Menu
▾
▴
[Audit-test-developer] [PATCH 4/5] audit-test/filter: add aarch64 support
|
From: AKASHI T. <tak...@li...> - 2014-07-03 07:46:42
|
On arm64/aarch64, some system calls are implemented in glibc using other
primitive system calls, say open() vs. openat(). Therefore, audit logs
have only records for primitive ones.
This patch adds work-arounds for these cases.
Signed-off-by: AKASHI Takahiro <tak...@li...>
---
audit-test/filter/tests/test_auid.bash | 9 +++++++--
audit-test/filter/tests/test_class_attr.bash | 13 +++++++++++++
audit-test/filter/tests/test_dev_inode.bash | 11 ++++++++---
audit-test/filter/tests/test_success.bash | 6 +++++-
audit-test/filter/tests/test_syscall.bash | 6 +++++-
audit-test/filter/tests/test_type.bash | 9 +++++++--
audit-test/filter/tests/test_watch_dir_remove.bash | 20 ++++++++++++--------
audit-test/filter/tests/test_watch_open.bash | 10 ++++++++--
audit-test/filter/tests/test_watch_remove.bash | 4 ++++
audit-test/rules.mk | 6 ++++--
10 files changed, 73 insertions(+), 21 deletions(-)
diff --git a/audit-test/filter/tests/test_auid.bash b/audit-test/filter/tests/test_auid.bash
index c165cf3..63098b7 100755
--- a/audit-test/filter/tests/test_auid.bash
+++ b/audit-test/filter/tests/test_auid.bash
@@ -33,8 +33,13 @@ do_open_file $tmp1
augrok --seek=$log_mark "name==$tmp1" "auid==$user_auid" \
&& exit_error "Unexpected record found."
-auditctl -a exit,always -F arch=b$MODE -S open -F auid=$user_auid
-prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S open -F auid=$user_auid"
+if [ ${MACHINE} = "aarch64" ]; then
+syscall_name="openat"
+else
+syscall_name="open"
+fi
+auditctl -a exit,always -F arch=b$MODE -S $syscall_name -F auid=$user_auid
+prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S $syscall_name -F auid=$user_auid"
# audit log marker
log_mark=$(stat -c %s $audit_log)
diff --git a/audit-test/filter/tests/test_class_attr.bash b/audit-test/filter/tests/test_class_attr.bash
index 687b3d9..2be24dc 100755
--- a/audit-test/filter/tests/test_class_attr.bash
+++ b/audit-test/filter/tests/test_class_attr.bash
@@ -32,15 +32,28 @@ log_mark=$(stat -c %s $audit_log)
# test
do_chmod $watch 777
+if [ ${MACHINE} = "aarch64" ]; then
+do_fchownat $(dirname $watch) $(basename $watch) root
+else
do_chown $watch root
+fi
do_unlink $watch
# verify audit record
+if [ ${MACHINE} = "aarch64" ]; then
+augrok --seek=$log_mark type==SYSCALL syscall==fchmodat name==$watch \
+ || exit_fail "Expected record for 'chmod' not found."
+augrok --seek=$log_mark type==SYSCALL syscall==fchownat name==$(basename $watch) \
+ || exit_fail "Expected record for 'chown' not found."
+augrok --seek=$log_mark type==SYSCALL syscall==unlinkat name==$watch \
+ && exit_fail "Unexpected record for 'unlink' found."
+else
augrok --seek=$log_mark type==SYSCALL syscall==chmod name==$watch \
|| exit_fail "Expected record for 'chmod' not found."
augrok --seek=$log_mark type==SYSCALL syscall==chown name==$watch \
|| exit_fail "Expected record for 'chown' not found."
augrok --seek=$log_mark type==SYSCALL syscall==unlink name==$watch \
&& exit_fail "Unexpected record for 'unlink' found."
