2 * Copyright (c) 2018 Aniket Pandey
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 #include <sys/param.h>
29 #include <sys/capsicum.h>
31 #include <sys/ktrace.h>
33 #include <sys/procctl.h>
34 #include <sys/ptrace.h>
35 #include <sys/resource.h>
36 #include <sys/rtprio.h>
38 #include <sys/sysctl.h>
51 #include "freebsd_test_suite/macros.h"
54 static int filedesc, status;
55 static struct pollfd fds[1];
56 static char pcregex[80];
57 static const char *auclass = "pc";
60 ATF_TC_WITH_CLEANUP(fork_success);
61 ATF_TC_HEAD(fork_success, tc)
63 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
67 ATF_TC_BODY(fork_success, tc)
70 snprintf(pcregex, sizeof(pcregex), "fork.*%d.*return,success", pid);
72 FILE *pipefd = setup(fds, auclass);
73 /* Check if fork(2) succeded. If so, exit from the child process */
74 ATF_REQUIRE((pid = fork()) != -1);
76 check_audit(fds, pcregex, pipefd);
81 ATF_TC_CLEANUP(fork_success, tc)
87 * No fork(2) in failure mode since possibilities for failure are only when
88 * user is not privileged or when the number of processes exceed KERN_MAXPROC.
92 ATF_TC_WITH_CLEANUP(_exit_success);
93 ATF_TC_HEAD(_exit_success, tc)
95 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
99 ATF_TC_BODY(_exit_success, tc)
101 FILE *pipefd = setup(fds, auclass);
102 ATF_REQUIRE((pid = fork()) != -1);
104 snprintf(pcregex, sizeof(pcregex), "exit.*%d.*success", pid);
105 check_audit(fds, pcregex, pipefd);
111 ATF_TC_CLEANUP(_exit_success, tc)
117 * _exit(2) never returns, hence the auditing by default is always successful
121 ATF_TC_WITH_CLEANUP(rfork_success);
122 ATF_TC_HEAD(rfork_success, tc)
124 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
128 ATF_TC_BODY(rfork_success, tc)
131 snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,success", pid);
133 FILE *pipefd = setup(fds, auclass);
134 ATF_REQUIRE((pid = rfork(RFPROC)) != -1);
136 check_audit(fds, pcregex, pipefd);
141 ATF_TC_CLEANUP(rfork_success, tc)
147 ATF_TC_WITH_CLEANUP(rfork_failure);
148 ATF_TC_HEAD(rfork_failure, tc)
150 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
154 ATF_TC_BODY(rfork_failure, tc)
157 snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,failure", pid);
159 FILE *pipefd = setup(fds, auclass);
160 /* Failure reason: Invalid argument */
161 ATF_REQUIRE_EQ(-1, rfork(-1));
162 check_audit(fds, pcregex, pipefd);
165 ATF_TC_CLEANUP(rfork_failure, tc)
171 ATF_TC_WITH_CLEANUP(wait4_success);
172 ATF_TC_HEAD(wait4_success, tc)
174 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
178 ATF_TC_BODY(wait4_success, tc)
181 snprintf(pcregex, sizeof(pcregex), "wait4.*%d.*return,success", pid);
183 ATF_REQUIRE((pid = fork()) != -1);
185 FILE *pipefd = setup(fds, auclass);
186 /* wpid = -1 : Wait for any child process */
187 ATF_REQUIRE(wait4(-1, &status, 0, NULL) != -1);
188 check_audit(fds, pcregex, pipefd);
194 ATF_TC_CLEANUP(wait4_success, tc)
200 ATF_TC_WITH_CLEANUP(wait4_failure);
201 ATF_TC_HEAD(wait4_failure, tc)
203 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
207 ATF_TC_BODY(wait4_failure, tc)
210 snprintf(pcregex, sizeof(pcregex), "wait4.*%d.*return,failure", pid);
212 FILE *pipefd = setup(fds, auclass);
213 /* Failure reason: No child process to wait for */
214 ATF_REQUIRE_EQ(-1, wait4(-1, NULL, 0, NULL));
215 check_audit(fds, pcregex, pipefd);
218 ATF_TC_CLEANUP(wait4_failure, tc)
224 ATF_TC_WITH_CLEANUP(wait6_success);
225 ATF_TC_HEAD(wait6_success, tc)
227 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
231 ATF_TC_BODY(wait6_success, tc)
234 snprintf(pcregex, sizeof(pcregex), "wait6.*%d.*return,success", pid);
236 ATF_REQUIRE((pid = fork()) != -1);
238 FILE *pipefd = setup(fds, auclass);
239 ATF_REQUIRE(wait6(P_ALL, 0, &status, WEXITED, NULL,NULL) != -1);
240 check_audit(fds, pcregex, pipefd);
246 ATF_TC_CLEANUP(wait6_success, tc)
252 ATF_TC_WITH_CLEANUP(wait6_failure);
253 ATF_TC_HEAD(wait6_failure, tc)
255 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
259 ATF_TC_BODY(wait6_failure, tc)
262 snprintf(pcregex, sizeof(pcregex), "wait6.*%d.*return,failure", pid);
264 FILE *pipefd = setup(fds, auclass);
