1/*- 2 * Copyright (c) 2018 Aniket Pandey 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * SUCH DAMAGE. 24 * 25 * $FreeBSD$ 26 */ 27 28#include <sys/param.h> 29#include <sys/capsicum.h> 30#include <sys/uio.h> 31#include <sys/ktrace.h> 32#include <sys/mman.h> 33#include <sys/procctl.h> 34#include <sys/ptrace.h> 35#include <sys/resource.h> 36#include <sys/rtprio.h> 37#include <sys/stat.h> 38#include <sys/sysctl.h> 39#include <sys/time.h> 40#include <sys/wait.h> 41 42#include <atf-c.h> 43#include <fcntl.h> 44#include <signal.h> 45#include <stdint.h> 46#include <stdlib.h> 47#include <unistd.h> 48 49#include "utils.h" 50 51static pid_t pid; 52static int filedesc, status; 53static struct pollfd fds[1]; 54static char pcregex[80]; 55static const char *auclass = "pc"; 56 57 58ATF_TC_WITH_CLEANUP(fork_success); 59ATF_TC_HEAD(fork_success, tc) 60{ 61 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 62 "fork(2) call"); 63} 64 65ATF_TC_BODY(fork_success, tc) 66{ 67 pid = getpid(); 68 snprintf(pcregex, sizeof(pcregex), "fork.*%d.*return,success", pid); 69 70 FILE *pipefd = setup(fds, auclass); 71 /* Check if fork(2) succeded. If so, exit from the child process */ 72 ATF_REQUIRE((pid = fork()) != -1); 73 if (pid) 74 check_audit(fds, pcregex, pipefd); 75 else 76 _exit(0); 77} 78 79ATF_TC_CLEANUP(fork_success, tc) 80{ 81 cleanup(); 82} 83 84/* 85 * No fork(2) in failure mode since possibilities for failure are only when 86 * user is not privileged or when the number of processes exceed KERN_MAXPROC. 87 */ 88 89 90ATF_TC_WITH_CLEANUP(_exit_success); 91ATF_TC_HEAD(_exit_success, tc) 92{ 93 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 94 "_exit(2) call"); 95} 96 97ATF_TC_BODY(_exit_success, tc) 98{ 99 FILE *pipefd = setup(fds, auclass); 100 ATF_REQUIRE((pid = fork()) != -1); 101 if (pid) { 102 snprintf(pcregex, sizeof(pcregex), "exit.*%d.*success", pid); 103 check_audit(fds, pcregex, pipefd); 104 } 105 else 106 _exit(0); 107} 108 109ATF_TC_CLEANUP(_exit_success, tc) 110{ 111 cleanup(); 112} 113 114/* 115 * _exit(2) never returns, hence the auditing by default is always successful 116 */ 117 118 119ATF_TC_WITH_CLEANUP(rfork_success); 120ATF_TC_HEAD(rfork_success, tc) 121{ 122 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 123 "rfork(2) call"); 124} 125 126ATF_TC_BODY(rfork_success, tc) 127{ 128 pid = getpid(); 129 snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,success", pid); 130 131 FILE *pipefd = setup(fds, auclass); 132 ATF_REQUIRE((pid = rfork(RFPROC)) != -1); 133 if (pid) 134 check_audit(fds, pcregex, pipefd); 135 else 136 _exit(0); 137} 138 139ATF_TC_CLEANUP(rfork_success, tc) 140{ 141 cleanup(); 142} 143 144 145ATF_TC_WITH_CLEANUP(rfork_failure); 146ATF_TC_HEAD(rfork_failure, tc) 147{ 148 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 149 "rfork(2) call"); 150} 151 152ATF_TC_BODY(rfork_failure, tc) 153{ 154 pid = getpid(); 155 snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,failure", pid); 156 157 FILE *pipefd = setup(fds, auclass); 158 /* Failure reason: Invalid argument */ 159 ATF_REQUIRE_EQ(-1, rfork(-1)); 160 check_audit(fds, pcregex, pipefd); 161} 162 163ATF_TC_CLEANUP(rfork_failure, tc) 164{ 165 cleanup(); 166} 167 168 169ATF_TC_WITH_CLEANUP(wait4_success); 170ATF_TC_HEAD(wait4_success, tc) 171{ 172 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 173 "wait4(2) call"); 174} 175 176ATF_TC_BODY(wait4_success, tc) 177{ 178 pid = getpid(); 179 snprintf(pcregex, sizeof(pcregex), "wait4.*%d.*return,success", pid); 180 181 ATF_REQUIRE((pid = fork()) != -1); 182 if (pid) { 183 FILE *pipefd = setup(fds, auclass); 184 /* wpid = -1 : Wait for any child process */ 185 ATF_REQUIRE(wait4(-1, &status, 0, NULL) != -1); 186 check_audit(fds, pcregex, pipefd); 187 } 188 else 189 _exit(0); 190} 191 192ATF_TC_CLEANUP(wait4_success, tc) 193{ 194 cleanup(); 195} 196 197 198ATF_TC_WITH_CLEANUP(wait4_failure); 199ATF_TC_HEAD(wait4_failure, tc) 200{ 201 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 202 "wait4(2) call"); 203} 204 205ATF_TC_BODY(wait4_failure, tc) 206{ 207 pid = getpid(); 208 snprintf(pcregex, sizeof(pcregex), "wait4.*%d.*return,failure", pid); 209 210 FILE *pipefd = setup(fds, auclass); 211 /* Failure reason: No child process to wait for */ 212 ATF_REQUIRE_EQ(-1, wait4(-1, NULL, 0, NULL)); 213 check_audit(fds, pcregex, pipefd); 214} 215 216ATF_TC_CLEANUP(wait4_failure, tc) 217{ 218 cleanup(); 219} 220 221 222ATF_TC_WITH_CLEANUP(wait6_success); 223ATF_TC_HEAD(wait6_success, tc) 224{ 225 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 226 "wait6(2) call"); 227} 228 229ATF_TC_BODY(wait6_success, tc) 230{ 231 pid = getpid(); 232 snprintf(pcregex, sizeof(pcregex), "wait6.*%d.*return,success", pid); 233 234 ATF_REQUIRE((pid = fork()) != -1); 235 if (pid) { 236 FILE *pipefd = setup(fds, auclass); 237 ATF_REQUIRE(wait6(P_ALL, 0, &status, WEXITED, NULL,NULL) != -1); 238 check_audit(fds, pcregex, pipefd); 239 } 240 else 241 _exit(0); 242} 243 244ATF_TC_CLEANUP(wait6_success, tc) 245{ 246 cleanup(); 247} 248 249 250ATF_TC_WITH_CLEANUP(wait6_failure); 251ATF_TC_HEAD(wait6_failure, tc) 252{ 253 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 254 "wait6(2) call"); 255} 256 257ATF_TC_BODY(wait6_failure, tc) 258{ 259 pid = getpid(); 260 snprintf(pcregex, sizeof(pcregex), "wait6.