1 /*-
2 * Copyright (c) 2018 Aniket Pandey
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * SUCH DAMAGE.
24 *
25 * $FreeBSD$
26 */
27
28 #include <sys/param.h>
29 #include <sys/capsicum.h>
30 #include <sys/uio.h>
31 #include <sys/ktrace.h>
32 #include <sys/mman.h>
33 #include <sys/procctl.h>
34 #include <sys/ptrace.h>
35 #include <sys/resource.h>
36 #include <sys/rtprio.h>
37 #include <sys/stat.h>
38 #include <sys/sysctl.h>
39 #include <sys/time.h>
40 #include <sys/wait.h>
41
42 #include <atf-c.h>
43 #include <fcntl.h>
44 #include <signal.h>
45 #include <stdint.h>
46 #include <stdlib.h>
47 #include <unistd.h>
48
49 #include "utils.h"
50
51 #include "freebsd_test_suite/macros.h"
52
53 static pid_t pid;
54 static int filedesc, status;
55 static struct pollfd fds[1];
56 static char pcregex[80];
57 static const char *auclass = "pc";
58
59
60 ATF_TC_WITH_CLEANUP(fork_success);
ATF_TC_HEAD(fork_success,tc)61 ATF_TC_HEAD(fork_success, tc)
62 {
63 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
64 "fork(2) call");
65 }
66
ATF_TC_BODY(fork_success,tc)67 ATF_TC_BODY(fork_success, tc)
68 {
69 pid = getpid();
70 snprintf(pcregex, sizeof(pcregex), "fork.*%d.*return,success", pid);
71
72 FILE *pipefd = setup(fds, auclass);
73 /* Check if fork(2) succeded. If so, exit from the child process */
74 ATF_REQUIRE((pid = fork()) != -1);
75 if (pid)
76 check_audit(fds, pcregex, pipefd);
77 else
78 _exit(0);
79 }
80
ATF_TC_CLEANUP(fork_success,tc)81 ATF_TC_CLEANUP(fork_success, tc)
82 {
83 cleanup();
84 }
85
86 /*
87 * No fork(2) in failure mode since possibilities for failure are only when
88 * user is not privileged or when the number of processes exceed KERN_MAXPROC.
89 */
90
91
92 ATF_TC_WITH_CLEANUP(_exit_success);
ATF_TC_HEAD(_exit_success,tc)93 ATF_TC_HEAD(_exit_success, tc)
94 {
95 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
96 "_exit(2) call");
97 }
98
ATF_TC_BODY(_exit_success,tc)99 ATF_TC_BODY(_exit_success, tc)
100 {
101 FILE *pipefd = setup(fds, auclass);
102 ATF_REQUIRE((pid = fork()) != -1);
103 if (pid) {
104 snprintf(pcregex, sizeof(pcregex), "exit.*%d.*success", pid);
105 check_audit(fds, pcregex, pipefd);
106 }
107 else
108 _exit(0);
109 }
110
ATF_TC_CLEANUP(_exit_success,tc)111 ATF_TC_CLEANUP(_exit_success, tc)
112 {
113 cleanup();
114 }
115
116 /*
117 * _exit(2) never returns, hence the auditing by default is always successful
118 */
119
120
121 ATF_TC_WITH_CLEANUP(rfork_success);
ATF_TC_HEAD(rfork_success,tc)122 ATF_TC_HEAD(rfork_success, tc)
123 {
124 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
125 "rfork(2) call");
126 }
127
ATF_TC_BODY(rfork_success,tc)128 ATF_TC_BODY(rfork_success, tc)
129 {
130 pid = getpid();
131 snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,success", pid);
132
133 FILE *pipefd = setup(fds, auclass);
134 ATF_REQUIRE((pid = rfork(RFPROC)) != -1);
135 if (pid)
136 check_audit(fds, pcregex, pipefd);
137 else
138 _exit(0);
139 }
140
ATF_TC_CLEANUP(rfork_success,tc)141 ATF_TC_CLEANUP(rfork_success, tc)
142 {
143 cleanup();
144 }
145
146
147 ATF_TC_WITH_CLEANUP(rfork_failure);
ATF_TC_HEAD(rfork_failure,tc)148 ATF_TC_HEAD(rfork_failure, tc)
149 {
150 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
151 "rfork(2) call");
152 }
153
ATF_TC_BODY(rfork_failure,tc)154 ATF_TC_BODY(rfork_failure, tc)
155 {
156 pid = getpid();
157 snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,failure", pid);
158
159 FILE *pipefd = setup(fds, auclass);
160 /* Failure reason: Invalid argument */
161 ATF_REQUIRE_EQ(-1, rfork(-1));
162 check_audit(fds, pcregex, pipefd);
163 }
164
ATF_TC_CLEANUP(rfork_failure,tc)165 ATF_TC_CLEANUP(rfork_failure, tc)
166 {
167 cleanup();
168 }
169
170
171 ATF_TC_WITH_CLEANUP(wait4_success);
ATF_TC_HEAD(wait4_success,tc)172 ATF_TC_HEAD(wait4_success, tc)
173 {
174 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
175 "wait4(2) call");
176 }
177
ATF_TC_BODY(wait4_success,tc)178 ATF_TC_BODY(wait4_success, tc)
179 {
180 pid = getpid();
181 snprintf(pcregex, sizeof(pcregex), "wait4.*%d.*return,success", pid);
182
183 ATF_REQUIRE((pid = fork()) != -1);
184 if (pid) {
185 FILE *pipefd = setup(fds, auclass);
186 /* wpid = -1 : Wait for any child process */
187 ATF_REQUIRE(wait4(-1, &status, 0, NULL) != -1);
188 check_audit(fds, pcregex, pipefd);
189 }
190 else
191 _exit(0);
192 }
193
ATF_TC_CLEANUP(wait4_success,tc)194 ATF_TC_CLEANUP(wait4_success, tc)
195 {
196 cleanup();
197 }
198
199
200 ATF_TC_WITH_CLEANUP(wait4_failure);
ATF_TC_HEAD(wait4_failure,tc)201 ATF_TC_HEAD(wait4_failure, tc)
202 {
203 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
204 "wait4(2) call");
205 }
206
ATF_TC_BODY(wait4_failure,tc)207 ATF_TC_BODY(wait4_failure, tc)
208 {
209 pid = getpid();
210 snprintf(pcregex, sizeof(pcregex), "wait4.*%d.*return,failure", pid);
211
212 FILE *pipefd = setup(fds, auclass);
213 /* Failure reason: No child process to wait for */
214 ATF_REQUIRE_EQ(-1, wait4(-1, NULL, 0, NULL));
215 check_audit(fds, pcregex, pipefd);
216 }
217
ATF_TC_CLEANUP(wait4_failure,tc)218 ATF_TC_CLEANUP(wait4_failure, tc)
219 {
220 cleanup();
221 }
222
223
224 ATF_TC_WITH_CLEANUP(wait6_success);
ATF_TC_HEAD(wait6_success,tc)225 ATF_TC_HEAD(wait6_success, tc)
226 {
227 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
228 "wait6(2) call");
229 }
230
ATF_TC_BODY(wait6_success,tc)231 ATF_TC_BODY(wait6_success, tc)
232 {
233 pid = getpid();
234 snprintf(pcregex, sizeof(pcregex), "wait6.*%d.*return,success", pid);
235
236 ATF_REQUIRE((pid = fork()) != -1);
237 if (pid) {
238 FILE *pipefd = setup(fds, auclass);
239 ATF_REQUIRE(wait6(P_ALL, 0, &status, WEXITED, NULL,NULL) != -1);
240 check_audit(fds, pcregex, pipefd);
241 }
242 else
243 _exit(0);
244 }
245
ATF_TC_CLEANUP(wait6_success,tc)246 ATF_TC_CLEANUP(wait6_success, tc)
247 {
248 cleanup();
249 }
250
251