265 /* Failure reason: Invalid argument */
266 ATF_REQUIRE_EQ(-1, wait6(0, 0, NULL, 0, NULL, NULL));
267 check_audit(fds, pcregex, pipefd);
270 ATF_TC_CLEANUP(wait6_failure, tc)
276 ATF_TC_WITH_CLEANUP(kill_success);
277 ATF_TC_HEAD(kill_success, tc)
279 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
283 ATF_TC_BODY(kill_success, tc)
286 snprintf(pcregex, sizeof(pcregex), "kill.*%d.*return,success", pid);
288 FILE *pipefd = setup(fds, auclass);
289 /* Don't send any signal to anyone, live in peace! */
290 ATF_REQUIRE_EQ(0, kill(0, 0));
291 check_audit(fds, pcregex, pipefd);
294 ATF_TC_CLEANUP(kill_success, tc)
300 ATF_TC_WITH_CLEANUP(kill_failure);
301 ATF_TC_HEAD(kill_failure, tc)
303 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
307 ATF_TC_BODY(kill_failure, tc)
310 snprintf(pcregex, sizeof(pcregex), "kill.*%d.*return,failure", pid);
312 FILE *pipefd = setup(fds, auclass);
314 * Failure reason: Non existent process with PID '-2'
315 * Note: '-1' is not used as it means sending no signal to
316 * all non-system processes: A successful invocation
318 ATF_REQUIRE_EQ(-1, kill(0, -2));
319 check_audit(fds, pcregex, pipefd);
322 ATF_TC_CLEANUP(kill_failure, tc)
328 ATF_TC_WITH_CLEANUP(chdir_success);
329 ATF_TC_HEAD(chdir_success, tc)
331 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
335 ATF_TC_BODY(chdir_success, tc)
338 snprintf(pcregex, sizeof(pcregex), "chdir.*/.*%d.*return,success", pid);
340 FILE *pipefd = setup(fds, auclass);
341 ATF_REQUIRE_EQ(0, chdir("/"));
342 check_audit(fds, pcregex, pipefd);
345 ATF_TC_CLEANUP(chdir_success, tc)
351 ATF_TC_WITH_CLEANUP(chdir_failure);
352 ATF_TC_HEAD(chdir_failure, tc)
354 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
358 ATF_TC_BODY(chdir_failure, tc)
361 snprintf(pcregex, sizeof(pcregex), "chdir.*%d.*return,failure", pid);
363 FILE *pipefd = setup(fds, auclass);
364 /* Failure reason: Bad address */
365 ATF_REQUIRE_EQ(-1, chdir(NULL));
366 check_audit(fds, pcregex, pipefd);
369 ATF_TC_CLEANUP(chdir_failure, tc)
375 ATF_TC_WITH_CLEANUP(fchdir_success);
376 ATF_TC_HEAD(fchdir_success, tc)
378 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
382 ATF_TC_BODY(fchdir_success, tc)
384 /* Build an absolute path to the test-case directory */
386 ATF_REQUIRE(getcwd(dirpath, sizeof(dirpath)) != NULL);
387 ATF_REQUIRE((filedesc = open(dirpath, O_RDONLY)) != -1);
389 /* Audit record generated by fchdir(2) does not contain filedesc */
391 snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,success", pid);
393 FILE *pipefd = setup(fds, auclass);
394 ATF_REQUIRE_EQ(0, fchdir(filedesc));
395 check_audit(fds, pcregex, pipefd);
399 ATF_TC_CLEANUP(fchdir_success, tc)
405 ATF_TC_WITH_CLEANUP(fchdir_failure);
406 ATF_TC_HEAD(fchdir_failure, tc)
408 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
412 ATF_TC_BODY(fchdir_failure, tc)
415 snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,failure", pid);
417 FILE *pipefd = setup(fds, auclass);
418 /* Failure reason: Bad directory address */
419 ATF_REQUIRE_EQ(-1, fchdir(-1));
420 check_audit(fds, pcregex, pipefd);
423 ATF_TC_CLEANUP(fchdir_failure, tc)
429 ATF_TC_WITH_CLEANUP(chroot_success);
430 ATF_TC_HEAD(chroot_success, tc)
432 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
436 ATF_TC_BODY(chroot_success, tc)
439 snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,success", pid);
441 FILE *pipefd = setup(fds, auclass);
442 /* We don't want to change the root directory, hence '/' */
443 ATF_REQUIRE_EQ(0, chroot("/"));
444 check_audit(fds, pcregex, pipefd);
447 ATF_TC_CLEANUP(chroot_success, tc)
453 ATF_TC_WITH_CLEANUP(chroot_failure);
454 ATF_TC_HEAD(chroot_failure, tc)
456 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
460 ATF_TC_BODY(chroot_failure, tc)
463 snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,failure", pid);
465 FILE *pipefd = setup(fds, auclass);
466 ATF_REQUIRE_EQ(-1, chroot(NULL));
467 check_audit(fds, pcregex, pipefd);
470 ATF_TC_CLEANUP(chroot_failure, tc)
476 ATF_TC_WITH_CLEANUP(umask_success);
477 ATF_TC_HEAD(umask_success, tc)
479 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