*%d.*return,failure", pid); 261 262 FILE *pipefd = setup(fds, auclass); 263 /* Failure reason: Invalid argument */ 264 ATF_REQUIRE_EQ(-1, wait6(0, 0, NULL, 0, NULL, NULL)); 265 check_audit(fds, pcregex, pipefd); 266} 267 268ATF_TC_CLEANUP(wait6_failure, tc) 269{ 270 cleanup(); 271} 272 273 274ATF_TC_WITH_CLEANUP(kill_success); 275ATF_TC_HEAD(kill_success, tc) 276{ 277 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 278 "kill(2) call"); 279} 280 281ATF_TC_BODY(kill_success, tc) 282{ 283 pid = getpid(); 284 snprintf(pcregex, sizeof(pcregex), "kill.*%d.*return,success", pid); 285 286 FILE *pipefd = setup(fds, auclass); 287 /* Don't send any signal to anyone, live in peace! */ 288 ATF_REQUIRE_EQ(0, kill(0, 0)); 289 check_audit(fds, pcregex, pipefd); 290} 291 292ATF_TC_CLEANUP(kill_success, tc) 293{ 294 cleanup(); 295} 296 297 298ATF_TC_WITH_CLEANUP(kill_failure); 299ATF_TC_HEAD(kill_failure, tc) 300{ 301 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 302 "kill(2) call"); 303} 304 305ATF_TC_BODY(kill_failure, tc) 306{ 307 pid = getpid(); 308 snprintf(pcregex, sizeof(pcregex), "kill.*%d.*return,failure", pid); 309 310 FILE *pipefd = setup(fds, auclass); 311 /* 312 * Failure reason: Non existent process with PID '-2' 313 * Note: '-1' is not used as it means sending no signal to 314 * all non-system processes: A successful invocation 315 */ 316 ATF_REQUIRE_EQ(-1, kill(0, -2)); 317 check_audit(fds, pcregex, pipefd); 318} 319 320ATF_TC_CLEANUP(kill_failure, tc) 321{ 322 cleanup(); 323} 324 325 326ATF_TC_WITH_CLEANUP(chdir_success); 327ATF_TC_HEAD(chdir_success, tc) 328{ 329 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 330 "chdir(2) call"); 331} 332 333ATF_TC_BODY(chdir_success, tc) 334{ 335 pid = getpid(); 336 snprintf(pcregex, sizeof(pcregex), "chdir.*/.*%d.*return,success", pid); 337 338 FILE *pipefd = setup(fds, auclass); 339 ATF_REQUIRE_EQ(0, chdir("/")); 340 check_audit(fds, pcregex, pipefd); 341} 342 343ATF_TC_CLEANUP(chdir_success, tc) 344{ 345 cleanup(); 346} 347 348 349ATF_TC_WITH_CLEANUP(chdir_failure); 350ATF_TC_HEAD(chdir_failure, tc) 351{ 352 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 353 "chdir(2) call"); 354} 355 356ATF_TC_BODY(chdir_failure, tc) 357{ 358 pid = getpid(); 359 snprintf(pcregex, sizeof(pcregex), "chdir.*%d.*return,failure", pid); 360 361 FILE *pipefd = setup(fds, auclass); 362 /* Failure reason: Bad address */ 363 ATF_REQUIRE_EQ(-1, chdir(NULL)); 364 check_audit(fds, pcregex, pipefd); 365} 366 367ATF_TC_CLEANUP(chdir_failure, tc) 368{ 369 cleanup(); 370} 371 372 373ATF_TC_WITH_CLEANUP(fchdir_success); 374ATF_TC_HEAD(fchdir_success, tc) 375{ 376 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 377 "fchdir(2) call"); 378} 379 380ATF_TC_BODY(fchdir_success, tc) 381{ 382 /* Build an absolute path to the test-case directory */ 383 char dirpath[50]; 384 ATF_REQUIRE(getcwd(dirpath, sizeof(dirpath)) != NULL); 385 ATF_REQUIRE((filedesc = open(dirpath, O_RDONLY)) != -1); 386 387 /* Audit record generated by fchdir(2) does not contain filedesc */ 388 pid = getpid(); 389 snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,success", pid); 390 391 FILE *pipefd = setup(fds, auclass); 392 ATF_REQUIRE_EQ(0, fchdir(filedesc)); 393 check_audit(fds, pcregex, pipefd); 394 close(filedesc); 395} 396 397ATF_TC_CLEANUP(fchdir_success, tc) 398{ 399 cleanup(); 400} 401 402 403ATF_TC_WITH_CLEANUP(fchdir_failure); 404ATF_TC_HEAD(fchdir_failure, tc) 405{ 406 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 407 "fchdir(2) call"); 408} 409 410ATF_TC_BODY(fchdir_failure, tc) 411{ 412 pid = getpid(); 413 snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,failure", pid); 414 415 FILE *pipefd = setup(fds, auclass); 416 /* Failure reason: Bad directory address */ 417 ATF_REQUIRE_EQ(-1, fchdir(-1)); 418 check_audit(fds, pcregex, pipefd); 419} 420 421ATF_TC_CLEANUP(fchdir_failure, tc) 422{ 423 cleanup(); 424} 425 426 427ATF_TC_WITH_CLEANUP(chroot_success); 428ATF_TC_HEAD(chroot_success, tc) 429{ 430 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 431 "chroot(2) call"); 432} 433 434ATF_TC_BODY(chroot_success, tc) 435{ 436 pid = getpid(); 437 snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,success", pid); 438 439 FILE *pipefd = setup(fds, auclass); 440 /* We don't want to change the root directory, hence '/' */ 441 ATF_REQUIRE_EQ(0, chroot("/")); 442 check_audit(fds, pcregex, pipefd); 443} 444 445ATF_TC_CLEANUP(chroot_success, tc) 446{ 447 cleanup(); 448} 449 450 451ATF_TC_WITH_CLEANUP(chroot_failure); 452ATF_TC_HEAD(chroot_failure, tc) 453{ 454 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 455 "chroot(2) call"); 456} 457 458ATF_TC_BODY(chroot_failure, tc) 459{ 460 pid = getpid(); 461 snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,failure", pid); 462 463 FILE *pipefd = setup(fds, auclass); 464 ATF_REQUIRE_EQ(-1, chroot(NULL)); 465 check_audit(fds, pcregex, pipefd); 466} 467 468ATF_TC_CLEANUP(chroot_failure, tc) 469{ 470 cleanup(); 471} 472 473 474ATF_TC_WITH_CLEANUP(umask_success); 475ATF_TC_HEAD(umask_success, tc) 476{ 477 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 478 "umask(2) call"); 479} 480 481ATF_TC_BODY(umask_success, tc) 482{ 483 pid = getpid(); 484 snprintf(pcregex, sizeof(pcregex), "umask.