252 ATF_TC_WITH_CLEANUP(wait6_failure);
ATF_TC_HEAD(wait6_failure,tc)253 ATF_TC_HEAD(wait6_failure, tc)
254 {
255 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
256 "wait6(2) call");
257 }
258
ATF_TC_BODY(wait6_failure,tc)259 ATF_TC_BODY(wait6_failure, tc)
260 {
261 pid = getpid();
262 snprintf(pcregex, sizeof(pcregex), "wait6.*%d.*return,failure", pid);
263
264 FILE *pipefd = setup(fds, auclass);
265 /* Failure reason: Invalid argument */
266 ATF_REQUIRE_EQ(-1, wait6(0, 0, NULL, 0, NULL, NULL));
267 check_audit(fds, pcregex, pipefd);
268 }
269
ATF_TC_CLEANUP(wait6_failure,tc)270 ATF_TC_CLEANUP(wait6_failure, tc)
271 {
272 cleanup();
273 }
274
275
276 ATF_TC_WITH_CLEANUP(kill_success);
ATF_TC_HEAD(kill_success,tc)277 ATF_TC_HEAD(kill_success, tc)
278 {
279 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
280 "kill(2) call");
281 }
282
ATF_TC_BODY(kill_success,tc)283 ATF_TC_BODY(kill_success, tc)
284 {
285 pid = getpid();
286 snprintf(pcregex, sizeof(pcregex), "kill.*%d.*return,success", pid);
287
288 FILE *pipefd = setup(fds, auclass);
289 /* Don't send any signal to anyone, live in peace! */
290 ATF_REQUIRE_EQ(0, kill(0, 0));
291 check_audit(fds, pcregex, pipefd);
292 }
293
ATF_TC_CLEANUP(kill_success,tc)294 ATF_TC_CLEANUP(kill_success, tc)
295 {
296 cleanup();
297 }
298
299
300 ATF_TC_WITH_CLEANUP(kill_failure);
ATF_TC_HEAD(kill_failure,tc)301 ATF_TC_HEAD(kill_failure, tc)
302 {
303 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
304 "kill(2) call");
305 }
306
ATF_TC_BODY(kill_failure,tc)307 ATF_TC_BODY(kill_failure, tc)
308 {
309 pid = getpid();
310 snprintf(pcregex, sizeof(pcregex), "kill.*%d.*return,failure", pid);
311
312 FILE *pipefd = setup(fds, auclass);
313 /*
314 * Failure reason: Non existent process with PID '-2'
315 * Note: '-1' is not used as it means sending no signal to
316 * all non-system processes: A successful invocation
317 */
318 ATF_REQUIRE_EQ(-1, kill(0, -2));
319 check_audit(fds, pcregex, pipefd);
320 }
321
ATF_TC_CLEANUP(kill_failure,tc)322 ATF_TC_CLEANUP(kill_failure, tc)
323 {
324 cleanup();
325 }
326
327
328 ATF_TC_WITH_CLEANUP(chdir_success);
ATF_TC_HEAD(chdir_success,tc)329 ATF_TC_HEAD(chdir_success, tc)
330 {
331 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
332 "chdir(2) call");
333 }
334
ATF_TC_BODY(chdir_success,tc)335 ATF_TC_BODY(chdir_success, tc)
336 {
337 pid = getpid();
338 snprintf(pcregex, sizeof(pcregex), "chdir.*/.*%d.*return,success", pid);
339
340 FILE *pipefd = setup(fds, auclass);
341 ATF_REQUIRE_EQ(0, chdir("/"));
342 check_audit(fds, pcregex, pipefd);
343 }
344
ATF_TC_CLEANUP(chdir_success,tc)345 ATF_TC_CLEANUP(chdir_success, tc)
346 {
347 cleanup();
348 }
349
350
351 ATF_TC_WITH_CLEANUP(chdir_failure);
ATF_TC_HEAD(chdir_failure,tc)352 ATF_TC_HEAD(chdir_failure, tc)
353 {
354 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
355 "chdir(2) call");
356 }
357
ATF_TC_BODY(chdir_failure,tc)358 ATF_TC_BODY(chdir_failure, tc)
359 {
360 pid = getpid();
361 snprintf(pcregex, sizeof(pcregex), "chdir.*%d.*return,failure", pid);
362
363 FILE *pipefd = setup(fds, auclass);
364 /* Failure reason: Bad address */
365 ATF_REQUIRE_EQ(-1, chdir(NULL));
366 check_audit(fds, pcregex, pipefd);
367 }
368
ATF_TC_CLEANUP(chdir_failure,tc)369 ATF_TC_CLEANUP(chdir_failure, tc)
370 {
371 cleanup();
372 }
373
374
375 ATF_TC_WITH_CLEANUP(fchdir_success);
ATF_TC_HEAD(fchdir_success,tc)376 ATF_TC_HEAD(fchdir_success, tc)
377 {
378 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
379 "fchdir(2) call");
380 }
381
ATF_TC_BODY(fchdir_success,tc)382 ATF_TC_BODY(fchdir_success, tc)
383 {
384 /* Build an absolute path to the test-case directory */
385 char dirpath[50];
386 ATF_REQUIRE(getcwd(dirpath, sizeof(dirpath)) != NULL);
387 ATF_REQUIRE((filedesc = open(dirpath, O_RDONLY)) != -1);
388
389 /* Audit record generated by fchdir(2) does not contain filedesc */
390 pid = getpid();
391 snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,success", pid);
392
393 FILE *pipefd = setup(fds, auclass);
394 ATF_REQUIRE_EQ(0, fchdir(filedesc));
395 check_audit(fds, pcregex, pipefd);
396 close(filedesc);
397 }
398
ATF_TC_CLEANUP(fchdir_success,tc)399 ATF_TC_CLEANUP(fchdir_success, tc)
400 {
401 cleanup();
402 }
403
404
405 ATF_TC_WITH_CLEANUP(fchdir_failure);
ATF_TC_HEAD(fchdir_failure,tc)406 ATF_TC_HEAD(fchdir_failure, tc)
407 {
408 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
409 "fchdir(2) call");
410 }
411
ATF_TC_BODY(fchdir_failure,tc)412 ATF_TC_BODY(fchdir_failure, tc)
413 {
414 pid = getpid();
415 snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,failure", pid);
416
417 FILE *pipefd = setup(fds, auclass);
418 /* Failure reason: Bad directory address */
419 ATF_REQUIRE_EQ(-1, fchdir(-1));
420 check_audit(fds, pcregex, pipefd);
421 }
422
ATF_TC_CLEANUP(fchdir_failure,tc)423 ATF_TC_CLEANUP(fchdir_failure, tc)
424 {
425 cleanup();
426 }
427
428
429 ATF_TC_WITH_CLEANUP(chroot_success);
ATF_TC_HEAD(chroot_success,tc)430 ATF_TC_HEAD(chroot_success, tc)
431 {
432 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
433 "chroot(2) call");
434 }
435
ATF_TC_BODY(chroot_success,tc)436 ATF_TC_BODY(chroot_success, tc)
437 {
438 pid = getpid();
439 snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,success", pid);
440
441 FILE *pipefd = setup(fds, auclass);
442 /* We don't want to change the root directory, hence '/' */
443 ATF_REQUIRE_EQ(0, chroot("/"));
444 check_audit(fds, pcregex, pipefd);
445 }
446
ATF_TC_CLEANUP(chroot_success,tc)447 ATF_TC_CLEANUP(chroot_success, tc)
448 {
449 cleanup();
450 }
451
452
453 ATF_TC_WITH_CLEANUP(chroot_failure);
ATF_TC_HEAD(chroot_failure,tc)454 ATF_TC_HEAD(chroot_failure, tc)
455 {
456 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
457 "chroot(2) call");
458 }
459
ATF_TC_BODY(chroot_failure,tc)460 ATF_TC_BODY(chroot_failure, tc)