483 ATF_TC_BODY(umask_success, tc)
486 snprintf(pcregex, sizeof(pcregex), "umask.*%d.*return,success", pid);
488 FILE *pipefd = setup(fds, auclass);
490 check_audit(fds, pcregex, pipefd);
493 ATF_TC_CLEANUP(umask_success, tc)
499 * umask(2) system call never fails. Hence, no test case for failure mode
503 ATF_TC_WITH_CLEANUP(setuid_success);
504 ATF_TC_HEAD(setuid_success, tc)
506 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
510 ATF_TC_BODY(setuid_success, tc)
513 snprintf(pcregex, sizeof(pcregex), "setuid.*%d.*return,success", pid);
515 FILE *pipefd = setup(fds, auclass);
516 /* Since we're privileged, we'll let ourselves be privileged! */
517 ATF_REQUIRE_EQ(0, setuid(0));
518 check_audit(fds, pcregex, pipefd);
521 ATF_TC_CLEANUP(setuid_success, tc)
527 * setuid(2) fails only when the current user is not root. So no test case for
528 * failure mode since the required_user="root"
532 ATF_TC_WITH_CLEANUP(seteuid_success);
533 ATF_TC_HEAD(seteuid_success, tc)
535 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
539 ATF_TC_BODY(seteuid_success, tc)
542 snprintf(pcregex, sizeof(pcregex), "seteuid.*%d.*return,success", pid);
544 FILE *pipefd = setup(fds, auclass);
545 /* This time, we'll let ourselves be 'effectively' privileged! */
546 ATF_REQUIRE_EQ(0, seteuid(0));
547 check_audit(fds, pcregex, pipefd);
550 ATF_TC_CLEANUP(seteuid_success, tc)
556 * seteuid(2) fails only when the current user is not root. So no test case for
557 * failure mode since the required_user="root"
561 ATF_TC_WITH_CLEANUP(setgid_success);
562 ATF_TC_HEAD(setgid_success, tc)
564 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
568 ATF_TC_BODY(setgid_success, tc)
571 snprintf(pcregex, sizeof(pcregex), "setgid.*%d.*return,success", pid);
573 FILE *pipefd = setup(fds, auclass);
574 ATF_REQUIRE_EQ(0, setgid(0));
575 check_audit(fds, pcregex, pipefd);
578 ATF_TC_CLEANUP(setgid_success, tc)
584 * setgid(2) fails only when the current user is not root. So no test case for
585 * failure mode since the required_user="root"
589 ATF_TC_WITH_CLEANUP(setegid_success);
590 ATF_TC_HEAD(setegid_success, tc)
592 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
596 ATF_TC_BODY(setegid_success, tc)
599 snprintf(pcregex, sizeof(pcregex), "setegid.*%d.*return,success", pid);
601 FILE *pipefd = setup(fds, auclass);
602 ATF_REQUIRE_EQ(0, setegid(0));
603 check_audit(fds, pcregex, pipefd);
606 ATF_TC_CLEANUP(setegid_success, tc)
612 * setegid(2) fails only when the current user is not root. So no test case for
613 * failure mode since the required_user="root"
617 ATF_TC_WITH_CLEANUP(setregid_success);
618 ATF_TC_HEAD(setregid_success, tc)
620 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
624 ATF_TC_BODY(setregid_success, tc)
627 snprintf(pcregex, sizeof(pcregex), "setregid.*%d.*return,success", pid);
629 FILE *pipefd = setup(fds, auclass);
630 /* setregid(-1, -1) does not change any real or effective GIDs */
631 ATF_REQUIRE_EQ(0, setregid(-1, -1));
632 check_audit(fds, pcregex, pipefd);
635 ATF_TC_CLEANUP(setregid_success, tc)
641 * setregid(2) fails only when the current user is not root. So no test case for
642 * failure mode since the required_user="root"
646 ATF_TC_WITH_CLEANUP(setreuid_success);
647 ATF_TC_HEAD(setreuid_success, tc)
649 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
653 ATF_TC_BODY(setreuid_success, tc)
656 snprintf(pcregex, sizeof(pcregex), "setreuid.*%d.*return,success", pid);
658 FILE *pipefd = setup(fds, auclass);
659 /* setreuid(-1, -1) does not change any real or effective UIDs */
660 ATF_REQUIRE_EQ(0, setreuid(-1, -1));
661 check_audit(fds, pcregex, pipefd);
664 ATF_TC_CLEANUP(setreuid_success, tc)
670 * setregid(2) fails only when the current user is not root. So no test case for
671 * failure mode since the required_user="root"
675 ATF_TC_WITH_CLEANUP(setresuid_success);
676 ATF_TC_HEAD(setresuid_success, tc)
678 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
679 "setresuid(2) call");
682 ATF_TC_BODY(setresuid_success, tc)
685 snprintf(pcregex, sizeof(pcregex), "setresuid.*%d.*return,success", pid);