*%d.*return,success", pid); 485 486 FILE *pipefd = setup(fds, auclass); 487 umask(0); 488 check_audit(fds, pcregex, pipefd); 489} 490 491ATF_TC_CLEANUP(umask_success, tc) 492{ 493 cleanup(); 494} 495 496/* 497 * umask(2) system call never fails. Hence, no test case for failure mode 498 */ 499 500 501ATF_TC_WITH_CLEANUP(setuid_success); 502ATF_TC_HEAD(setuid_success, tc) 503{ 504 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 505 "setuid(2) call"); 506} 507 508ATF_TC_BODY(setuid_success, tc) 509{ 510 pid = getpid(); 511 snprintf(pcregex, sizeof(pcregex), "setuid.*%d.*return,success", pid); 512 513 FILE *pipefd = setup(fds, auclass); 514 /* Since we're privileged, we'll let ourselves be privileged! */ 515 ATF_REQUIRE_EQ(0, setuid(0)); 516 check_audit(fds, pcregex, pipefd); 517} 518 519ATF_TC_CLEANUP(setuid_success, tc) 520{ 521 cleanup(); 522} 523 524/* 525 * setuid(2) fails only when the current user is not root. So no test case for 526 * failure mode since the required_user="root" 527 */ 528 529 530ATF_TC_WITH_CLEANUP(seteuid_success); 531ATF_TC_HEAD(seteuid_success, tc) 532{ 533 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 534 "seteuid(2) call"); 535} 536 537ATF_TC_BODY(seteuid_success, tc) 538{ 539 pid = getpid(); 540 snprintf(pcregex, sizeof(pcregex), "seteuid.*%d.*return,success", pid); 541 542 FILE *pipefd = setup(fds, auclass); 543 /* This time, we'll let ourselves be 'effectively' privileged! */ 544 ATF_REQUIRE_EQ(0, seteuid(0)); 545 check_audit(fds, pcregex, pipefd); 546} 547 548ATF_TC_CLEANUP(seteuid_success, tc) 549{ 550 cleanup(); 551} 552 553/* 554 * seteuid(2) fails only when the current user is not root. So no test case for 555 * failure mode since the required_user="root" 556 */ 557 558 559ATF_TC_WITH_CLEANUP(setgid_success); 560ATF_TC_HEAD(setgid_success, tc) 561{ 562 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 563 "setgid(2) call"); 564} 565 566ATF_TC_BODY(setgid_success, tc) 567{ 568 pid = getpid(); 569 snprintf(pcregex, sizeof(pcregex), "setgid.*%d.*return,success", pid); 570 571 FILE *pipefd = setup(fds, auclass); 572 ATF_REQUIRE_EQ(0, setgid(0)); 573 check_audit(fds, pcregex, pipefd); 574} 575 576ATF_TC_CLEANUP(setgid_success, tc) 577{ 578 cleanup(); 579} 580 581/* 582 * setgid(2) fails only when the current user is not root. So no test case for 583 * failure mode since the required_user="root" 584 */ 585 586 587ATF_TC_WITH_CLEANUP(setegid_success); 588ATF_TC_HEAD(setegid_success, tc) 589{ 590 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 591 "setegid(2) call"); 592} 593 594ATF_TC_BODY(setegid_success, tc) 595{ 596 pid = getpid(); 597 snprintf(pcregex, sizeof(pcregex), "setegid.*%d.*return,success", pid); 598 599 FILE *pipefd = setup(fds, auclass); 600 ATF_REQUIRE_EQ(0, setegid(0)); 601 check_audit(fds, pcregex, pipefd); 602} 603 604ATF_TC_CLEANUP(setegid_success, tc) 605{ 606 cleanup(); 607} 608 609/* 610 * setegid(2) fails only when the current user is not root. So no test case for 611 * failure mode since the required_user="root" 612 */ 613 614 615ATF_TC_WITH_CLEANUP(setregid_success); 616ATF_TC_HEAD(setregid_success, tc) 617{ 618 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 619 "setregid(2) call"); 620} 621 622ATF_TC_BODY(setregid_success, tc) 623{ 624 pid = getpid(); 625 snprintf(pcregex, sizeof(pcregex), "setregid.*%d.*return,success", pid); 626 627 FILE *pipefd = setup(fds, auclass); 628 /* setregid(-1, -1) does not change any real or effective GIDs */ 629 ATF_REQUIRE_EQ(0, setregid(-1, -1)); 630 check_audit(fds, pcregex, pipefd); 631} 632 633ATF_TC_CLEANUP(setregid_success, tc) 634{ 635 cleanup(); 636} 637 638/* 639 * setregid(2) fails only when the current user is not root. So no test case for 640 * failure mode since the required_user="root" 641 */ 642 643 644ATF_TC_WITH_CLEANUP(setreuid_success); 645ATF_TC_HEAD(setreuid_success, tc) 646{ 647 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 648 "setreuid(2) call"); 649} 650 651ATF_TC_BODY(setreuid_success, tc) 652{ 653 pid = getpid(); 654 snprintf(pcregex, sizeof(pcregex), "setreuid.*%d.*return,success", pid); 655 656 FILE *pipefd = setup(fds, auclass); 657 /* setreuid(-1, -1) does not change any real or effective UIDs */ 658 ATF_REQUIRE_EQ(0, setreuid(-1, -1)); 659 check_audit(fds, pcregex, pipefd); 660} 661 662ATF_TC_CLEANUP(setreuid_success, tc) 663{ 664 cleanup(); 665} 666 667/* 668 * setregid(2) fails only when the current user is not root. So no test case for 669 * failure mode since the required_user="root" 670 */ 671 672 673ATF_TC_WITH_CLEANUP(setresuid_success); 674ATF_TC_HEAD(setresuid_success, tc) 675{ 676 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 677 "setresuid(2) call"); 678} 679 680ATF_TC_BODY(setresuid_success, tc) 681{ 682 pid = getpid(); 683 snprintf(pcregex, sizeof(pcregex), "setresuid.