+fi
exit_pass
diff --git a/audit-test/filter/tests/test_dev_inode.bash b/audit-test/filter/tests/test_dev_inode.bash
index 30ea580..4611cfa 100755
--- a/audit-test/filter/tests/test_dev_inode.bash
+++ b/audit-test/filter/tests/test_dev_inode.bash
@@ -34,11 +34,16 @@ minor=$((0x$minor))
event_obj=$(get_event_obj $1)
[[ $event_obj != $tmp1 ]] && prepend_cleanup "rm -f $event_obj"
-auditctl -a exit,always -F arch=b$MODE -S open -F key=$tmp1 \
- -F inode=$inode -F devmajor=$major -F devminor=$minor
+if [ ${MACHINE} = "aarch64" ]; then
+syscall_name="openat"
+else
+syscall_name="open"
+fi
+auditctl -a exit,always -F arch=b$MODE -S $syscall_name -F key=$tmp1 \
+ -F inode=$inode -F devmajor=$major -F devminor=$minor
prepend_cleanup "
-auditctl -d exit,always -F arch=b$MODE -S open -F key=$tmp1 \
+auditctl -d exit,always -F arch=b$MODE -S $syscall_name -F key=$tmp1 \
-F inode=$inode -F devmajor=$major -F devminor=$minor"
log_mark=$(stat -c %s $audit_log)
diff --git a/audit-test/filter/tests/test_success.bash b/audit-test/filter/tests/test_success.bash
index 497959b..a54c36e 100755
--- a/audit-test/filter/tests/test_success.bash
+++ b/audit-test/filter/tests/test_success.bash
@@ -21,7 +21,11 @@
source filter_functions.bash || exit 2
# setup
+if [ ${MACHINE} = "aarch64" ]; then
+syscall_name="openat"
+else
syscall_name="open"
+fi
syscall_num=$(augrok --resolve $syscall_name) \
|| exit_error "unable to determine the syscall number for $syscall_name"
@@ -37,7 +41,7 @@ case $op in
;;
*) exit_fail "unknown test operation" ;;
esac
-filter_rule="exit,always -F arch=b$MODE -S open"
+filter_rule="exit,always -F arch=b$MODE -S $syscall_name"
auditctl -a $filter_rule $filter_field
prepend_cleanup "auditctl -d $filter_rule $filter_field"
diff --git a/audit-test/filter/tests/test_syscall.bash b/audit-test/filter/tests/test_syscall.bash
index 8159b92..fc5934b 100755
--- a/audit-test/filter/tests/test_syscall.bash
+++ b/audit-test/filter/tests/test_syscall.bash
@@ -21,13 +21,17 @@
source filter_functions.bash || exit 2
# setup
+if [ ${MACHINE} = "aarch64" ]; then
+syscall_name="openat"
+else
syscall_name="open"
+fi
syscall_num=$(augrok --resolve $syscall_name) \
|| exit_error "unable to determine the syscall number for $syscall_name"
op=$1
case $op in
- name) filter_rule="exit,always -F arch=b$MODE -S open" ;;
+ name) filter_rule="exit,always -F arch=b$MODE -S $syscall_name" ;;
number) filter_rule="exit,always -S $syscall_num";;
*) exit_fail "unknown test operation" ;;
esac
diff --git a/audit-test/filter/tests/test_type.bash b/audit-test/filter/tests/test_type.bash
index 16c63f4..450c926 100755
--- a/audit-test/filter/tests/test_type.bash
+++ b/audit-test/filter/tests/test_type.bash
@@ -27,10 +27,15 @@ source filter_functions.bash || exit 2
# setup
user_auid=$(cat /proc/self/loginuid)
+if [ ${MACHINE} = "aarch64" ]; then
+syscall_name="openat"
+else
+syscall_name="open"
+fi
# setup auditctl
-auditctl -a exit,always -F arch=b$MODE -S open -F auid=$user_auid
-prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S open -F auid=$user_auid"
+auditctl -a exit,always -F arch=b$MODE -S $syscall_name -F auid=$user_auid
+prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S $syscall_name -F auid=$user_auid"
# audit log marker
log_mark=$(stat -c %s $audit_log)