687 FILE *pipefd = setup(fds, auclass);
688 /* setresuid(-1, -1, -1) does not change real, effective & saved UIDs */
689 ATF_REQUIRE_EQ(0, setresuid(-1, -1, -1));
690 check_audit(fds, pcregex, pipefd);
693 ATF_TC_CLEANUP(setresuid_success, tc)
699 * setresuid(2) fails only when the current user is not root. So no test case
700 * for failure mode since the required_user="root"
704 ATF_TC_WITH_CLEANUP(setresgid_success);
705 ATF_TC_HEAD(setresgid_success, tc)
707 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
708 "setresgid(2) call");
711 ATF_TC_BODY(setresgid_success, tc)
714 snprintf(pcregex, sizeof(pcregex), "setresgid.*%d.*ret.*success", pid);
716 FILE *pipefd = setup(fds, auclass);
717 /* setresgid(-1, -1, -1) does not change real, effective & saved GIDs */
718 ATF_REQUIRE_EQ(0, setresgid(-1, -1, -1));
719 check_audit(fds, pcregex, pipefd);
722 ATF_TC_CLEANUP(setresgid_success, tc)
728 * setresgid(2) fails only when the current user is not root. So no test case
729 * for failure mode since the required_user="root"
733 ATF_TC_WITH_CLEANUP(getresuid_success);
734 ATF_TC_HEAD(getresuid_success, tc)
736 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
737 "getresuid(2) call");
740 ATF_TC_BODY(getresuid_success, tc)
743 snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*success", pid);
745 FILE *pipefd = setup(fds, auclass);
746 ATF_REQUIRE_EQ(0, getresuid(NULL, NULL, NULL));
747 check_audit(fds, pcregex, pipefd);
750 ATF_TC_CLEANUP(getresuid_success, tc)
756 ATF_TC_WITH_CLEANUP(getresuid_failure);
757 ATF_TC_HEAD(getresuid_failure, tc)
759 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
760 "getresuid(2) call");
763 ATF_TC_BODY(getresuid_failure, tc)
766 snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*failure", pid);
768 FILE *pipefd = setup(fds, auclass);
769 /* Failure reason: Invalid address "-1" */
770 ATF_REQUIRE_EQ(-1, getresuid((uid_t *)-1, NULL, NULL));
771 check_audit(fds, pcregex, pipefd);
774 ATF_TC_CLEANUP(getresuid_failure, tc)
780 ATF_TC_WITH_CLEANUP(getresgid_success);
781 ATF_TC_HEAD(getresgid_success, tc)
783 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
784 "getresgid(2) call");
787 ATF_TC_BODY(getresgid_success, tc)
790 snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*success", pid);
792 FILE *pipefd = setup(fds, auclass);
793 ATF_REQUIRE_EQ(0, getresgid(NULL, NULL, NULL));
794 check_audit(fds, pcregex, pipefd);
797 ATF_TC_CLEANUP(getresgid_success, tc)
803 ATF_TC_WITH_CLEANUP(getresgid_failure);
804 ATF_TC_HEAD(getresgid_failure, tc)
806 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
807 "getresgid(2) call");
810 ATF_TC_BODY(getresgid_failure, tc)
813 snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*failure", pid);
815 FILE *pipefd = setup(fds, auclass);
816 /* Failure reason: Invalid address "-1" */
817 ATF_REQUIRE_EQ(-1, getresgid((gid_t *)-1, NULL, NULL));
818 check_audit(fds, pcregex, pipefd);
821 ATF_TC_CLEANUP(getresgid_failure, tc)
827 ATF_TC_WITH_CLEANUP(setpriority_success);
828 ATF_TC_HEAD(setpriority_success, tc)
830 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
831 "setpriority(2) call");
834 ATF_TC_BODY(setpriority_success, tc)
837 snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*success", pid);
839 FILE *pipefd = setup(fds, auclass);
840 ATF_REQUIRE_EQ(0, setpriority(PRIO_PROCESS, 0, 0));
841 check_audit(fds, pcregex, pipefd);
844 ATF_TC_CLEANUP(setpriority_success, tc)
850 ATF_TC_WITH_CLEANUP(setpriority_failure);
851 ATF_TC_HEAD(setpriority_failure, tc)
853 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
854 "setpriority(2) call");
857 ATF_TC_BODY(setpriority_failure, tc)
860 snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*failure", pid);
862 FILE *pipefd = setup(fds, auclass);
863 ATF_REQUIRE_EQ(-1, setpriority(-1, -1, -1));
864 check_audit(fds, pcregex, pipefd);
867 ATF_TC_CLEANUP(setpriority_failure, tc)
873 ATF_TC_WITH_CLEANUP(setgroups_success);
874 ATF_TC_HEAD(setgroups_success, tc)
876 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
877 "setgroups(2) call");
880 ATF_TC_BODY(setgroups_success, tc)