*%d.*return,success", pid); 684 685 FILE *pipefd = setup(fds, auclass); 686 /* setresuid(-1, -1, -1) does not change real, effective & saved UIDs */ 687 ATF_REQUIRE_EQ(0, setresuid(-1, -1, -1)); 688 check_audit(fds, pcregex, pipefd); 689} 690 691ATF_TC_CLEANUP(setresuid_success, tc) 692{ 693 cleanup(); 694} 695 696/* 697 * setresuid(2) fails only when the current user is not root. So no test case 698 * for failure mode since the required_user="root" 699 */ 700 701 702ATF_TC_WITH_CLEANUP(setresgid_success); 703ATF_TC_HEAD(setresgid_success, tc) 704{ 705 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 706 "setresgid(2) call"); 707} 708 709ATF_TC_BODY(setresgid_success, tc) 710{ 711 pid = getpid(); 712 snprintf(pcregex, sizeof(pcregex), "setresgid.*%d.*ret.*success", pid); 713 714 FILE *pipefd = setup(fds, auclass); 715 /* setresgid(-1, -1, -1) does not change real, effective & saved GIDs */ 716 ATF_REQUIRE_EQ(0, setresgid(-1, -1, -1)); 717 check_audit(fds, pcregex, pipefd); 718} 719 720ATF_TC_CLEANUP(setresgid_success, tc) 721{ 722 cleanup(); 723} 724 725/* 726 * setresgid(2) fails only when the current user is not root. So no test case 727 * for failure mode since the required_user="root" 728 */ 729 730 731ATF_TC_WITH_CLEANUP(getresuid_success); 732ATF_TC_HEAD(getresuid_success, tc) 733{ 734 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 735 "getresuid(2) call"); 736} 737 738ATF_TC_BODY(getresuid_success, tc) 739{ 740 pid = getpid(); 741 snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*success", pid); 742 743 FILE *pipefd = setup(fds, auclass); 744 ATF_REQUIRE_EQ(0, getresuid(NULL, NULL, NULL)); 745 check_audit(fds, pcregex, pipefd); 746} 747 748ATF_TC_CLEANUP(getresuid_success, tc) 749{ 750 cleanup(); 751} 752 753 754ATF_TC_WITH_CLEANUP(getresuid_failure); 755ATF_TC_HEAD(getresuid_failure, tc) 756{ 757 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 758 "getresuid(2) call"); 759} 760 761ATF_TC_BODY(getresuid_failure, tc) 762{ 763 pid = getpid(); 764 snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*failure", pid); 765 766 FILE *pipefd = setup(fds, auclass); 767 /* Failure reason: Invalid address "-1" */ 768 ATF_REQUIRE_EQ(-1, getresuid((uid_t *)-1, NULL, NULL)); 769 check_audit(fds, pcregex, pipefd); 770} 771 772ATF_TC_CLEANUP(getresuid_failure, tc) 773{ 774 cleanup(); 775} 776 777 778ATF_TC_WITH_CLEANUP(getresgid_success); 779ATF_TC_HEAD(getresgid_success, tc) 780{ 781 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 782 "getresgid(2) call"); 783} 784 785ATF_TC_BODY(getresgid_success, tc) 786{ 787 pid = getpid(); 788 snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*success", pid); 789 790 FILE *pipefd = setup(fds, auclass); 791 ATF_REQUIRE_EQ(0, getresgid(NULL, NULL, NULL)); 792 check_audit(fds, pcregex, pipefd); 793} 794 795ATF_TC_CLEANUP(getresgid_success, tc) 796{ 797 cleanup(); 798} 799 800 801ATF_TC_WITH_CLEANUP(getresgid_failure); 802ATF_TC_HEAD(getresgid_failure, tc) 803{ 804 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 805 "getresgid(2) call"); 806} 807 808ATF_TC_BODY(getresgid_failure, tc) 809{ 810 pid = getpid(); 811 snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*failure", pid); 812 813 FILE *pipefd = setup(fds, auclass); 814 /* Failure reason: Invalid address "-1" */ 815 ATF_REQUIRE_EQ(-1, getresgid((gid_t *)-1, NULL, NULL)); 816 check_audit(fds, pcregex, pipefd); 817} 818 819ATF_TC_CLEANUP(getresgid_failure, tc) 820{ 821 cleanup(); 822} 823 824 825ATF_TC_WITH_CLEANUP(setpriority_success); 826ATF_TC_HEAD(setpriority_success, tc) 827{ 828 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 829 "setpriority(2) call"); 830} 831 832ATF_TC_BODY(setpriority_success, tc) 833{ 834 pid = getpid(); 835 snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*success", pid); 836 837 FILE *pipefd = setup(fds, auclass); 838 ATF_REQUIRE_EQ(0, setpriority(PRIO_PROCESS, 0, 0)); 839 check_audit(fds, pcregex, pipefd); 840} 841 842ATF_TC_CLEANUP(setpriority_success, tc) 843{ 844 cleanup(); 845} 846 847 848ATF_TC_WITH_CLEANUP(setpriority_failure); 849ATF_TC_HEAD(setpriority_failure, tc) 850{ 851 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 852 "setpriority(2) call"); 853} 854 855ATF_TC_BODY(setpriority_failure, tc) 856{ 857 pid = getpid(); 858 snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*failure", pid); 859 860 FILE *pipefd = setup(fds, auclass); 861 ATF_REQUIRE_EQ(-1, setpriority(-1, -1, -1)); 862 check_audit(fds, pcregex, pipefd); 863} 864 865ATF_TC_CLEANUP(setpriority_failure, tc) 866{ 867 cleanup(); 868} 869 870 871ATF_TC_WITH_CLEANUP(setgroups_success); 872ATF_TC_HEAD(setgroups_success, tc) 873{ 874 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 875 "setgroups(2) call"); 876} 877 878ATF_TC_BODY(setgroups_success, tc) 879{ 880 gid_t gids[5]; 881 pid = getpid(); 882 snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*success", pid); 883 /* Retrieve the current