461 {
462 pid = getpid();
463 snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,failure", pid);
464
465 FILE *pipefd = setup(fds, auclass);
466 ATF_REQUIRE_EQ(-1, chroot(NULL));
467 check_audit(fds, pcregex, pipefd);
468 }
469
ATF_TC_CLEANUP(chroot_failure,tc)470 ATF_TC_CLEANUP(chroot_failure, tc)
471 {
472 cleanup();
473 }
474
475
476 ATF_TC_WITH_CLEANUP(umask_success);
ATF_TC_HEAD(umask_success,tc)477 ATF_TC_HEAD(umask_success, tc)
478 {
479 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
480 "umask(2) call");
481 }
482
ATF_TC_BODY(umask_success,tc)483 ATF_TC_BODY(umask_success, tc)
484 {
485 pid = getpid();
486 snprintf(pcregex, sizeof(pcregex), "umask.*%d.*return,success", pid);
487
488 FILE *pipefd = setup(fds, auclass);
489 umask(0);
490 check_audit(fds, pcregex, pipefd);
491 }
492
ATF_TC_CLEANUP(umask_success,tc)493 ATF_TC_CLEANUP(umask_success, tc)
494 {
495 cleanup();
496 }
497
498 /*
499 * umask(2) system call never fails. Hence, no test case for failure mode
500 */
501
502
503 ATF_TC_WITH_CLEANUP(setuid_success);
ATF_TC_HEAD(setuid_success,tc)504 ATF_TC_HEAD(setuid_success, tc)
505 {
506 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
507 "setuid(2) call");
508 }
509
ATF_TC_BODY(setuid_success,tc)510 ATF_TC_BODY(setuid_success, tc)
511 {
512 pid = getpid();
513 snprintf(pcregex, sizeof(pcregex), "setuid.*%d.*return,success", pid);
514
515 FILE *pipefd = setup(fds, auclass);
516 /* Since we're privileged, we'll let ourselves be privileged! */
517 ATF_REQUIRE_EQ(0, setuid(0));
518 check_audit(fds, pcregex, pipefd);
519 }
520
ATF_TC_CLEANUP(setuid_success,tc)521 ATF_TC_CLEANUP(setuid_success, tc)
522 {
523 cleanup();
524 }
525
526 /*
527 * setuid(2) fails only when the current user is not root. So no test case for
528 * failure mode since the required_user="root"
529 */
530
531
532 ATF_TC_WITH_CLEANUP(seteuid_success);
ATF_TC_HEAD(seteuid_success,tc)533 ATF_TC_HEAD(seteuid_success, tc)
534 {
535 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
536 "seteuid(2) call");
537 }
538
ATF_TC_BODY(seteuid_success,tc)539 ATF_TC_BODY(seteuid_success, tc)
540 {
541 pid = getpid();
542 snprintf(pcregex, sizeof(pcregex), "seteuid.*%d.*return,success", pid);
543
544 FILE *pipefd = setup(fds, auclass);
545 /* This time, we'll let ourselves be 'effectively' privileged! */
546 ATF_REQUIRE_EQ(0, seteuid(0));
547 check_audit(fds, pcregex, pipefd);
548 }
549
ATF_TC_CLEANUP(seteuid_success,tc)550 ATF_TC_CLEANUP(seteuid_success, tc)
551 {
552 cleanup();
553 }
554
555 /*
556 * seteuid(2) fails only when the current user is not root. So no test case for
557 * failure mode since the required_user="root"
558 */
559
560
561 ATF_TC_WITH_CLEANUP(setgid_success);
ATF_TC_HEAD(setgid_success,tc)562 ATF_TC_HEAD(setgid_success, tc)
563 {
564 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
565 "setgid(2) call");
566 }
567
ATF_TC_BODY(setgid_success,tc)568 ATF_TC_BODY(setgid_success, tc)
569 {
570 pid = getpid();
571 snprintf(pcregex, sizeof(pcregex), "setgid.*%d.*return,success", pid);
572
573 FILE *pipefd = setup(fds, auclass);
574 ATF_REQUIRE_EQ(0, setgid(0));
575 check_audit(fds, pcregex, pipefd);
576 }
577
ATF_TC_CLEANUP(setgid_success,tc)578 ATF_TC_CLEANUP(setgid_success, tc)
579 {
580 cleanup();
581 }
582
583 /*
584 * setgid(2) fails only when the current user is not root. So no test case for
585 * failure mode since the required_user="root"
586 */
587
588
589 ATF_TC_WITH_CLEANUP(setegid_success);
ATF_TC_HEAD(setegid_success,tc)590 ATF_TC_HEAD(setegid_success, tc)
591 {
592 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
593 "setegid(2) call");
594 }
595
ATF_TC_BODY(setegid_success,tc)596 ATF_TC_BODY(setegid_success, tc)
597 {
598 pid = getpid();
599 snprintf(pcregex, sizeof(pcregex), "setegid.*%d.*return,success", pid);
600
601 FILE *pipefd = setup(fds, auclass);
602 ATF_REQUIRE_EQ(0, setegid(0));
603 check_audit(fds, pcregex, pipefd);
604 }
605
ATF_TC_CLEANUP(setegid_success,tc)606 ATF_TC_CLEANUP(setegid_success, tc)
607 {
608 cleanup();
609 }
610
611 /*
612 * setegid(2) fails only when the current user is not root. So no test case for
613 * failure mode since the required_user="root"
614 */
615
616
617 ATF_TC_WITH_CLEANUP(setregid_success);
ATF_TC_HEAD(setregid_success,tc)618 ATF_TC_HEAD(setregid_success, tc)
619 {
620 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
621 "setregid(2) call");
622 }
623
ATF_TC_BODY(setregid_success,tc)624 ATF_TC_BODY(setregid_success, tc)
625 {
626 pid = getpid();
627 snprintf(pcregex, sizeof(pcregex), "setregid.*%d.*return,success", pid);
628
629 FILE *pipefd = setup(fds, auclass);
630 /* setregid(-1, -1) does not change any real or effective GIDs */
631 ATF_REQUIRE_EQ(0, setregid(-1, -1));
632 check_audit(fds, pcregex, pipefd);
633 }
634
ATF_TC_CLEANUP(setregid_success,tc)635 ATF_TC_CLEANUP(setregid_success, tc)
636 {
637 cleanup();
638 }
639
640 /*
641 * setregid(2) fails only when the current user is not root. So no test case for
642 * failure mode since the required_user="root"
643 */
644
645
646 ATF_TC_WITH_CLEANUP(setreuid_success);
ATF_TC_HEAD(setreuid_success,tc)647 ATF_TC_HEAD(setreuid_success, tc)
648 {
649 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
650 "setreuid(2) call");
651 }
652
ATF_TC_BODY(setreuid_success,tc)653 ATF_TC_BODY(setreuid_success, tc)
654 {
655 pid = getpid();
656 snprintf(pcregex, sizeof(pcregex), "setreuid.*%d.*return,success", pid);
657
658 FILE *pipefd = setup(fds, auclass);
659 /* setreuid(-1, -1) does not change any real or effective UIDs */
660 ATF_REQUIRE_EQ(0, setreuid(-1, -1));
661 check_audit(fds, pcregex, pipefd);
662 }
663
ATF_TC_CLEANUP(setreuid_success,tc)664 ATF_TC_CLEANUP(setreuid_success, tc)
665 {
666 cleanup();
667 }
668
669 /*
670 * setregid(2) fails only when the current user is not root. So no test case for