884 snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*success", pid);
885 /* Retrieve the current group access list to be used with setgroups */
886 ATF_REQUIRE(getgroups(sizeof(gids)/sizeof(gids[0]), gids) != -1);
888 FILE *pipefd = setup(fds, auclass);
889 ATF_REQUIRE_EQ(0, setgroups(sizeof(gids)/sizeof(gids[0]), gids));
890 check_audit(fds, pcregex, pipefd);
893 ATF_TC_CLEANUP(setgroups_success, tc)
899 ATF_TC_WITH_CLEANUP(setgroups_failure);
900 ATF_TC_HEAD(setgroups_failure, tc)
902 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
903 "setgroups(2) call");
906 ATF_TC_BODY(setgroups_failure, tc)
909 snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*failure", pid);
911 FILE *pipefd = setup(fds, auclass);
912 ATF_REQUIRE_EQ(-1, setgroups(-1, NULL));
913 check_audit(fds, pcregex, pipefd);
916 ATF_TC_CLEANUP(setgroups_failure, tc)
922 ATF_TC_WITH_CLEANUP(setpgrp_success);
923 ATF_TC_HEAD(setpgrp_success, tc)
925 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
929 ATF_TC_BODY(setpgrp_success, tc)
931 /* Main procedure is carried out from within the child process */
932 ATF_REQUIRE((pid = fork()) != -1);
934 ATF_REQUIRE(wait(&status) != -1);
937 snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*success", pid);
939 FILE *pipefd = setup(fds, auclass);
940 ATF_REQUIRE_EQ(0, setpgrp(0, 0));
941 check_audit(fds, pcregex, pipefd);
945 ATF_TC_CLEANUP(setpgrp_success, tc)
951 ATF_TC_WITH_CLEANUP(setpgrp_failure);
952 ATF_TC_HEAD(setpgrp_failure, tc)
954 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
958 ATF_TC_BODY(setpgrp_failure, tc)
961 snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*return,failure", pid);
963 FILE *pipefd = setup(fds, auclass);
964 ATF_REQUIRE_EQ(-1, setpgrp(-1, -1));
965 check_audit(fds, pcregex, pipefd);
968 ATF_TC_CLEANUP(setpgrp_failure, tc)
974 ATF_TC_WITH_CLEANUP(setsid_success);
975 ATF_TC_HEAD(setsid_success, tc)
977 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
981 ATF_TC_BODY(setsid_success, tc)
983 /* Main procedure is carried out from within the child process */
984 ATF_REQUIRE((pid = fork()) != -1);
986 ATF_REQUIRE(wait(&status) != -1);
989 snprintf(pcregex, sizeof(pcregex), "setsid.*%d.*success", pid);
991 FILE *pipefd = setup(fds, auclass);
992 ATF_REQUIRE(setsid() != -1);
993 check_audit(fds, pcregex, pipefd);
997 ATF_TC_CLEANUP(setsid_success, tc)
1003 ATF_TC_WITH_CLEANUP(setsid_failure);
1004 ATF_TC_HEAD(setsid_failure, tc)
1006 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1010 ATF_TC_BODY(setsid_failure, tc)
1013 snprintf(pcregex, sizeof(pcregex), "setsid.*%d.*return,failure", pid);
1016 * Here, we are intentionally ignoring the output of the setsid()
1017 * call because it may or may not be a process leader already. But it
1018 * ensures that the next invocation of setsid() will definitely fail.
1021 FILE *pipefd = setup(fds, auclass);
1023 * Failure reason: [EPERM] Creating a new session is not permitted
1024 * as the PID of calling process matches the PGID of a process group
1025 * created by premature setsid() call.
1027 ATF_REQUIRE_EQ(-1, setsid());
1028 check_audit(fds, pcregex, pipefd);
1031 ATF_TC_CLEANUP(setsid_failure, tc)
1037 ATF_TC_WITH_CLEANUP(setrlimit_success);
1038 ATF_TC_HEAD(setrlimit_success, tc)
1040 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1041 "setrlimit(2) call");
1044 ATF_TC_BODY(setrlimit_success, tc)
1048 snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*success", pid);
1049 /* Retrieve the system resource consumption limit to be used later on */
1050 ATF_REQUIRE_EQ(0, getrlimit(RLIMIT_FSIZE, &rlp));
1052 FILE *pipefd = setup(fds, auclass);
1053 ATF_REQUIRE_EQ(0, setrlimit(RLIMIT_FSIZE, &rlp));
1054 check_audit(fds, pcregex, pipefd);
1057 ATF_TC_CLEANUP(setrlimit_success, tc)
1063 ATF_TC_WITH_CLEANUP(setrlimit_failure);
1064 ATF_TC_HEAD(setrlimit_failure, tc)
1066 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1067 "setrlimit(2) call");
1070 ATF_TC_BODY(setrlimit_failure, tc)
1073 snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*failure", pid);
1075 FILE *pipefd = setup(fds, auclass);
