1/*- 2 * Copyright (c) 2018 Aniket Pandey 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * SUCH DAMAGE. 24 */ 25 26#include <sys/types.h> 27#include <sys/sysctl.h> 28 29#include <bsm/audit.h> 30#include <machine/sysarch.h> 31 32#include <atf-c.h> 33#include <unistd.h> 34 35#include "utils.h" 36 37static pid_t pid; 38static char miscreg[80]; 39static struct pollfd fds[1]; 40static const char *auclass = "ot"; 41 42 43/* 44 * Success case of audit(2) is skipped for now as the behaviour is quite 45 * undeterministic. It will be added when the intermittency is resolved. 46 */ 47 48 49ATF_TC_WITH_CLEANUP(audit_failure); 50ATF_TC_HEAD(audit_failure, tc) 51{ 52 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 53 "audit(2) call"); 54} 55 56ATF_TC_BODY(audit_failure, tc) 57{ 58 pid = getpid(); 59 snprintf(miscreg, sizeof(miscreg), "audit.*%d.*return,failure", pid); 60 61 FILE *pipefd = setup(fds, auclass); 62 /* Failure reason: Invalid argument */ 63 ATF_REQUIRE_EQ(-1, audit(NULL, -1)); 64 check_audit(fds, miscreg, pipefd); 65} 66 67ATF_TC_CLEANUP(audit_failure, tc) 68{ 69 cleanup(); 70} 71 72 73ATF_TC_WITH_CLEANUP(sysarch_success); 74ATF_TC_HEAD(sysarch_success, tc) 75{ 76 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 77 "sysarch(2) call"); 78} 79 80ATF_TC_BODY(sysarch_success, tc) 81{ 82 pid = getpid(); 83 snprintf(miscreg, sizeof(miscreg), "sysarch.*%d.*return,success", pid); 84 85 /* Set sysnum to the syscall corresponding to the system architecture */ 86#if defined(I386_GET_IOPERM) /* i386 */ 87 struct i386_ioperm_args i3sysarg; 88 bzero(&i3sysarg, sizeof(i3sysarg)); 89 90#elif defined(AMD64_GET_FSBASE) /* amd64 */ 91 register_t amd64arg; 92 93#elif defined(ARM_SYNC_ICACHE) /* ARM */ 94 struct arm_sync_icache_args armsysarg; 95 bzero(&armsysarg, sizeof(armsysarg)); 96 97#elif defined(SPARC_UTRAP_INSTALL) /* Sparc64 */ 98 struct sparc_utrap_args handler = { 99 .type = UT_DIVISION_BY_ZERO, 100 /* We don't want to change the previous handlers */ 101 .new_precise = (void *)UTH_NOCHANGE, 102 .new_deferred = (void *)UTH_NOCHANGE, 103 .old_precise = NULL, 104 .old_deferred = NULL 105 }; 106 107 struct sparc_utrap_install_args sparc64arg = { 108 .num = ST_DIVISION_BY_ZERO, 109 .handlers = &handler 110 }; 111#else 112 /* For PowerPC, ARM64, RISCV archs, sysarch(2) is not supported */ 113 atf_tc_skip("sysarch(2) is not supported for the system architecture"); 114#endif 115 116 FILE *pipefd = setup(fds, auclass); 117#if defined(I386_GET_IOPERM) 118 ATF_REQUIRE_EQ(0, sysarch(I386_GET_IOPERM, &i3sysarg)); 119#elif defined(AMD64_GET_FSBASE) 120 ATF_REQUIRE_EQ(0, sysarch(AMD64_GET_FSBASE, &amd64arg)); 121#elif defined(ARM_SYNC_ICACHE) 122 ATF_REQUIRE_EQ(0, sysarch(ARM_SYNC_ICACHE, &armsysarg)); 123#elif defined(SPARC_UTRAP_INSTALL) 124 ATF_REQUIRE_EQ(0, sysarch(SPARC_UTRAP_INSTALL, &sparc64arg)); 125#endif 126 check_audit(fds, miscreg, pipefd); 127} 128 129ATF_TC_CLEANUP(sysarch_success, tc) 130{ 131 cleanup(); 132} 133 134 135ATF_TC_WITH_CLEANUP(sysarch_failure); 136ATF_TC_HEAD(sysarch_failure, tc) 137{ 138 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 139 "sysarch(2) call for any architecture"); 140} 141 142ATF_TC_BODY(sysarch_failure, tc) 143{ 144 pid = getpid(); 145 snprintf(miscreg, sizeof(miscreg), "sysarch.*%d.*return,failure", pid); 146 147 FILE *pipefd = setup(fds, auclass); 148 /* Failure reason: Invalid argument and Bad address */ 149 ATF_REQUIRE_EQ(-1, sysarch(-1, NULL)); 150 check_audit(fds, miscreg, pipefd); 151} 152 153ATF_TC_CLEANUP(sysarch_failure, tc) 154{ 155 cleanup(); 156} 157 158 159ATF_TC_WITH_CLEANUP(sysctl_success); 160ATF_TC_HEAD(sysctl_success, tc) 161{ 162 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful " 163 "sysctl(3) call"); 164} 165 166ATF_TC_BODY(sysctl_success, tc) 167{ 168 int mib[2], maxproc; 169 size_t proclen; 170 171 /* Set mib to retrieve the maximum number of allowed processes */ 172 mib[0] = CTL_KERN; 173 mib[1] = KERN_MAXPROC; 174 proclen = sizeof(maxproc); 175 176 pid = getpid(); 177 snprintf(miscreg, sizeof(miscreg), "sysctl.*%d.*return,success", pid); 178 179 FILE *pipefd = setup(fds, auclass); 180 ATF_REQUIRE_EQ(0, sysctl(mib, 2, &maxproc, &proclen, NULL, 0)); 181 check_audit(fds, miscreg, pipefd); 182} 183 184ATF_TC_CLEANUP(sysctl_success, tc) 185{ 186 cleanup(); 187} 188 189 190ATF_TC_WITH_CLEANUP(sysctl_failure); 191ATF_TC_HEAD(sysctl_failure, tc) 192{ 193 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful " 194 "sysctl(3) call"); 195} 196 197ATF_TC_BODY(sysctl_failure, tc) 198{ 199 pid = getpid(); 200 snprintf(miscreg, sizeof(miscreg), "sysctl.*%d.*return,failure", pid); 201 202 FILE *pipefd = setup(fds, auclass); 203 /* Failure reason: Invalid arguments */ 204 ATF_REQUIRE_EQ(-1, sysctl(NULL, 0, NULL, NULL, NULL, 0)); 205 check_audit(fds, miscreg, pipefd); 206} 207 208ATF_TC_CLEANUP(sysctl_failure, tc) 209{ 210 cleanup(); 211} 212 213 214ATF_TP_ADD_TCS(tp) 215{ 216 ATF_TP_ADD_TC(tp, audit_failure); 217 218 ATF_TP_ADD_TC(tp, sysarch_success); 219 ATF_TP_ADD_TC(tp, sysarch_failure); 220 221 ATF_TP_ADD_TC(tp, sysctl_success); 222 ATF_TP_ADD_TC(tp, sysctl_failure); 223 224 return (atf_no_error()); 225} 226