671 * failure mode since the required_user="root"
672 */
673
674
675 ATF_TC_WITH_CLEANUP(setresuid_success);
ATF_TC_HEAD(setresuid_success,tc)676 ATF_TC_HEAD(setresuid_success, tc)
677 {
678 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
679 "setresuid(2) call");
680 }
681
ATF_TC_BODY(setresuid_success,tc)682 ATF_TC_BODY(setresuid_success, tc)
683 {
684 pid = getpid();
685 snprintf(pcregex, sizeof(pcregex), "setresuid.*%d.*return,success", pid);
686
687 FILE *pipefd = setup(fds, auclass);
688 /* setresuid(-1, -1, -1) does not change real, effective & saved UIDs */
689 ATF_REQUIRE_EQ(0, setresuid(-1, -1, -1));
690 check_audit(fds, pcregex, pipefd);
691 }
692
ATF_TC_CLEANUP(setresuid_success,tc)693 ATF_TC_CLEANUP(setresuid_success, tc)
694 {
695 cleanup();
696 }
697
698 /*
699 * setresuid(2) fails only when the current user is not root. So no test case
700 * for failure mode since the required_user="root"
701 */
702
703
704 ATF_TC_WITH_CLEANUP(setresgid_success);
ATF_TC_HEAD(setresgid_success,tc)705 ATF_TC_HEAD(setresgid_success, tc)
706 {
707 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
708 "setresgid(2) call");
709 }
710
ATF_TC_BODY(setresgid_success,tc)711 ATF_TC_BODY(setresgid_success, tc)
712 {
713 pid = getpid();
714 snprintf(pcregex, sizeof(pcregex), "setresgid.*%d.*ret.*success", pid);
715
716 FILE *pipefd = setup(fds, auclass);
717 /* setresgid(-1, -1, -1) does not change real, effective & saved GIDs */
718 ATF_REQUIRE_EQ(0, setresgid(-1, -1, -1));
719 check_audit(fds, pcregex, pipefd);
720 }
721
ATF_TC_CLEANUP(setresgid_success,tc)722 ATF_TC_CLEANUP(setresgid_success, tc)
723 {
724 cleanup();
725 }
726
727 /*
728 * setresgid(2) fails only when the current user is not root. So no test case
729 * for failure mode since the required_user="root"
730 */
731
732
733 ATF_TC_WITH_CLEANUP(getresuid_success);
ATF_TC_HEAD(getresuid_success,tc)734 ATF_TC_HEAD(getresuid_success, tc)
735 {
736 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
737 "getresuid(2) call");
738 }
739
ATF_TC_BODY(getresuid_success,tc)740 ATF_TC_BODY(getresuid_success, tc)
741 {
742 pid = getpid();
743 snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*success", pid);
744
745 FILE *pipefd = setup(fds, auclass);
746 ATF_REQUIRE_EQ(0, getresuid(NULL, NULL, NULL));
747 check_audit(fds, pcregex, pipefd);
748 }
749
ATF_TC_CLEANUP(getresuid_success,tc)750 ATF_TC_CLEANUP(getresuid_success, tc)
751 {
752 cleanup();
753 }
754
755
756 ATF_TC_WITH_CLEANUP(getresuid_failure);
ATF_TC_HEAD(getresuid_failure,tc)757 ATF_TC_HEAD(getresuid_failure, tc)
758 {
759 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
760 "getresuid(2) call");
761 }
762
ATF_TC_BODY(getresuid_failure,tc)763 ATF_TC_BODY(getresuid_failure, tc)
764 {
765 pid = getpid();
766 snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*failure", pid);
767
768 FILE *pipefd = setup(fds, auclass);
769 /* Failure reason: Invalid address "-1" */
770 ATF_REQUIRE_EQ(-1, getresuid((uid_t *)-1, NULL, NULL));
771 check_audit(fds, pcregex, pipefd);
772 }
773
ATF_TC_CLEANUP(getresuid_failure,tc)774 ATF_TC_CLEANUP(getresuid_failure, tc)
775 {
776 cleanup();
777 }
778
779
780 ATF_TC_WITH_CLEANUP(getresgid_success);
ATF_TC_HEAD(getresgid_success,tc)781 ATF_TC_HEAD(getresgid_success, tc)
782 {
783 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
784 "getresgid(2) call");
785 }
786
ATF_TC_BODY(getresgid_success,tc)787 ATF_TC_BODY(getresgid_success, tc)
788 {
789 pid = getpid();
790 snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*success", pid);
791
792 FILE *pipefd = setup(fds, auclass);
793 ATF_REQUIRE_EQ(0, getresgid(NULL, NULL, NULL));
794 check_audit(fds, pcregex, pipefd);
795 }
796
ATF_TC_CLEANUP(getresgid_success,tc)797 ATF_TC_CLEANUP(getresgid_success, tc)
798 {
799 cleanup();
800 }
801
802
803 ATF_TC_WITH_CLEANUP(getresgid_failure);
ATF_TC_HEAD(getresgid_failure,tc)804 ATF_TC_HEAD(getresgid_failure, tc)
805 {
806 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
807 "getresgid(2) call");
808 }
809
ATF_TC_BODY(getresgid_failure,tc)810 ATF_TC_BODY(getresgid_failure, tc)
811 {
812 pid = getpid();
813 snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*failure", pid);
814
815 FILE *pipefd = setup(fds, auclass);
816 /* Failure reason: Invalid address "-1" */
817 ATF_REQUIRE_EQ(-1, getresgid((gid_t *)-1, NULL, NULL));
818 check_audit(fds, pcregex, pipefd);
819 }
820
ATF_TC_CLEANUP(getresgid_failure,tc)821 ATF_TC_CLEANUP(getresgid_failure, tc)
822 {
823 cleanup();
824 }
825
826
827 ATF_TC_WITH_CLEANUP(setpriority_success);
ATF_TC_HEAD(setpriority_success,tc)828 ATF_TC_HEAD(setpriority_success, tc)
829 {
830 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
831 "setpriority(2) call");
832 }
833
ATF_TC_BODY(setpriority_success,tc)834 ATF_TC_BODY(setpriority_success, tc)
835 {
836 pid = getpid();
837 snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*success", pid);
838
839 FILE *pipefd = setup(fds, auclass);
840 ATF_REQUIRE_EQ(0, setpriority(PRIO_PROCESS, 0, 0));
841 check_audit(fds, pcregex, pipefd);
842 }
843
ATF_TC_CLEANUP(setpriority_success,tc)844 ATF_TC_CLEANUP(setpriority_success, tc)
845 {
846 cleanup();
847 }
848
849
850 ATF_TC_WITH_CLEANUP(setpriority_failure);
ATF_TC_HEAD(setpriority_failure,tc)851 ATF_TC_HEAD(setpriority_failure, tc)
852 {
853 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
854 "setpriority(2) call");
855 }
856
ATF_TC_BODY(setpriority_failure,tc)857 ATF_TC_BODY(setpriority_failure, tc)
858 {
859 pid = getpid();
860 snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*failure", pid);
861
862 FILE *pipefd = setup(fds, auclass);
863 ATF_REQUIRE_EQ(-1, setpriority(-1, -1, -1));
864 check_audit(fds, pcregex, pipefd);
865 }
866
ATF_TC_CLEANUP(setpriority_failure,tc)867 ATF_TC_CLEANUP(setpriority_failure, tc)
868 {