group access list to be used with setgroups */ 884 ATF_REQUIRE(getgroups(sizeof(gids)/sizeof(gids[0]), gids) != -1); 885 886 FILE *pipefd = setup(fds, auclass); 887 ATF_REQUIRE_EQ(0, setgroups(sizeof(gids)/sizeof(gids[0]), gids)); 888 check_audit(fds, pcregex, pipefd); 889} 890 891ATF_TC_CLEANUP(setgroups_success, tc) 892{ 893 cleanup(); 894} 895 896 897ATF_TC_WITH_CLEANUP(setgroups_failure); 898ATF_TC_HEAD(setgroups_failure, tc) 899{ 900 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 901 "setgroups(2) call"); 902} 903 904ATF_TC_BODY(setgroups_failure, tc) 905{ 906 pid = getpid(); 907 snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*failure", pid); 908 909 FILE *pipefd = setup(fds, auclass); 910 ATF_REQUIRE_EQ(-1, setgroups(-1, NULL)); 911 check_audit(fds, pcregex, pipefd); 912} 913 914ATF_TC_CLEANUP(setgroups_failure, tc) 915{ 916 cleanup(); 917} 918 919 920ATF_TC_WITH_CLEANUP(setpgrp_success); 921ATF_TC_HEAD(setpgrp_success, tc) 922{ 923 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 924 "setpgrp(2) call"); 925} 926 927ATF_TC_BODY(setpgrp_success, tc) 928{ 929 /* Main procedure is carried out from within the child process */ 930 ATF_REQUIRE((pid = fork()) != -1); 931 if (pid) { 932 ATF_REQUIRE(wait(&status) != -1); 933 } else { 934 pid = getpid(); 935 snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*success", pid); 936 937 FILE *pipefd = setup(fds, auclass); 938 ATF_REQUIRE_EQ(0, setpgrp(0, 0)); 939 check_audit(fds, pcregex, pipefd); 940 } 941} 942 943ATF_TC_CLEANUP(setpgrp_success, tc) 944{ 945 cleanup(); 946} 947 948 949ATF_TC_WITH_CLEANUP(setpgrp_failure); 950ATF_TC_HEAD(setpgrp_failure, tc) 951{ 952 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 953 "setpgrp(2) call"); 954} 955 956ATF_TC_BODY(setpgrp_failure, tc) 957{ 958 pid = getpid(); 959 snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*return,failure", pid); 960 961 FILE *pipefd = setup(fds, auclass); 962 ATF_REQUIRE_EQ(-1, setpgrp(-1, -1)); 963 check_audit(fds, pcregex, pipefd); 964} 965 966ATF_TC_CLEANUP(setpgrp_failure, tc) 967{ 968 cleanup(); 969} 970 971 972ATF_TC_WITH_CLEANUP(setsid_success); 973ATF_TC_HEAD(setsid_success, tc) 974{ 975 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 976 "setsid(2) call"); 977} 978 979ATF_TC_BODY(setsid_success, tc) 980{ 981 /* Main procedure is carried out from within the child process */ 982 ATF_REQUIRE((pid = fork()) != -1); 983 if (pid) { 984 ATF_REQUIRE(wait(&status) != -1); 985 } else { 986 pid = getpid(); 987 snprintf(pcregex, sizeof(pcregex), "setsid.*%d.*success", pid); 988 989 FILE *pipefd = setup(fds, auclass); 990 ATF_REQUIRE(setsid() != -1); 991 check_audit(fds, pcregex, pipefd); 992 } 993} 994 995ATF_TC_CLEANUP(setsid_success, tc) 996{ 997 cleanup(); 998} 999 1000 1001ATF_TC_WITH_CLEANUP(setsid_failure); 1002ATF_TC_HEAD(setsid_failure, tc) 1003{ 1004 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1005 "setsid(2) call"); 1006} 1007 1008ATF_TC_BODY(setsid_failure, tc) 1009{ 1010 pid = getpid(); 1011 snprintf(pcregex, sizeof(pcregex), "setsid.*%d.*return,failure", pid); 1012 1013 /* 1014 * Here, we are intentionally ignoring the output of the setsid() 1015 * call because it may or may not be a process leader already. But it 1016 * ensures that the next invocation of setsid() will definitely fail. 1017 */ 1018 setsid(); 1019 FILE *pipefd = setup(fds, auclass); 1020 /* 1021 * Failure reason: [EPERM] Creating a new session is not permitted 1022 * as the PID of calling process matches the PGID of a process group 1023 * created by premature setsid() call. 1024 */ 1025 ATF_REQUIRE_EQ(-1, setsid()); 1026 check_audit(fds, pcregex, pipefd); 1027} 1028 1029ATF_TC_CLEANUP(setsid_failure, tc) 1030{ 1031 cleanup(); 1032} 1033 1034 1035ATF_TC_WITH_CLEANUP(setrlimit_success); 1036ATF_TC_HEAD(setrlimit_success, tc) 1037{ 1038 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1039 "setrlimit(2) call"); 1040} 1041 1042ATF_TC_BODY(setrlimit_success, tc) 1043{ 1044 struct rlimit rlp; 1045 pid = getpid(); 1046 snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*success", pid); 1047 /* Retrieve the system resource consumption limit to be used later on */ 1048 ATF_REQUIRE_EQ(0, getrlimit(RLIMIT_FSIZE, &rlp)); 1049 1050 FILE *pipefd = setup(fds, auclass); 1051 ATF_REQUIRE_EQ(0, setrlimit(RLIMIT_FSIZE, &rlp)); 1052 check_audit(fds, pcregex, pipefd); 1053} 1054 1055ATF_TC_CLEANUP(setrlimit_success, tc) 1056{ 1057 cleanup(); 1058} 1059 1060 1061ATF_TC_WITH_CLEANUP(setrlimit_failure); 1062ATF_TC_HEAD(setrlimit_failure, tc) 1063{ 1064 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1065 "setrlimit(2) call"); 1066} 1067 1068ATF_TC_BODY(setrlimit_failure, tc) 1069{ 1070 pid = getpid(); 1071 snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*failure", pid); 1072 1073 FILE *pipefd = setup(fds, auclass); 1074 ATF_REQUIRE_EQ(-1, setrlimit(RLIMIT_FSIZE, NULL)); 1075 check_audit(fds, pcregex, pipefd); 1076} 1077 1078ATF_TC_CLEANUP(setrlimit_failure, tc) 1079{ 1080 cleanup(); 1081} 1082 1083 1084ATF_TC_WITH_CLEANUP(mlock_success); 1085ATF_TC_HEAD(mlock_success, tc) 