diff --git a/audit-test/filter/tests/test_watch_dir_remove.bash b/audit-test/filter/tests/test_watch_dir_remove.bash
index bbdd9fb..fbb54b8 100755
--- a/audit-test/filter/tests/test_watch_dir_remove.bash
+++ b/audit-test/filter/tests/test_watch_dir_remove.bash
@@ -28,24 +28,28 @@ tmpd=$(mktemp -d) || exit_fail "create tempdir failed"
watch="$tmpd"
name="$tmpd/foo"
-auditctl -a exit,always -F arch=b$MODE -S $op -F path=$watch
-auditctl -a exit,always -F arch=b$MODE -S $opat -F path=$watch
-
-prepend_cleanup "
- auditctl -d exit,always -F arch=b$MODE -S $op -F path=$watch
- auditctl -d exit,always -F arch=b$MODE -S $opat -F path=$watch
- rm -rf $tmpd"
-
case $op in
rename) touch $name
gen_audit_event="mv $tmp1 $name" ;;
rmdir) mkdir $name
+ if [ ${MACHINE} = "aarch64" ]; then
+ op="unlink";
+ opat="unlinkat";
+ fi
gen_audit_event="rmdir $name" ;;
unlink) touch $name
gen_audit_event="rm $name" ;;
*) exit_fail "unknown test operation: $op" ;;
esac
+auditctl -a exit,always -F arch=b$MODE -S $op -F path=$watch
+auditctl -a exit,always -F arch=b$MODE -S $opat -F path=$watch
+
+prepend_cleanup "
+ auditctl -d exit,always -F arch=b$MODE -S $op -F path=$watch
+ auditctl -d exit,always -F arch=b$MODE -S $opat -F path=$watch
+ rm -rf $tmpd"
+
log_mark=$(stat -c %s $audit_log)
# test
diff --git a/audit-test/filter/tests/test_watch_open.bash b/audit-test/filter/tests/test_watch_open.bash
index 525ac31..c357a81 100755
--- a/audit-test/filter/tests/test_watch_open.bash
+++ b/audit-test/filter/tests/test_watch_open.bash
@@ -29,8 +29,14 @@ watch=$tmp1
event_obj=$(get_event_obj $1)
[[ $event_obj != $watch ]] && prepend_cleanup "rm -f $event_obj"
-auditctl -a exit,always -F arch=b$MODE -S open -F key=$watch -F path=$watch
-prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S openat -F key=$watch -F path=$watch"
+if [ ${MACHINE} = "aarch64" ]; then
+syscall_name="openat"
+else
+syscall_name="open"
+fi
+
+auditctl -a exit,always -F arch=b$MODE -S $syscall_name -F key=$watch -F path=$watch
+prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S $syscall_name -F key=$watch -F path=$watch"
# test open with O_CREAT|O_RDONLY; verify audit record
log_mark=$(stat -c %s $audit_log)
diff --git a/audit-test/filter/tests/test_watch_remove.bash b/audit-test/filter/tests/test_watch_remove.bash
index 2e00a50..97cd1ff 100755
--- a/audit-test/filter/tests/test_watch_remove.bash
+++ b/audit-test/filter/tests/test_watch_remove.bash
@@ -30,6 +30,10 @@ case $op in
unlink) touch $name
gen_audit_event="rm $name" ;;
rmdir) mkdir $name
+ if [ ${MACHINE} = "aarch64" ]; then
+ op="unlink";
+ opat="unlinkat";
+ fi
gen_audit_event="rmdir $name" ;;
rename) touch $name
gen_audit_event="mv $tmp1 $name" ;;
diff --git a/audit-test/rules.mk b/audit-test/rules.mk
index 25c9758..4af7c13 100644
--- a/audit-test/rules.mk
+++ b/audit-test/rules.mk
@@ -186,13 +186,15 @@ run.bash:
[[ -f run.bash ]] || ln -sfn $(TOPDIR)/utils/run.bash run.bash
run: all
- @$(check_set_PPROFILE); \
+ @export MACHINE=$(MACHINE); \
+ $(check_set_PPROFILE); \
$(check_set_PASSWD); \
./run.bash --header; \
./run.bash
rerun: all
- @$(check_set_PPROFILE); \
+ @export MACHINE=$(MACHINE); \
+ $(check_set_PPROFILE); \
$(check_set_PASSWD); \
./run.bash --rerun
endif
--
1.7.9.5
|