869 cleanup();
870 }
871
872
873 ATF_TC_WITH_CLEANUP(setgroups_success);
ATF_TC_HEAD(setgroups_success,tc)874 ATF_TC_HEAD(setgroups_success, tc)
875 {
876 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
877 "setgroups(2) call");
878 }
879
ATF_TC_BODY(setgroups_success,tc)880 ATF_TC_BODY(setgroups_success, tc)
881 {
882 gid_t gids[5];
883 pid = getpid();
884 snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*success", pid);
885 /* Retrieve the current group access list to be used with setgroups */
886 ATF_REQUIRE(getgroups(sizeof(gids)/sizeof(gids[0]), gids) != -1);
887
888 FILE *pipefd = setup(fds, auclass);
889 ATF_REQUIRE_EQ(0, setgroups(sizeof(gids)/sizeof(gids[0]), gids));
890 check_audit(fds, pcregex, pipefd);
891 }
892
ATF_TC_CLEANUP(setgroups_success,tc)893 ATF_TC_CLEANUP(setgroups_success, tc)
894 {
895 cleanup();
896 }
897
898
899 ATF_TC_WITH_CLEANUP(setgroups_failure);
ATF_TC_HEAD(setgroups_failure,tc)900 ATF_TC_HEAD(setgroups_failure, tc)
901 {
902 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
903 "setgroups(2) call");
904 }
905
ATF_TC_BODY(setgroups_failure,tc)906 ATF_TC_BODY(setgroups_failure, tc)
907 {
908 pid = getpid();
909 snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*failure", pid);
910
911 FILE *pipefd = setup(fds, auclass);
912 ATF_REQUIRE_EQ(-1, setgroups(-1, NULL));
913 check_audit(fds, pcregex, pipefd);
914 }
915
ATF_TC_CLEANUP(setgroups_failure,tc)916 ATF_TC_CLEANUP(setgroups_failure, tc)
917 {
918 cleanup();
919 }
920
921
922 ATF_TC_WITH_CLEANUP(setpgrp_success);
ATF_TC_HEAD(setpgrp_success,tc)923 ATF_TC_HEAD(setpgrp_success, tc)
924 {
925 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
926 "setpgrp(2) call");
927 }
928
ATF_TC_BODY(setpgrp_success,tc)929 ATF_TC_BODY(setpgrp_success, tc)
930 {
931 /* Main procedure is carried out from within the child process */
932 ATF_REQUIRE((pid = fork()) != -1);
933 if (pid) {
934 ATF_REQUIRE(wait(&status) != -1);
935 } else {
936 pid = getpid();
937 snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*success", pid);
938
939 FILE *pipefd = setup(fds, auclass);
940 ATF_REQUIRE_EQ(0, setpgrp(0, 0));
941 check_audit(fds, pcregex, pipefd);
942 }
943 }
944
ATF_TC_CLEANUP(setpgrp_success,tc)945 ATF_TC_CLEANUP(setpgrp_success, tc)
946 {
947 cleanup();
948 }
949
950
951 ATF_TC_WITH_CLEANUP(setpgrp_failure);
ATF_TC_HEAD(setpgrp_failure,tc)952 ATF_TC_HEAD(setpgrp_failure, tc)
953 {
954 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
955 "setpgrp(2) call");
956 }
957
ATF_TC_BODY(setpgrp_failure,tc)958 ATF_TC_BODY(setpgrp_failure, tc)
959 {
960 pid = getpid();
961 snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*return,failure", pid);
962
963 FILE *pipefd = setup(fds, auclass);
964 ATF_REQUIRE_EQ(-1, setpgrp(-1, -1));
965 check_audit(fds, pcregex, pipefd);
966 }
967
ATF_TC_CLEANUP(setpgrp_failure,tc)968 ATF_TC_CLEANUP(setpgrp_failure, tc)
969 {
970 cleanup();
971 }
972
973
974 ATF_TC_WITH_CLEANUP(setsid_success);
ATF_TC_HEAD(setsid_success,tc)975 ATF_TC_HEAD(setsid_success, tc)
976 {
977 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
978 "setsid(2) call");
979 }
980
ATF_TC_BODY(setsid_success,tc)981 ATF_TC_BODY(setsid_success, tc)
982 {
983 /* Main procedure is carried out from within the child process */
984 ATF_REQUIRE((pid = fork()) != -1);
985 if (pid) {
986 ATF_REQUIRE(wait(&status) != -1);
987 } else {
988 pid = getpid();
989 snprintf(pcregex, sizeof(pcregex), "setsid.*%d.*success", pid);
990
991 FILE *pipefd = setup(fds, auclass);
992 ATF_REQUIRE(setsid() != -1);
993 check_audit(fds, pcregex, pipefd);
994 }
995 }
996
ATF_TC_CLEANUP(setsid_success,tc)997 ATF_TC_CLEANUP(setsid_success, tc)
998 {
999 cleanup();
1000 }
1001
1002
1003 ATF_TC_WITH_CLEANUP(setsid_failure);
ATF_TC_HEAD(setsid_failure,tc)1004 ATF_TC_HEAD(setsid_failure, tc)
1005 {
1006 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1007 "setsid(2) call");
1008 }
1009
ATF_TC_BODY(setsid_failure,tc)1010 ATF_TC_BODY(setsid_failure, tc)
1011 {
1012 pid = getpid();
1013 snprintf(pcregex, sizeof(pcregex), "setsid.*%d.*return,failure", pid);
1014
1015 /*
1016 * Here, we are intentionally ignoring the output of the setsid()
1017 * call because it may or may not be a process leader already. But it
1018 * ensures that the next invocation of setsid() will definitely fail.
1019 */
1020 setsid();
1021 FILE *pipefd = setup(fds, auclass);
1022 /*
1023 * Failure reason: [EPERM] Creating a new session is not permitted
1024 * as the PID of calling process matches the PGID of a process group
1025 * created by premature setsid() call.
1026 */
1027 ATF_REQUIRE_EQ(-1, setsid());
1028 check_audit(fds, pcregex, pipefd);
1029 }
1030
ATF_TC_CLEANUP(setsid_failure,tc)1031 ATF_TC_CLEANUP(setsid_failure, tc)
1032 {
1033 cleanup();
1034 }
1035
1036
1037 ATF_TC_WITH_CLEANUP(setrlimit_success);
ATF_TC_HEAD(setrlimit_success,tc)1038 ATF_TC_HEAD(setrlimit_success, tc)
1039 {
1040 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1041 "setrlimit(2) call");
1042 }
1043
ATF_TC_BODY(setrlimit_success,tc)1044 ATF_TC_BODY(setrlimit_success, tc)
1045 {
1046 struct rlimit rlp;
1047 pid = getpid();
1048 snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*success", pid);
1049 /* Retrieve the system resource consumption limit to be used later on */
1050 ATF_REQUIRE_EQ(0, getrlimit(RLIMIT_FSIZE, &rlp));
1051
1052 FILE *pipefd = setup(fds, auclass);
1053 ATF_REQUIRE_EQ(0, setrlimit(RLIMIT_FSIZE, &rlp));
1054 check_audit(fds, pcregex, pipefd);
1055 }
1056
ATF_TC_CLEANUP(setrlimit_success,tc)1057 ATF_TC_CLEANUP(setrlimit_success, tc)
1058 {
1059 cleanup();
1060 }
1061
1062
1063 ATF_TC_WITH_CLEANUP(setrlimit_failure);
ATF_TC_HEAD(setrlimit_failure,tc)1064 ATF_TC_HEAD(setrlimit_failure, tc)
1065 {
1066 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1067 "setrlimit(2) call");