1086{ 1087 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1088 "mlock(2) call"); 1089} 1090 1091ATF_TC_BODY(mlock_success, tc) 1092{ 1093 pid = getpid(); 1094 snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,success", pid); 1095 1096 FILE *pipefd = setup(fds, auclass); 1097 ATF_REQUIRE_EQ(0, mlock(NULL, 0)); 1098 check_audit(fds, pcregex, pipefd); 1099} 1100 1101ATF_TC_CLEANUP(mlock_success, tc) 1102{ 1103 cleanup(); 1104} 1105 1106 1107ATF_TC_WITH_CLEANUP(mlock_failure); 1108ATF_TC_HEAD(mlock_failure, tc) 1109{ 1110 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1111 "mlock(2) call"); 1112} 1113 1114ATF_TC_BODY(mlock_failure, tc) 1115{ 1116 pid = getpid(); 1117 snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,failure", pid); 1118 1119 FILE *pipefd = setup(fds, auclass); 1120 ATF_REQUIRE_EQ(-1, mlock((void *)(-1), -1)); 1121 check_audit(fds, pcregex, pipefd); 1122} 1123 1124ATF_TC_CLEANUP(mlock_failure, tc) 1125{ 1126 cleanup(); 1127} 1128 1129 1130ATF_TC_WITH_CLEANUP(munlock_success); 1131ATF_TC_HEAD(munlock_success, tc) 1132{ 1133 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1134 "munlock(2) call"); 1135} 1136 1137ATF_TC_BODY(munlock_success, tc) 1138{ 1139 pid = getpid(); 1140 snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,success", pid); 1141 1142 FILE *pipefd = setup(fds, auclass); 1143 ATF_REQUIRE_EQ(0, munlock(NULL, 0)); 1144 check_audit(fds, pcregex, pipefd); 1145} 1146 1147ATF_TC_CLEANUP(munlock_success, tc) 1148{ 1149 cleanup(); 1150} 1151 1152 1153ATF_TC_WITH_CLEANUP(munlock_failure); 1154ATF_TC_HEAD(munlock_failure, tc) 1155{ 1156 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1157 "munlock(2) call"); 1158} 1159 1160ATF_TC_BODY(munlock_failure, tc) 1161{ 1162 pid = getpid(); 1163 snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,failure", pid); 1164 1165 FILE *pipefd = setup(fds, auclass); 1166 ATF_REQUIRE_EQ(-1, munlock((void *)(-1), -1)); 1167 check_audit(fds, pcregex, pipefd); 1168} 1169 1170ATF_TC_CLEANUP(munlock_failure, tc) 1171{ 1172 cleanup(); 1173} 1174 1175 1176ATF_TC_WITH_CLEANUP(minherit_success); 1177ATF_TC_HEAD(minherit_success, tc) 1178{ 1179 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1180 "minherit(2) call"); 1181} 1182 1183ATF_TC_BODY(minherit_success, tc) 1184{ 1185 pid = getpid(); 1186 snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,success", pid); 1187 1188 FILE *pipefd = setup(fds, auclass); 1189 ATF_REQUIRE_EQ(0, minherit(NULL, 0, INHERIT_ZERO)); 1190 check_audit(fds, pcregex, pipefd); 1191} 1192 1193ATF_TC_CLEANUP(minherit_success, tc) 1194{ 1195 cleanup(); 1196} 1197 1198 1199ATF_TC_WITH_CLEANUP(minherit_failure); 1200ATF_TC_HEAD(minherit_failure, tc) 1201{ 1202 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1203 "minherit(2) call"); 1204} 1205 1206ATF_TC_BODY(minherit_failure, tc) 1207{ 1208 pid = getpid(); 1209 snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,failure", pid); 1210 1211 FILE *pipefd = setup(fds, auclass); 1212 ATF_REQUIRE_EQ(-1, minherit((void *)(-1), -1, 0)); 1213 check_audit(fds, pcregex, pipefd); 1214} 1215 1216ATF_TC_CLEANUP(minherit_failure, tc) 1217{ 1218 cleanup(); 1219} 1220 1221 1222ATF_TC_WITH_CLEANUP(setlogin_success); 1223ATF_TC_HEAD(setlogin_success, tc) 1224{ 1225 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1226 "setlogin(2) call"); 1227} 1228 1229ATF_TC_BODY(setlogin_success, tc) 1230{ 1231 char *name; 1232 pid = getpid(); 1233 snprintf(pcregex, sizeof(pcregex), "setlogin.*%d.*return,success", pid); 1234 1235 /* Retrieve the current user's login name to be used with setlogin(2) */ 1236 ATF_REQUIRE((name = getlogin()) != NULL); 1237 FILE *pipefd = setup(fds, auclass); 1238 ATF_REQUIRE_EQ(0, setlogin(name)); 1239 check_audit(fds, pcregex, pipefd); 1240} 1241 1242ATF_TC_CLEANUP(setlogin_success, tc) 1243{ 1244 cleanup(); 1245} 1246 1247 1248ATF_TC_WITH_CLEANUP(setlogin_failure); 1249ATF_TC_HEAD(setlogin_failure, tc) 1250{ 1251 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1252 "setlogin(2) call"); 1253} 1254 1255ATF_TC_BODY(setlogin_failure, tc) 1256{ 1257 pid = getpid(); 1258 snprintf(pcregex, sizeof(pcregex), "setlogin.*%d.*return,failure", pid); 1259 1260 FILE *pipefd = setup(fds, auclass); 1261 ATF_REQUIRE_EQ(-1, setlogin(NULL)); 1262 check_audit(fds, pcregex, pipefd); 1263} 1264 1265ATF_TC_CLEANUP(setlogin_failure, tc) 1266{ 1267 cleanup(); 1268} 1269 1270 1271ATF_TC_WITH_CLEANUP(rtprio_success); 1272ATF_TC_HEAD(rtprio_success, tc) 1273{ 1274 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1275 "rtprio(2) call"); 1276} 1277 1278ATF_TC_BODY(rtprio_success, tc) 1279{ 1280 struct rtprio rtp; 1281 pid = getpid(); 1282 snprintf(pcregex, sizeof(pcregex), "rtprio.*%d.*return,success", pid); 1283 1284 FILE *pipefd = setup(fds, auclass); 1285 ATF_REQUIRE_EQ(0, rtprio(RTP_LOOKUP, 0, &rtp)); 1286 check_audit(fds, pcregex, pipefd); 1287} 1288 1289ATF_TC_CLEANUP(rtprio_success, tc) 1290{ 1291 cleanup(); 1292} 1293 1294 1295ATF_TC_WITH_CLEANUP(rtprio_failure); 1296ATF_TC_HEAD(rtprio_failure, tc) 1297{ 1298 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1299 "rtprio(2) call"); 1300} 1301 1302ATF_TC_BODY(rtprio_failure, tc) 1303{ 1304 pid = getpid(); 1305 snprintf(pcregex, sizeof(pcregex), "rtprio.