1076 ATF_REQUIRE_EQ(-1, setrlimit(RLIMIT_FSIZE, NULL));
1077 check_audit(fds, pcregex, pipefd);
1080 ATF_TC_CLEANUP(setrlimit_failure, tc)
1086 ATF_TC_WITH_CLEANUP(mlock_success);
1087 ATF_TC_HEAD(mlock_success, tc)
1089 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1093 ATF_TC_BODY(mlock_success, tc)
1096 snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,success", pid);
1098 FILE *pipefd = setup(fds, auclass);
1099 ATF_REQUIRE_EQ(0, mlock(NULL, 0));
1100 check_audit(fds, pcregex, pipefd);
1103 ATF_TC_CLEANUP(mlock_success, tc)
1109 ATF_TC_WITH_CLEANUP(mlock_failure);
1110 ATF_TC_HEAD(mlock_failure, tc)
1112 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1116 ATF_TC_BODY(mlock_failure, tc)
1119 snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,failure", pid);
1121 FILE *pipefd = setup(fds, auclass);
1122 ATF_REQUIRE_EQ(-1, mlock((void *)(-1), -1));
1123 check_audit(fds, pcregex, pipefd);
1126 ATF_TC_CLEANUP(mlock_failure, tc)
1132 ATF_TC_WITH_CLEANUP(munlock_success);
1133 ATF_TC_HEAD(munlock_success, tc)
1135 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1139 ATF_TC_BODY(munlock_success, tc)
1142 snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,success", pid);
1144 FILE *pipefd = setup(fds, auclass);
1145 ATF_REQUIRE_EQ(0, munlock(NULL, 0));
1146 check_audit(fds, pcregex, pipefd);
1149 ATF_TC_CLEANUP(munlock_success, tc)
1155 ATF_TC_WITH_CLEANUP(munlock_failure);
1156 ATF_TC_HEAD(munlock_failure, tc)
1158 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1162 ATF_TC_BODY(munlock_failure, tc)
1165 snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,failure", pid);
1167 FILE *pipefd = setup(fds, auclass);
1168 ATF_REQUIRE_EQ(-1, munlock((void *)(-1), -1));
1169 check_audit(fds, pcregex, pipefd);
1172 ATF_TC_CLEANUP(munlock_failure, tc)
1178 ATF_TC_WITH_CLEANUP(minherit_success);
1179 ATF_TC_HEAD(minherit_success, tc)
1181 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1182 "minherit(2) call");
1185 ATF_TC_BODY(minherit_success, tc)
1188 snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,success", pid);
1190 FILE *pipefd = setup(fds, auclass);
1191 ATF_REQUIRE_EQ(0, minherit(NULL, 0, INHERIT_ZERO));
1192 check_audit(fds, pcregex, pipefd);
1195 ATF_TC_CLEANUP(minherit_success, tc)
1201 ATF_TC_WITH_CLEANUP(minherit_failure);
1202 ATF_TC_HEAD(minherit_failure, tc)
1204 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1205 "minherit(2) call");
1208 ATF_TC_BODY(minherit_failure, tc)
1211 snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,failure", pid);
1213 FILE *pipefd = setup(fds, auclass);
1214 ATF_REQUIRE_EQ(-1, minherit((void *)(-1), -1, 0));
1215 check_audit(fds, pcregex, pipefd);
1218 ATF_TC_CLEANUP(minherit_failure, tc)
1224 ATF_TC_WITH_CLEANUP(setlogin_success);
1225 ATF_TC_HEAD(setlogin_success, tc)
1227 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1228 "setlogin(2) call");
1231 ATF_TC_BODY(setlogin_success, tc)
1235 snprintf(pcregex, sizeof(pcregex), "setlogin.*%d.*return,success", pid);
1237 /* Retrieve the current user's login name to be used with setlogin(2) */
1238 ATF_REQUIRE((name = getlogin()) != NULL);
1239 FILE *pipefd = setup(fds, auclass);
1240 ATF_REQUIRE_EQ(0, setlogin(name));
1241 check_audit(fds, pcregex, pipefd);
1244 ATF_TC_CLEANUP(setlogin_success, tc)
1250 ATF_TC_WITH_CLEANUP(setlogin_failure);
1251 ATF_TC_HEAD(setlogin_failure, tc)
1253 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1254 "setlogin(2) call");
1257 ATF_TC_BODY(setlogin_failure, tc)
1260 snprintf(pcregex, sizeof(pcregex), "setlogin.*%d.*return,failure", pid);
1262 FILE *pipefd = setup(fds, auclass);
1263 ATF_REQUIRE_EQ(-1, setlogin(NULL));
1264 check_audit(fds, pcregex, pipefd);
1267 ATF_TC_CLEANUP(setlogin_failure, tc)
1273 ATF_TC_WITH_CLEANUP(rtprio_success);
1274 ATF_TC_HEAD(rtprio_success, tc)
1276 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1280 ATF_TC_BODY(rtprio_success, tc)
1284 snprintf(pcregex, sizeof(pcregex), "rtprio.*%d.*return,success", pid);
1286 FILE *pipefd = setup(fds, auclass);
1287 ATF_REQUIRE_EQ(0, rtprio(RTP_LOOKUP, 0, &rtp));
1288 check_audit(fds, pcregex, pipefd);