1068 }
1069
ATF_TC_BODY(setrlimit_failure,tc)1070 ATF_TC_BODY(setrlimit_failure, tc)
1071 {
1072 pid = getpid();
1073 snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*failure", pid);
1074
1075 FILE *pipefd = setup(fds, auclass);
1076 ATF_REQUIRE_EQ(-1, setrlimit(RLIMIT_FSIZE, NULL));
1077 check_audit(fds, pcregex, pipefd);
1078 }
1079
ATF_TC_CLEANUP(setrlimit_failure,tc)1080 ATF_TC_CLEANUP(setrlimit_failure, tc)
1081 {
1082 cleanup();
1083 }
1084
1085
1086 ATF_TC_WITH_CLEANUP(mlock_success);
ATF_TC_HEAD(mlock_success,tc)1087 ATF_TC_HEAD(mlock_success, tc)
1088 {
1089 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1090 "mlock(2) call");
1091 }
1092
ATF_TC_BODY(mlock_success,tc)1093 ATF_TC_BODY(mlock_success, tc)
1094 {
1095 pid = getpid();
1096 snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,success", pid);
1097
1098 FILE *pipefd = setup(fds, auclass);
1099 ATF_REQUIRE_EQ(0, mlock(NULL, 0));
1100 check_audit(fds, pcregex, pipefd);
1101 }
1102
ATF_TC_CLEANUP(mlock_success,tc)1103 ATF_TC_CLEANUP(mlock_success, tc)
1104 {
1105 cleanup();
1106 }
1107
1108
1109 ATF_TC_WITH_CLEANUP(mlock_failure);
ATF_TC_HEAD(mlock_failure,tc)1110 ATF_TC_HEAD(mlock_failure, tc)
1111 {
1112 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1113 "mlock(2) call");
1114 }
1115
ATF_TC_BODY(mlock_failure,tc)1116 ATF_TC_BODY(mlock_failure, tc)
1117 {
1118 pid = getpid();
1119 snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,failure", pid);
1120
1121 FILE *pipefd = setup(fds, auclass);
1122 ATF_REQUIRE_EQ(-1, mlock((void *)(-1), -1));
1123 check_audit(fds, pcregex, pipefd);
1124 }
1125
ATF_TC_CLEANUP(mlock_failure,tc)1126 ATF_TC_CLEANUP(mlock_failure, tc)
1127 {
1128 cleanup();
1129 }
1130
1131
1132 ATF_TC_WITH_CLEANUP(munlock_success);
ATF_TC_HEAD(munlock_success,tc)1133 ATF_TC_HEAD(munlock_success, tc)
1134 {
1135 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1136 "munlock(2) call");
1137 }
1138
ATF_TC_BODY(munlock_success,tc)1139 ATF_TC_BODY(munlock_success, tc)
1140 {
1141 pid = getpid();
1142 snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,success", pid);
1143
1144 FILE *pipefd = setup(fds, auclass);
1145 ATF_REQUIRE_EQ(0, munlock(NULL, 0));
1146 check_audit(fds, pcregex, pipefd);
1147 }
1148
ATF_TC_CLEANUP(munlock_success,tc)1149 ATF_TC_CLEANUP(munlock_success, tc)
1150 {
1151 cleanup();
1152 }
1153
1154
1155 ATF_TC_WITH_CLEANUP(munlock_failure);
ATF_TC_HEAD(munlock_failure,tc)1156 ATF_TC_HEAD(munlock_failure, tc)
1157 {
1158 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1159 "munlock(2) call");
1160 }
1161
ATF_TC_BODY(munlock_failure,tc)1162 ATF_TC_BODY(munlock_failure, tc)
1163 {
1164 pid = getpid();
1165 snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,failure", pid);
1166
1167 FILE *pipefd = setup(fds, auclass);
1168 ATF_REQUIRE_EQ(-1, munlock((void *)(-1), -1));
1169 check_audit(fds, pcregex, pipefd);
1170 }
1171
ATF_TC_CLEANUP(munlock_failure,tc)1172 ATF_TC_CLEANUP(munlock_failure, tc)
1173 {
1174 cleanup();
1175 }
1176
1177
1178 ATF_TC_WITH_CLEANUP(minherit_success);
ATF_TC_HEAD(minherit_success,tc)1179 ATF_TC_HEAD(minherit_success, tc)
1180 {
1181 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1182 "minherit(2) call");
1183 }
1184
ATF_TC_BODY(minherit_success,tc)1185 ATF_TC_BODY(minherit_success, tc)
1186 {
1187 pid = getpid();
1188 snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,success", pid);
1189
1190 FILE *pipefd = setup(fds, auclass);
1191 ATF_REQUIRE_EQ(0, minherit(NULL, 0, INHERIT_ZERO));
1192 check_audit(fds, pcregex, pipefd);
1193 }
1194
ATF_TC_CLEANUP(minherit_success,tc)1195 ATF_TC_CLEANUP(minherit_success, tc)
1196 {
1197 cleanup();
1198 }
1199
1200
1201 ATF_TC_WITH_CLEANUP(minherit_failure);
ATF_TC_HEAD(minherit_failure,tc)1202 ATF_TC_HEAD(minherit_failure, tc)
1203 {
1204 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1205 "minherit(2) call");
1206 }
1207
ATF_TC_BODY(minherit_failure,tc)1208 ATF_TC_BODY(minherit_failure, tc)
1209 {
1210 pid = getpid();
1211 snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,failure", pid);
1212
1213 FILE *pipefd = setup(fds, auclass);
1214 ATF_REQUIRE_EQ(-1, minherit((void *)(-1), -1, 0));
1215 check_audit(fds, pcregex, pipefd);
1216 }
1217
ATF_TC_CLEANUP(minherit_failure,tc)1218 ATF_TC_CLEANUP(minherit_failure, tc)
1219 {
1220 cleanup();
1221 }
1222
1223
1224 ATF_TC_WITH_CLEANUP(setlogin_success);
ATF_TC_HEAD(setlogin_success,tc)1225 ATF_TC_HEAD(setlogin_success, tc)
1226 {
1227 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1228 "setlogin(2) call");
1229 }
1230
ATF_TC_BODY(setlogin_success,tc)1231 ATF_TC_BODY(setlogin_success, tc)
1232 {
1233 char *name;
1234 pid = getpid();
1235 snprintf(pcregex, sizeof(pcregex), "setlogin.*%d.*return,success", pid);
1236
1237 /* Retrieve the current user's login name to be used with setlogin(2) */
1238 ATF_REQUIRE((name = getlogin()) != NULL);
1239 FILE *pipefd = setup(fds, auclass);
1240 ATF_REQUIRE_EQ(0, setlogin(name));
1241 check_audit(fds, pcregex, pipefd);
1242 }
1243
ATF_TC_CLEANUP(setlogin_success,tc)1244 ATF_TC_CLEANUP(setlogin_success, tc)
1245 {
1246 cleanup();
1247 }
1248
1249
1250 ATF_TC_WITH_CLEANUP(setlogin_failure);
ATF_TC_HEAD(setlogin_failure,tc)1251 ATF_TC_HEAD(setlogin_failure, tc)
1252 {
1253 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1254 "setlogin(2) call");
1255 }
1256
ATF_TC_BODY(setlogin_failure,tc)1257 ATF_TC_BODY(setlogin_failure, tc)
1258 {
1259 pid = getpid();
1260 snprintf(pcregex, sizeof(pcregex), "setlogin.*%d.*return,failure", pid);
1261
1262 FILE *pipefd = setup(fds, auclass);
1263 ATF_REQUIRE_EQ(-1, setlogin(NULL));
1264 check_audit(fds, pcregex, pipefd);
1265 }
1266
ATF_TC_CLEANUP(setlogin_failure,tc)1267 ATF_TC_CLEANUP(setlogin_failure, tc)
1268 {
1269 cleanup();
1270 }
1271
1272
1273 ATF_TC_WITH_CLEANUP(rtprio_success);