*%d.*return,failure", pid); 1306 1307 FILE *pipefd = setup(fds, auclass); 1308 ATF_REQUIRE_EQ(-1, rtprio(-1, -1, NULL)); 1309 check_audit(fds, pcregex, pipefd); 1310} 1311 1312ATF_TC_CLEANUP(rtprio_failure, tc) 1313{ 1314 cleanup(); 1315} 1316 1317 1318ATF_TC_WITH_CLEANUP(profil_success); 1319ATF_TC_HEAD(profil_success, tc) 1320{ 1321 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1322 "profil(2) call"); 1323} 1324 1325ATF_TC_BODY(profil_success, tc) 1326{ 1327 pid = getpid(); 1328 snprintf(pcregex, sizeof(pcregex), "profil.*%d.*return,success", pid); 1329 1330 char samples[20]; 1331 FILE *pipefd = setup(fds, auclass); 1332 /* Set scale argument as 0 to disable profiling of current process */ 1333 ATF_REQUIRE_EQ(0, profil(samples, sizeof(samples), 0, 0)); 1334 check_audit(fds, pcregex, pipefd); 1335} 1336 1337ATF_TC_CLEANUP(profil_success, tc) 1338{ 1339 cleanup(); 1340} 1341 1342 1343ATF_TC_WITH_CLEANUP(profil_failure); 1344ATF_TC_HEAD(profil_failure, tc) 1345{ 1346 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1347 "profil(2) call"); 1348} 1349 1350ATF_TC_BODY(profil_failure, tc) 1351{ 1352 pid = getpid(); 1353 snprintf(pcregex, sizeof(pcregex), "profil.*%d.*return,failure", pid); 1354 1355 FILE *pipefd = setup(fds, auclass); 1356 ATF_REQUIRE_EQ(-1, profil((char *)(SIZE_MAX), -1, -1, -1)); 1357 check_audit(fds, pcregex, pipefd); 1358} 1359 1360ATF_TC_CLEANUP(profil_failure, tc) 1361{ 1362 cleanup(); 1363} 1364 1365 1366ATF_TC_WITH_CLEANUP(ptrace_success); 1367ATF_TC_HEAD(ptrace_success, tc) 1368{ 1369 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1370 "ptrace(2) call"); 1371} 1372 1373ATF_TC_BODY(ptrace_success, tc) 1374{ 1375 pid = getpid(); 1376 snprintf(pcregex, sizeof(pcregex), "ptrace.*%d.*return,success", pid); 1377 1378 FILE *pipefd = setup(fds, auclass); 1379 ATF_REQUIRE_EQ(0, ptrace(PT_TRACE_ME, 0, NULL, 0)); 1380 check_audit(fds, pcregex, pipefd); 1381} 1382 1383ATF_TC_CLEANUP(ptrace_success, tc) 1384{ 1385 cleanup(); 1386} 1387 1388 1389ATF_TC_WITH_CLEANUP(ptrace_failure); 1390ATF_TC_HEAD(ptrace_failure, tc) 1391{ 1392 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1393 "ptrace(2) call"); 1394} 1395 1396ATF_TC_BODY(ptrace_failure, tc) 1397{ 1398 pid = getpid(); 1399 snprintf(pcregex, sizeof(pcregex), "ptrace.*%d.*return,failure", pid); 1400 1401 FILE *pipefd = setup(fds, auclass); 1402 ATF_REQUIRE_EQ(-1, ptrace(-1, 0, NULL, 0)); 1403 check_audit(fds, pcregex, pipefd); 1404} 1405 1406ATF_TC_CLEANUP(ptrace_failure, tc) 1407{ 1408 cleanup(); 1409} 1410 1411 1412ATF_TC_WITH_CLEANUP(ktrace_success); 1413ATF_TC_HEAD(ktrace_success, tc) 1414{ 1415 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1416 "ktrace(2) call"); 1417} 1418 1419ATF_TC_BODY(ktrace_success, tc) 1420{ 1421 pid = getpid(); 1422 snprintf(pcregex, sizeof(pcregex), "ktrace.*%d.*return,success", pid); 1423 1424 FILE *pipefd = setup(fds, auclass); 1425 ATF_REQUIRE_EQ(0, ktrace(NULL, KTROP_CLEAR, KTRFAC_SYSCALL, pid)); 1426 check_audit(fds, pcregex, pipefd); 1427} 1428 1429ATF_TC_CLEANUP(ktrace_success, tc) 1430{ 1431 cleanup(); 1432} 1433 1434 1435ATF_TC_WITH_CLEANUP(ktrace_failure); 1436ATF_TC_HEAD(ktrace_failure, tc) 1437{ 1438 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1439 "ktrace(2) call"); 1440} 1441 1442ATF_TC_BODY(ktrace_failure, tc) 1443{ 1444 pid = getpid(); 1445 snprintf(pcregex, sizeof(pcregex), "ktrace.*%d.*return,failure", pid); 1446 1447 FILE *pipefd = setup(fds, auclass); 1448 ATF_REQUIRE_EQ(-1, ktrace(NULL, -1, -1, 0)); 1449 check_audit(fds, pcregex, pipefd); 1450} 1451 1452ATF_TC_CLEANUP(ktrace_failure, tc) 1453{ 1454 cleanup(); 1455} 1456 1457 1458ATF_TC_WITH_CLEANUP(procctl_success); 1459ATF_TC_HEAD(procctl_success, tc) 1460{ 1461 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1462 "procctl(2) call"); 1463} 1464 1465ATF_TC_BODY(procctl_success, tc) 1466{ 1467 pid = getpid(); 1468 snprintf(pcregex, sizeof(pcregex), "procctl.*%d.*return,success", pid); 1469 1470 struct procctl_reaper_status reapstat; 1471 FILE *pipefd = setup(fds, auclass); 1472 /* Retrieve information about the reaper of current process (pid) */ 1473 ATF_REQUIRE_EQ(0, procctl(P_PID, pid, PROC_REAP_STATUS, &reapstat)); 1474 check_audit(fds, pcregex, pipefd); 1475} 1476 1477ATF_TC_CLEANUP(procctl_success, tc) 1478{ 1479 cleanup(); 1480} 1481 1482 1483ATF_TC_WITH_CLEANUP(procctl_failure); 1484ATF_TC_HEAD(procctl_failure, tc) 1485{ 1486 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1487 "procctl(2) call"); 1488} 1489 1490ATF_TC_BODY(procctl_failure, tc) 1491{ 1492 pid = getpid(); 1493 snprintf(pcregex, sizeof(pcregex), "procctl.*%d.