1291 ATF_TC_CLEANUP(rtprio_success, tc)
1297 ATF_TC_WITH_CLEANUP(rtprio_failure);
1298 ATF_TC_HEAD(rtprio_failure, tc)
1300 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1304 ATF_TC_BODY(rtprio_failure, tc)
1307 snprintf(pcregex, sizeof(pcregex), "rtprio.*%d.*return,failure", pid);
1309 FILE *pipefd = setup(fds, auclass);
1310 ATF_REQUIRE_EQ(-1, rtprio(-1, -1, NULL));
1311 check_audit(fds, pcregex, pipefd);
1314 ATF_TC_CLEANUP(rtprio_failure, tc)
1320 ATF_TC_WITH_CLEANUP(profil_success);
1321 ATF_TC_HEAD(profil_success, tc)
1323 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1327 ATF_TC_BODY(profil_success, tc)
1330 snprintf(pcregex, sizeof(pcregex), "profil.*%d.*return,success", pid);
1333 FILE *pipefd = setup(fds, auclass);
1334 /* Set scale argument as 0 to disable profiling of current process */
1335 ATF_REQUIRE_EQ(0, profil(samples, sizeof(samples), 0, 0));
1336 check_audit(fds, pcregex, pipefd);
1339 ATF_TC_CLEANUP(profil_success, tc)
1345 ATF_TC_WITH_CLEANUP(profil_failure);
1346 ATF_TC_HEAD(profil_failure, tc)
1348 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1352 ATF_TC_BODY(profil_failure, tc)
1355 snprintf(pcregex, sizeof(pcregex), "profil.*%d.*return,failure", pid);
1357 FILE *pipefd = setup(fds, auclass);
1358 ATF_REQUIRE_EQ(-1, profil((char *)(SIZE_MAX), -1, -1, -1));
1359 check_audit(fds, pcregex, pipefd);
1362 ATF_TC_CLEANUP(profil_failure, tc)
1368 ATF_TC_WITH_CLEANUP(ptrace_success);
1369 ATF_TC_HEAD(ptrace_success, tc)
1371 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1375 ATF_TC_BODY(ptrace_success, tc)
1378 snprintf(pcregex, sizeof(pcregex), "ptrace.*%d.*return,success", pid);
1380 FILE *pipefd = setup(fds, auclass);
1381 ATF_REQUIRE_EQ(0, ptrace(PT_TRACE_ME, 0, NULL, 0));
1382 check_audit(fds, pcregex, pipefd);
1385 ATF_TC_CLEANUP(ptrace_success, tc)
1391 ATF_TC_WITH_CLEANUP(ptrace_failure);
1392 ATF_TC_HEAD(ptrace_failure, tc)
1394 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1398 ATF_TC_BODY(ptrace_failure, tc)
1401 snprintf(pcregex, sizeof(pcregex), "ptrace.*%d.*return,failure", pid);
1403 FILE *pipefd = setup(fds, auclass);
1404 ATF_REQUIRE_EQ(-1, ptrace(-1, 0, NULL, 0));
1405 check_audit(fds, pcregex, pipefd);
1408 ATF_TC_CLEANUP(ptrace_failure, tc)
1414 ATF_TC_WITH_CLEANUP(ktrace_success);
1415 ATF_TC_HEAD(ktrace_success, tc)
1417 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1421 ATF_TC_BODY(ktrace_success, tc)
1424 snprintf(pcregex, sizeof(pcregex), "ktrace.*%d.*return,success", pid);
1426 FILE *pipefd = setup(fds, auclass);
1427 ATF_REQUIRE_EQ(0, ktrace(NULL, KTROP_CLEAR, KTRFAC_SYSCALL, pid));
1428 check_audit(fds, pcregex, pipefd);
1431 ATF_TC_CLEANUP(ktrace_success, tc)
1437 ATF_TC_WITH_CLEANUP(ktrace_failure);
1438 ATF_TC_HEAD(ktrace_failure, tc)
1440 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1444 ATF_TC_BODY(ktrace_failure, tc)
1447 snprintf(pcregex, sizeof(pcregex), "ktrace.*%d.*return,failure", pid);
1449 FILE *pipefd = setup(fds, auclass);
1450 ATF_REQUIRE_EQ(-1, ktrace(NULL, -1, -1, 0));
1451 check_audit(fds, pcregex, pipefd);
1454 ATF_TC_CLEANUP(ktrace_failure, tc)
1460 ATF_TC_WITH_CLEANUP(procctl_success);
1461 ATF_TC_HEAD(procctl_success, tc)
1463 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1467 ATF_TC_BODY(procctl_success, tc)
1470 snprintf(pcregex, sizeof(pcregex), "procctl.*%d.*return,success", pid);
1472 struct procctl_reaper_status reapstat;
1473 FILE *pipefd = setup(fds, auclass);
1474 /* Retrieve information about the reaper of current process (pid) */
1475 ATF_REQUIRE_EQ(0, procctl(P_PID, pid, PROC_REAP_STATUS, &reapstat));
1476 check_audit(fds, pcregex, pipefd);
1479 ATF_TC_CLEANUP(procctl_success, tc)
1485 ATF_TC_WITH_CLEANUP(procctl_failure);
1486 ATF_TC_HEAD(procctl_failure, tc)
1488 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1492 ATF_TC_BODY(procctl_failure, tc)
1495 snprintf(pcregex, sizeof(pcregex), "procctl.*%d.*return,failure", pid);
1497 FILE *pipefd = setup(fds, auclass);
1498 ATF_REQUIRE_EQ(-1, procctl(-1, -1, -1, NULL));
1499 check_audit(fds, pcregex, pipefd);
1502 ATF_TC_CLEANUP(procctl_failure, tc)