ATF_TC_HEAD(rtprio_success,tc)1274 ATF_TC_HEAD(rtprio_success, tc)
1275 {
1276 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1277 "rtprio(2) call");
1278 }
1279
ATF_TC_BODY(rtprio_success,tc)1280 ATF_TC_BODY(rtprio_success, tc)
1281 {
1282 struct rtprio rtp;
1283 pid = getpid();
1284 snprintf(pcregex, sizeof(pcregex), "rtprio.*%d.*return,success", pid);
1285
1286 FILE *pipefd = setup(fds, auclass);
1287 ATF_REQUIRE_EQ(0, rtprio(RTP_LOOKUP, 0, &rtp));
1288 check_audit(fds, pcregex, pipefd);
1289 }
1290
ATF_TC_CLEANUP(rtprio_success,tc)1291 ATF_TC_CLEANUP(rtprio_success, tc)
1292 {
1293 cleanup();
1294 }
1295
1296
1297 ATF_TC_WITH_CLEANUP(rtprio_failure);
ATF_TC_HEAD(rtprio_failure,tc)1298 ATF_TC_HEAD(rtprio_failure, tc)
1299 {
1300 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1301 "rtprio(2) call");
1302 }
1303
ATF_TC_BODY(rtprio_failure,tc)1304 ATF_TC_BODY(rtprio_failure, tc)
1305 {
1306 pid = getpid();
1307 snprintf(pcregex, sizeof(pcregex), "rtprio.*%d.*return,failure", pid);
1308
1309 FILE *pipefd = setup(fds, auclass);
1310 ATF_REQUIRE_EQ(-1, rtprio(-1, -1, NULL));
1311 check_audit(fds, pcregex, pipefd);
1312 }
1313
ATF_TC_CLEANUP(rtprio_failure,tc)1314 ATF_TC_CLEANUP(rtprio_failure, tc)
1315 {
1316 cleanup();
1317 }
1318
1319
1320 ATF_TC_WITH_CLEANUP(profil_success);
ATF_TC_HEAD(profil_success,tc)1321 ATF_TC_HEAD(profil_success, tc)
1322 {
1323 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1324 "profil(2) call");
1325 }
1326
ATF_TC_BODY(profil_success,tc)1327 ATF_TC_BODY(profil_success, tc)
1328 {
1329 pid = getpid();
1330 snprintf(pcregex, sizeof(pcregex), "profil.*%d.*return,success", pid);
1331
1332 char samples[20];
1333 FILE *pipefd = setup(fds, auclass);
1334 /* Set scale argument as 0 to disable profiling of current process */
1335 ATF_REQUIRE_EQ(0, profil(samples, sizeof(samples), 0, 0));
1336 check_audit(fds, pcregex, pipefd);
1337 }
1338
ATF_TC_CLEANUP(profil_success,tc)1339 ATF_TC_CLEANUP(profil_success, tc)
1340 {
1341 cleanup();
1342 }
1343
1344
1345 ATF_TC_WITH_CLEANUP(profil_failure);
ATF_TC_HEAD(profil_failure,tc)1346 ATF_TC_HEAD(profil_failure, tc)
1347 {
1348 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1349 "profil(2) call");
1350 }
1351
ATF_TC_BODY(profil_failure,tc)1352 ATF_TC_BODY(profil_failure, tc)
1353 {
1354 pid = getpid();
1355 snprintf(pcregex, sizeof(pcregex), "profil.*%d.*return,failure", pid);
1356
1357 FILE *pipefd = setup(fds, auclass);
1358 ATF_REQUIRE_EQ(-1, profil((char *)(SIZE_MAX), -1, -1, -1));
1359 check_audit(fds, pcregex, pipefd);
1360 }
1361
ATF_TC_CLEANUP(profil_failure,tc)1362 ATF_TC_CLEANUP(profil_failure, tc)
1363 {
1364 cleanup();
1365 }
1366
1367
1368 ATF_TC_WITH_CLEANUP(ptrace_success);
ATF_TC_HEAD(ptrace_success,tc)1369 ATF_TC_HEAD(ptrace_success, tc)
1370 {
1371 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1372 "ptrace(2) call");
1373 }
1374
ATF_TC_BODY(ptrace_success,tc)1375 ATF_TC_BODY(ptrace_success, tc)
1376 {
1377 pid = getpid();
1378 snprintf(pcregex, sizeof(pcregex), "ptrace.*%d.*return,success", pid);
1379
1380 FILE *pipefd = setup(fds, auclass);
1381 ATF_REQUIRE_EQ(0, ptrace(PT_TRACE_ME, 0, NULL, 0));
1382 check_audit(fds, pcregex, pipefd);
1383 }
1384
ATF_TC_CLEANUP(ptrace_success,tc)1385 ATF_TC_CLEANUP(ptrace_success, tc)
1386 {
1387 cleanup();
1388 }
1389
1390
1391 ATF_TC_WITH_CLEANUP(ptrace_failure);
ATF_TC_HEAD(ptrace_failure,tc)1392 ATF_TC_HEAD(ptrace_failure, tc)
1393 {
1394 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1395 "ptrace(2) call");
1396 }
1397
ATF_TC_BODY(ptrace_failure,tc)1398 ATF_TC_BODY(ptrace_failure, tc)
1399 {
1400 pid = getpid();
1401 snprintf(pcregex, sizeof(pcregex), "ptrace.*%d.*return,failure", pid);
1402
1403 FILE *pipefd = setup(fds, auclass);
1404 ATF_REQUIRE_EQ(-1, ptrace(-1, 0, NULL, 0));
1405 check_audit(fds, pcregex, pipefd);
1406 }
1407
ATF_TC_CLEANUP(ptrace_failure,tc)1408 ATF_TC_CLEANUP(ptrace_failure, tc)
1409 {
1410 cleanup();
1411 }
1412
1413
1414 ATF_TC_WITH_CLEANUP(ktrace_success);
ATF_TC_HEAD(ktrace_success,tc)1415 ATF_TC_HEAD(ktrace_success, tc)
1416 {
1417 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1418 "ktrace(2) call");
1419 }
1420
ATF_TC_BODY(ktrace_success,tc)1421 ATF_TC_BODY(ktrace_success, tc)
1422 {
1423 pid = getpid();
1424 snprintf(pcregex, sizeof(pcregex), "ktrace.*%d.*return,success", pid);
1425
1426 FILE *pipefd = setup(fds, auclass);
1427 ATF_REQUIRE_EQ(0, ktrace(NULL, KTROP_CLEAR, KTRFAC_SYSCALL, pid));
1428 check_audit(fds, pcregex, pipefd);
1429 }
1430
ATF_TC_CLEANUP(ktrace_success,tc)1431 ATF_TC_CLEANUP(ktrace_success, tc)
1432 {
1433 cleanup();
1434 }
1435
1436
1437 ATF_TC_WITH_CLEANUP(ktrace_failure);
ATF_TC_HEAD(ktrace_failure,tc)1438 ATF_TC_HEAD(ktrace_failure, tc)
1439 {
1440 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1441 "ktrace(2) call");
1442 }
1443
ATF_TC_BODY(ktrace_failure,tc)1444 ATF_TC_BODY(ktrace_failure, tc)
1445 {
1446 pid = getpid();
1447 snprintf(pcregex, sizeof(pcregex), "ktrace.*%d.*return,failure", pid);
1448
1449 FILE *pipefd = setup(fds, auclass);
1450 ATF_REQUIRE_EQ(-1, ktrace(NULL, -1, -1, 0));
1451 check_audit(fds, pcregex, pipefd);
1452 }
1453
ATF_TC_CLEANUP(ktrace_failure,tc)1454 ATF_TC_CLEANUP(ktrace_failure, tc)
1455 {
1456 cleanup();
1457 }
1458
1459
1460 ATF_TC_WITH_CLEANUP(procctl_success);
ATF_TC_HEAD(procctl_success,tc)1461 ATF_TC_HEAD(procctl_success, tc)
1462 {
1463 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1464 "procctl(2) call");
1465 }
1466
ATF_TC_BODY(procctl_success,tc)1467 ATF_TC_BODY(procctl_success, tc)
1468 {
1469 pid = getpid();
1470 snprintf(pcregex, sizeof(pcregex), "procctl.*%d.*return,success", pid);
1471
1472 struct procctl_reaper_status reapstat;
1473 FILE *pipefd = setup(fds, auclass);
1474 /* Retrieve information about the reaper of current process (pid) */