*return,failure", pid); 1494 1495 FILE *pipefd = setup(fds, auclass); 1496 ATF_REQUIRE_EQ(-1, procctl(-1, -1, -1, NULL)); 1497 check_audit(fds, pcregex, pipefd); 1498} 1499 1500ATF_TC_CLEANUP(procctl_failure, tc) 1501{ 1502 cleanup(); 1503} 1504 1505 1506ATF_TC_WITH_CLEANUP(cap_enter_success); 1507ATF_TC_HEAD(cap_enter_success, tc) 1508{ 1509 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1510 "cap_enter(2) call"); 1511} 1512 1513ATF_TC_BODY(cap_enter_success, tc) 1514{ 1515 int capinfo; 1516 size_t len = sizeof(capinfo); 1517 const char *capname = "kern.features.security_capability_mode"; 1518 ATF_REQUIRE_EQ(0, sysctlbyname(capname, &capinfo, &len, NULL, 0)); 1519 1520 /* Without CAPABILITY_MODE enabled, cap_enter() returns ENOSYS */ 1521 if (!capinfo) 1522 atf_tc_skip("Capsicum is not enabled in the system"); 1523 1524 FILE *pipefd = setup(fds, auclass); 1525 ATF_REQUIRE((pid = fork()) != -1); 1526 if (pid) { 1527 snprintf(pcregex, sizeof(pcregex), 1528 "cap_enter.*%d.*return,success", pid); 1529 ATF_REQUIRE(wait(&status) != -1); 1530 check_audit(fds, pcregex, pipefd); 1531 } 1532 else { 1533 ATF_REQUIRE_EQ(0, cap_enter()); 1534 _exit(0); 1535 } 1536} 1537 1538ATF_TC_CLEANUP(cap_enter_success, tc) 1539{ 1540 cleanup(); 1541} 1542 1543 1544ATF_TC_WITH_CLEANUP(cap_getmode_success); 1545ATF_TC_HEAD(cap_getmode_success, tc) 1546{ 1547 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 1548 "cap_getmode(2) call"); 1549} 1550 1551ATF_TC_BODY(cap_getmode_success, tc) 1552{ 1553 int capinfo, modep; 1554 size_t len = sizeof(capinfo); 1555 const char *capname = "kern.features.security_capability_mode"; 1556 ATF_REQUIRE_EQ(0, sysctlbyname(capname, &capinfo, &len, NULL, 0)); 1557 1558 /* Without CAPABILITY_MODE enabled, cap_getmode() returns ENOSYS */ 1559 if (!capinfo) 1560 atf_tc_skip("Capsicum is not enabled in the system"); 1561 1562 pid = getpid(); 1563 snprintf(pcregex, sizeof(pcregex), "cap_getmode.*%d.*success", pid); 1564 1565 FILE *pipefd = setup(fds, auclass); 1566 ATF_REQUIRE_EQ(0, cap_getmode(&modep)); 1567 check_audit(fds, pcregex, pipefd); 1568} 1569 1570ATF_TC_CLEANUP(cap_getmode_success, tc) 1571{ 1572 cleanup(); 1573} 1574 1575 1576ATF_TC_WITH_CLEANUP(cap_getmode_failure); 1577ATF_TC_HEAD(cap_getmode_failure, tc) 1578{ 1579 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 1580 "cap_getmode(2) call"); 1581} 1582 1583ATF_TC_BODY(cap_getmode_failure, tc) 1584{ 1585 pid = getpid(); 1586 snprintf(pcregex, sizeof(pcregex), "cap_getmode.*%d.*failure", pid); 1587 1588 FILE *pipefd = setup(fds, auclass); 1589 /* cap_getmode(2) can either fail with EFAULT or ENOSYS */ 1590 ATF_REQUIRE_EQ(-1, cap_getmode(NULL)); 1591 check_audit(fds, pcregex, pipefd); 1592} 1593 1594ATF_TC_CLEANUP(cap_getmode_failure, tc) 1595{ 1596 cleanup(); 1597} 1598 1599 1600ATF_TP_ADD_TCS(tp) 1601{ 1602 ATF_TP_ADD_TC(tp, fork_success); 1603 ATF_TP_ADD_TC(tp, _exit_success); 1604 ATF_TP_ADD_TC(tp, rfork_success); 1605 ATF_TP_ADD_TC(tp, rfork_failure); 1606 1607 ATF_TP_ADD_TC(tp, wait4_success); 1608 ATF_TP_ADD_TC(tp, wait4_failure); 1609 ATF_TP_ADD_TC(tp, wait6_success); 1610 ATF_TP_ADD_TC(tp, wait6_failure); 1611 ATF_TP_ADD_TC(tp, kill_success); 1612 ATF_TP_ADD_TC(tp, kill_failure); 1613 1614 ATF_TP_ADD_TC(tp, chdir_success); 1615 ATF_TP_ADD_TC(tp, chdir_failure); 1616 ATF_TP_ADD_TC(tp, fchdir_success); 1617 ATF_TP_ADD_TC(tp, fchdir_failure); 1618 ATF_TP_ADD_TC(tp, chroot_success); 1619 ATF_TP_ADD_TC(tp, chroot_failure); 1620 1621 ATF_TP_ADD_TC(tp, umask_success); 1622 ATF_TP_ADD_TC(tp, setuid_success); 1623 ATF_TP_ADD_TC(tp, seteuid_success); 1624 ATF_TP_ADD_TC(tp, setgid_success); 1625 ATF_TP_ADD_TC(tp, setegid_success); 1626 1627 ATF_TP_ADD_TC(tp, setreuid_success); 1628 ATF_TP_ADD_TC(tp, setregid_success); 1629 ATF_TP_ADD_TC(tp, setresuid_success); 1630 ATF_TP_ADD_TC(tp, setresgid_success); 1631 1632 ATF_TP_ADD_TC(tp, getresuid_success); 1633 ATF_TP_ADD_TC(tp, getresuid_failure); 1634 ATF_TP_ADD_TC(tp, getresgid_success); 1635 ATF_TP_ADD_TC(tp, getresgid_failure); 1636 1637 ATF_TP_ADD_TC(tp, setpriority_success); 1638 ATF_TP_ADD_TC(tp, setpriority_failure); 1639 ATF_TP_ADD_TC(tp, setgroups_success); 1640 ATF_TP_ADD_TC(tp, setgroups_failure); 1641 ATF_TP_ADD_TC(tp, setpgrp_success); 1642 ATF_TP_ADD_TC(tp, setpgrp_failure); 1643 ATF_TP_ADD_TC(tp, setsid_success); 1644 ATF_TP_ADD_TC(tp, setsid_failure); 1645 ATF_TP_ADD_TC(tp, setrlimit_success); 1646 ATF_TP_ADD_TC(tp, setrlimit_failure); 1647 1648 ATF_TP_ADD_TC(tp, mlock_success); 1649 ATF_TP_ADD_TC(tp, mlock_failure); 1650 ATF_TP_ADD_TC(tp, munlock_success); 1651 ATF_TP_ADD_TC(tp, munlock_failure); 1652 ATF_TP_ADD_TC(tp, minherit_success); 1653 ATF_TP_ADD_TC(tp, minherit_failure); 1654 1655 ATF_TP_ADD_TC(tp, setlogin_success); 1656 ATF_TP_ADD_TC(tp, setlogin_failure); 1657 ATF_TP_ADD_TC(tp, rtprio_success); 1658 ATF_TP_ADD_TC(tp, rtprio_failure); 1659 1660 ATF_TP_ADD_TC(tp, profil_success); 1661 ATF_TP_ADD_TC(tp, profil_failure); 1662 ATF_TP_ADD_TC(tp, ptrace_success); 1663 ATF_TP_ADD_TC(tp, ptrace_failure); 1664 ATF_TP_ADD_TC(tp, ktrace_success); 1665 ATF_TP_ADD_TC(tp, ktrace_failure); 1666 ATF_TP_ADD_TC(tp, procctl_success); 1667 ATF_TP_ADD_TC(tp, procctl_failure); 1668 1669 ATF_TP_ADD_TC(tp, cap_enter_success); 1670 ATF_TP_ADD_TC(tp, cap_getmode_success); 1671 ATF_TP_ADD_TC(tp, cap_getmode_failure); 1672 1673 return (atf_no_error()); 1674} 1675