1562 	cleanup();
1563 }
1564 
1565 
1566 ATF_TC_WITH_CLEANUP(cap_getmode_failure);
1567 ATF_TC_HEAD(cap_getmode_failure, tc)
1568 {
1569 	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1570 					"cap_getmode(2) call");
1571 }
1572 
1573 ATF_TC_BODY(cap_getmode_failure, tc)
1574 {
1575 	pid = getpid();
1576 	snprintf(pcregex, sizeof(pcregex), "cap_getmode.*%d.*failure", pid);
1577 
1578 	FILE *pipefd = setup(fds, auclass);
1579 	/* cap_getmode(2) can either fail with EFAULT or ENOSYS */
1580 	ATF_REQUIRE_EQ(-1, cap_getmode(NULL));
1581 	check_audit(fds, pcregex, pipefd);
1582 }
1583 
1584 ATF_TC_CLEANUP(cap_getmode_failure, tc)
1585 {
1586 	cleanup();
1587 }
1588 
1589 
1590 ATF_TP_ADD_TCS(tp)
1591 {
1592 	ATF_TP_ADD_TC(tp, fork_success);
1593 	ATF_TP_ADD_TC(tp, _exit_success);
1594 	ATF_TP_ADD_TC(tp, rfork_success);
1595 	ATF_TP_ADD_TC(tp, rfork_failure);
1596 
1597 	ATF_TP_ADD_TC(tp, wait4_success);
1598 	ATF_TP_ADD_TC(tp, wait4_failure);
1599 	ATF_TP_ADD_TC(tp, wait6_success);
1600 	ATF_TP_ADD_TC(tp, wait6_failure);
1601 	ATF_TP_ADD_TC(tp, kill_success);
1602 	ATF_TP_ADD_TC(tp, kill_failure);
1603 
1604 	ATF_TP_ADD_TC(tp, chdir_success);
1605 	ATF_TP_ADD_TC(tp, chdir_failure);
1606 	ATF_TP_ADD_TC(tp, fchdir_success);
1607 	ATF_TP_ADD_TC(tp, fchdir_failure);
1608 	ATF_TP_ADD_TC(tp, chroot_success);
1609 	ATF_TP_ADD_TC(tp, chroot_failure);
1610 
1611 	ATF_TP_ADD_TC(tp, umask_success);
1612 	ATF_TP_ADD_TC(tp, setuid_success);
1613 	ATF_TP_ADD_TC(tp, seteuid_success);
1614 	ATF_TP_ADD_TC(tp, setgid_success);
1615 	ATF_TP_ADD_TC(tp, setegid_success);
1616 
1617 	ATF_TP_ADD_TC(tp, setreuid_success);
1618 	ATF_TP_ADD_TC(tp, setregid_success);
1619 	ATF_TP_ADD_TC(tp, setresuid_success);
1620 	ATF_TP_ADD_TC(tp, setresgid_success);
1621 
1622 	ATF_TP_ADD_TC(tp, getresuid_success);
1623 	ATF_TP_ADD_TC(tp, getresuid_failure);
1624 	ATF_TP_ADD_TC(tp, getresgid_success);
1625 	ATF_TP_ADD_TC(tp, getresgid_failure);
1626 
1627 	ATF_TP_ADD_TC(tp, setpriority_success);
1628 	ATF_TP_ADD_TC(tp, setpriority_failure);
1629 	ATF_TP_ADD_TC(tp, setgroups_success);
1630 	ATF_TP_ADD_TC(tp, setgroups_failure);
1631 	ATF_TP_ADD_TC(tp, setpgrp_success);
1632 	ATF_TP_ADD_TC(tp, setpgrp_failure);
1633 	ATF_TP_ADD_TC(tp, setsid_success);
1634 	ATF_TP_ADD_TC(tp, setsid_failure);
1635 	ATF_TP_ADD_TC(tp, setrlimit_success);
1636 	ATF_TP_ADD_TC(tp, setrlimit_failure);
1637 
1638 	ATF_TP_ADD_TC(tp, mlock_success);
1639 	ATF_TP_ADD_TC(tp, mlock_failure);
1640 	ATF_TP_ADD_TC(tp, munlock_success);
1641 	ATF_TP_ADD_TC(tp, munlock_failure);
1642 	ATF_TP_ADD_TC(tp, minherit_success);
1643 	ATF_TP_ADD_TC(tp, minherit_failure);
1644 
1645 	ATF_TP_ADD_TC(tp, setlogin_success);
1646 	ATF_TP_ADD_TC(tp, setlogin_failure);
1647 	ATF_TP_ADD_TC(tp, rtprio_success);
1648 	ATF_TP_ADD_TC(tp, rtprio_failure);
1649 
1650 	ATF_TP_ADD_TC(tp, profil_success);
1651 	ATF_TP_ADD_TC(tp, profil_failure);
1652 	ATF_TP_ADD_TC(tp, ptrace_success);
1653 	ATF_TP_ADD_TC(tp, ptrace_failure);
1654 	ATF_TP_ADD_TC(tp, ktrace_success);
1655 	ATF_TP_ADD_TC(tp, ktrace_failure);
1656 	ATF_TP_ADD_TC(tp, procctl_success);
1657 	ATF_TP_ADD_TC(tp, procctl_failure);
1658 
1659 	ATF_TP_ADD_TC(tp, cap_enter_success);
1660 	ATF_TP_ADD_TC(tp, cap_getmode_success);
1661 	ATF_TP_ADD_TC(tp, cap_getmode_failure);
1662 
1663 	return (atf_no_error());
1664 }
1665