1475 ATF_REQUIRE_EQ(0, procctl(P_PID, pid, PROC_REAP_STATUS, &reapstat));
1476 check_audit(fds, pcregex, pipefd);
1477 }
1478
ATF_TC_CLEANUP(procctl_success,tc)1479 ATF_TC_CLEANUP(procctl_success, tc)
1480 {
1481 cleanup();
1482 }
1483
1484
1485 ATF_TC_WITH_CLEANUP(procctl_failure);
ATF_TC_HEAD(procctl_failure,tc)1486 ATF_TC_HEAD(procctl_failure, tc)
1487 {
1488 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1489 "procctl(2) call");
1490 }
1491
ATF_TC_BODY(procctl_failure,tc)1492 ATF_TC_BODY(procctl_failure, tc)
1493 {
1494 pid = getpid();
1495 snprintf(pcregex, sizeof(pcregex), "procctl.*%d.*return,failure", pid);
1496
1497 FILE *pipefd = setup(fds, auclass);
1498 ATF_REQUIRE_EQ(-1, procctl(-1, -1, -1, NULL));
1499 check_audit(fds, pcregex, pipefd);
1500 }
1501
ATF_TC_CLEANUP(procctl_failure,tc)1502 ATF_TC_CLEANUP(procctl_failure, tc)
1503 {
1504 cleanup();
1505 }
1506
1507
1508 ATF_TC_WITH_CLEANUP(cap_enter_success);
ATF_TC_HEAD(cap_enter_success,tc)1509 ATF_TC_HEAD(cap_enter_success, tc)
1510 {
1511 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1512 "cap_enter(2) call");
1513 }
1514
ATF_TC_BODY(cap_enter_success,tc)1515 ATF_TC_BODY(cap_enter_success, tc)
1516 {
1517 ATF_REQUIRE_FEATURE("security_capability_mode");
1518
1519 FILE *pipefd = setup(fds, auclass);
1520 ATF_REQUIRE((pid = fork()) != -1);
1521 if (pid) {
1522 snprintf(pcregex, sizeof(pcregex),
1523 "cap_enter.*%d.*return,success", pid);
1524 ATF_REQUIRE(wait(&status) != -1);
1525 check_audit(fds, pcregex, pipefd);
1526 }
1527 else {
1528 ATF_REQUIRE_EQ(0, cap_enter());
1529 _exit(0);
1530 }
1531 }
1532
ATF_TC_CLEANUP(cap_enter_success,tc)1533 ATF_TC_CLEANUP(cap_enter_success, tc)
1534 {
1535 cleanup();
1536 }
1537
1538
1539 ATF_TC_WITH_CLEANUP(cap_getmode_success);
ATF_TC_HEAD(cap_getmode_success,tc)1540 ATF_TC_HEAD(cap_getmode_success, tc)
1541 {
1542 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1543 "cap_getmode(2) call");
1544 }
1545
ATF_TC_BODY(cap_getmode_success,tc)1546 ATF_TC_BODY(cap_getmode_success, tc)
1547 {
1548 int modep;
1549
1550 ATF_REQUIRE_FEATURE("security_capability_mode");
1551
1552 pid = getpid();
1553 snprintf(pcregex, sizeof(pcregex), "cap_getmode.*%d.*success", pid);
1554
1555 FILE *pipefd = setup(fds, auclass);
1556 ATF_REQUIRE_EQ(0, cap_getmode(&modep));
1557 check_audit(fds, pcregex, pipefd);
1558 }
1559
ATF_TC_CLEANUP(cap_getmode_success,tc)1560 ATF_TC_CLEANUP(cap_getmode_success, tc)
1561 {
1562 cleanup();
1563 }
1564
1565
1566 ATF_TC_WITH_CLEANUP(cap_getmode_failure);
ATF_TC_HEAD(cap_getmode_failure,tc)1567 ATF_TC_HEAD(cap_getmode_failure, tc)
1568 {
1569 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1570 "cap_getmode(2) call");
1571 }
1572
ATF_TC_BODY(cap_getmode_failure,tc)1573 ATF_TC_BODY(cap_getmode_failure, tc)
1574 {
1575 pid = getpid();
1576 snprintf(pcregex, sizeof(pcregex), "cap_getmode.*%d.*failure", pid);
1577
1578 FILE *pipefd = setup(fds, auclass);
1579 /* cap_getmode(2) can either fail with EFAULT or ENOSYS */
1580 ATF_REQUIRE_EQ(-1, cap_getmode(NULL));
1581 check_audit(fds, pcregex, pipefd);
1582 }
1583
ATF_TC_CLEANUP(cap_getmode_failure,tc)1584 ATF_TC_CLEANUP(cap_getmode_failure, tc)
1585 {
1586 cleanup();
1587 }
1588
1589
ATF_TP_ADD_TCS(tp)1590 ATF_TP_ADD_TCS(tp)
1591 {
1592 ATF_TP_ADD_TC(tp, fork_success);
1593 ATF_TP_ADD_TC(tp, _exit_success);
1594 ATF_TP_ADD_TC(tp, rfork_success);
1595 ATF_TP_ADD_TC(tp, rfork_failure);
1596
1597 ATF_TP_ADD_TC(tp, wait4_success);
1598 ATF_TP_ADD_TC(tp, wait4_failure);
1599 ATF_TP_ADD_TC(tp, wait6_success);
1600 ATF_TP_ADD_TC(tp, wait6_failure);
1601 ATF_TP_ADD_TC(tp, kill_success);
1602 ATF_TP_ADD_TC(tp, kill_failure);
1603
1604 ATF_TP_ADD_TC(tp, chdir_success);
1605 ATF_TP_ADD_TC(tp, chdir_failure);
1606 ATF_TP_ADD_TC(tp, fchdir_success);
1607 ATF_TP_ADD_TC(tp, fchdir_failure);
1608 ATF_TP_ADD_TC(tp, chroot_success);
1609 ATF_TP_ADD_TC(tp, chroot_failure);
1610
1611 ATF_TP_ADD_TC(tp, umask_success);
1612 ATF_TP_ADD_TC(tp, setuid_success);
1613 ATF_TP_ADD_TC(tp, seteuid_success);
1614 ATF_TP_ADD_TC(tp, setgid_success);
1615 ATF_TP_ADD_TC(tp, setegid_success);
1616
1617 ATF_TP_ADD_TC(tp, setreuid_success);
1618 ATF_TP_ADD_TC(tp, setregid_success);
1619 ATF_TP_ADD_TC(tp, setresuid_success);
1620 ATF_TP_ADD_TC(tp, setresgid_success);
1621
1622 ATF_TP_ADD_TC(tp, getresuid_success);
1623 ATF_TP_ADD_TC(tp, getresuid_failure);
1624 ATF_TP_ADD_TC(tp, getresgid_success);
1625 ATF_TP_ADD_TC(tp, getresgid_failure);
1626
1627 ATF_TP_ADD_TC(tp, setpriority_success);
1628 ATF_TP_ADD_TC(tp, setpriority_failure);
1629 ATF_TP_ADD_TC(tp, setgroups_success);
1630 ATF_TP_ADD_TC(tp, setgroups_failure);
1631 ATF_TP_ADD_TC(tp, setpgrp_success);
1632 ATF_TP_ADD_TC(tp, setpgrp_failure);
1633 ATF_TP_ADD_TC(tp, setsid_success);
1634 ATF_TP_ADD_TC(tp, setsid_failure);
1635 ATF_TP_ADD_TC(tp, setrlimit_success);
1636 ATF_TP_ADD_TC(tp, setrlimit_failure);
1637
1638 ATF_TP_ADD_TC(tp, mlock_success);
1639 ATF_TP_ADD_TC(tp, mlock_failure);
1640 ATF_TP_ADD_TC(tp, munlock_success);
1641 ATF_TP_ADD_TC(tp, munlock_failure);
1642 ATF_TP_ADD_TC(tp, minherit_success);
1643 ATF_TP_ADD_TC(tp, minherit_failure);
1644
1645 ATF_TP_ADD_TC(tp, setlogin_success);
1646 ATF_TP_ADD_TC(tp, setlogin_failure);
1647 ATF_TP_ADD_TC(tp, rtprio_success);
1648 ATF_TP_ADD_TC(tp, rtprio_failure);
1649
1650 ATF_TP_ADD_TC(tp, profil_success);
1651 ATF_TP_ADD_TC(tp, profil_failure);
1652 ATF_TP_ADD_TC(tp, ptrace_success);
1653 ATF_TP_ADD_TC(tp, ptrace_failure);
1654 ATF_TP_ADD_TC(tp, ktrace_success);
1655 ATF_TP_ADD_TC(tp, ktrace_failure);
1656 ATF_TP_ADD_TC(tp, procctl_success);
1657 ATF_TP_ADD_TC(tp, procctl_failure);
1658
1659 ATF_TP_ADD_TC(tp, cap_enter_success);
1660 ATF_TP_ADD_TC(tp, cap_getmode_success);
1661 ATF_TP_ADD_TC(tp, cap_getmode_failure);
1662
1663 return (atf_no_error());
1664 }
1665