1508 ATF_TC_WITH_CLEANUP(cap_enter_success);
1509 ATF_TC_HEAD(cap_enter_success, tc)
1511 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1512 "cap_enter(2) call");
1515 ATF_TC_BODY(cap_enter_success, tc)
1517 ATF_REQUIRE_FEATURE("security_capability_mode");
1519 FILE *pipefd = setup(fds, auclass);
1520 ATF_REQUIRE((pid = fork()) != -1);
1522 snprintf(pcregex, sizeof(pcregex),
1523 "cap_enter.*%d.*return,success", pid);
1524 ATF_REQUIRE(wait(&status) != -1);
1525 check_audit(fds, pcregex, pipefd);
1528 ATF_REQUIRE_EQ(0, cap_enter());
1533 ATF_TC_CLEANUP(cap_enter_success, tc)
1539 ATF_TC_WITH_CLEANUP(cap_getmode_success);
1540 ATF_TC_HEAD(cap_getmode_success, tc)
1542 atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
1543 "cap_getmode(2) call");
1546 ATF_TC_BODY(cap_getmode_success, tc)
1550 ATF_REQUIRE_FEATURE("security_capability_mode");
1553 snprintf(pcregex, sizeof(pcregex), "cap_getmode.*%d.*success", pid);
1555 FILE *pipefd = setup(fds, auclass);
1556 ATF_REQUIRE_EQ(0, cap_getmode(&modep));
1557 check_audit(fds, pcregex, pipefd);
1560 ATF_TC_CLEANUP(cap_getmode_success, tc)
1566 ATF_TC_WITH_CLEANUP(cap_getmode_failure);
1567 ATF_TC_HEAD(cap_getmode_failure, tc)
1569 atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
1570 "cap_getmode(2) call");
1573 ATF_TC_BODY(cap_getmode_failure, tc)
1576 snprintf(pcregex, sizeof(pcregex), "cap_getmode.*%d.*failure", pid);
1578 FILE *pipefd = setup(fds, auclass);
1579 /* cap_getmode(2) can either fail with EFAULT or ENOSYS */
1580 ATF_REQUIRE_EQ(-1, cap_getmode(NULL));
1581 check_audit(fds, pcregex, pipefd);
1584 ATF_TC_CLEANUP(cap_getmode_failure, tc)
1592 ATF_TP_ADD_TC(tp, fork_success);
1593 ATF_TP_ADD_TC(tp, _exit_success);
1594 ATF_TP_ADD_TC(tp, rfork_success);
1595 ATF_TP_ADD_TC(tp, rfork_failure);
1597 ATF_TP_ADD_TC(tp, wait4_success);
1598 ATF_TP_ADD_TC(tp, wait4_failure);
1599 ATF_TP_ADD_TC(tp, wait6_success);
1600 ATF_TP_ADD_TC(tp, wait6_failure);
1601 ATF_TP_ADD_TC(tp, kill_success);
1602 ATF_TP_ADD_TC(tp, kill_failure);
1604 ATF_TP_ADD_TC(tp, chdir_success);
1605 ATF_TP_ADD_TC(tp, chdir_failure);
1606 ATF_TP_ADD_TC(tp, fchdir_success);
1607 ATF_TP_ADD_TC(tp, fchdir_failure);
1608 ATF_TP_ADD_TC(tp, chroot_success);
1609 ATF_TP_ADD_TC(tp, chroot_failure);
1611 ATF_TP_ADD_TC(tp, umask_success);
1612 ATF_TP_ADD_TC(tp, setuid_success);
1613 ATF_TP_ADD_TC(tp, seteuid_success);
1614 ATF_TP_ADD_TC(tp, setgid_success);
1615 ATF_TP_ADD_TC(tp, setegid_success);
1617 ATF_TP_ADD_TC(tp, setreuid_success);
1618 ATF_TP_ADD_TC(tp, setregid_success);
1619 ATF_TP_ADD_TC(tp, setresuid_success);
1620 ATF_TP_ADD_TC(tp, setresgid_success);
1622 ATF_TP_ADD_TC(tp, getresuid_success);
1623 ATF_TP_ADD_TC(tp, getresuid_failure);
1624 ATF_TP_ADD_TC(tp, getresgid_success);
1625 ATF_TP_ADD_TC(tp, getresgid_failure);
1627 ATF_TP_ADD_TC(tp, setpriority_success);
1628 ATF_TP_ADD_TC(tp, setpriority_failure);
1629 ATF_TP_ADD_TC(tp, setgroups_success);
1630 ATF_TP_ADD_TC(tp, setgroups_failure);
1631 ATF_TP_ADD_TC(tp, setpgrp_success);
1632 ATF_TP_ADD_TC(tp, setpgrp_failure);
1633 ATF_TP_ADD_TC(tp, setsid_success);
1634 ATF_TP_ADD_TC(tp, setsid_failure);
1635 ATF_TP_ADD_TC(tp, setrlimit_success);
1636 ATF_TP_ADD_TC(tp, setrlimit_failure);
1638 ATF_TP_ADD_TC(tp, mlock_success);
1639 ATF_TP_ADD_TC(tp, mlock_failure);
1640 ATF_TP_ADD_TC(tp, munlock_success);
1641 ATF_TP_ADD_TC(tp, munlock_failure);
1642 ATF_TP_ADD_TC(tp, minherit_success);
1643 ATF_TP_ADD_TC(tp, minherit_failure);
1645 ATF_TP_ADD_TC(tp, setlogin_success);
1646 ATF_TP_ADD_TC(tp, setlogin_failure);
1647 ATF_TP_ADD_TC(tp, rtprio_success);
1648 ATF_TP_ADD_TC(tp, rtprio_failure);
1650 ATF_TP_ADD_TC(tp, profil_success);
1651 ATF_TP_ADD_TC(tp, profil_failure);
1652 ATF_TP_ADD_TC(tp, ptrace_success);
1653 ATF_TP_ADD_TC(tp, ptrace_failure);
1654 ATF_TP_ADD_TC(tp, ktrace_success);
1655 ATF_TP_ADD_TC(tp, ktrace_failure);
1656 ATF_TP_ADD_TC(tp, procctl_success);
1657 ATF_TP_ADD_TC(tp, procctl_failure);
1659 ATF_TP_ADD_TC(tp, cap_enter_success);
1660 ATF_TP_ADD_TC(tp, cap_getmode_success);
1661 ATF_TP_ADD_TC(tp, cap_getmode_failure);
1663 return (atf_no_error());