Menu
▾
▴
Re: [Audit-test-developer] [PATCH 4/5] audit-test/filter: add aarch64 support
|
From: Jiri J. <jja...@re...> - 2014-07-11 11:50:09
|
On 07/03/2014 09:45 AM, AKASHI Takahiro wrote:
> On arm64/aarch64, some system calls are implemented in glibc using other
> primitive system calls, say open() vs. openat(). Therefore, audit logs
> have only records for primitive ones.
>
> This patch adds work-arounds for these cases.
>
> Signed-off-by: AKASHI Takahiro <tak...@li...>
> ---
> audit-test/filter/tests/test_auid.bash | 9 +++++++--
> audit-test/filter/tests/test_class_attr.bash | 13 +++++++++++++
> audit-test/filter/tests/test_dev_inode.bash | 11 ++++++++---
> audit-test/filter/tests/test_success.bash | 6 +++++-
> audit-test/filter/tests/test_syscall.bash | 6 +++++-
> audit-test/filter/tests/test_type.bash | 9 +++++++--
> audit-test/filter/tests/test_watch_dir_remove.bash | 20 ++++++++++++--------
> audit-test/filter/tests/test_watch_open.bash | 10 ++++++++--
> audit-test/filter/tests/test_watch_remove.bash | 4 ++++
> audit-test/rules.mk | 6 ++++--
> 10 files changed, 73 insertions(+), 21 deletions(-)
>
> diff --git a/audit-test/filter/tests/test_auid.bash b/audit-test/filter/tests/test_auid.bash
> index c165cf3..63098b7 100755
> --- a/audit-test/filter/tests/test_auid.bash
> +++ b/audit-test/filter/tests/test_auid.bash
> @@ -33,8 +33,13 @@ do_open_file $tmp1
> augrok --seek=$log_mark "name==$tmp1" "auid==$user_auid" \
> && exit_error "Unexpected record found."
>
> -auditctl -a exit,always -F arch=b$MODE -S open -F auid=$user_auid
> -prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S open -F auid=$user_auid"
> +if [ ${MACHINE} = "aarch64" ]; then
> +syscall_name="openat"
> +else
> +syscall_name="open"
> +fi
> +auditctl -a exit,always -F arch=b$MODE -S $syscall_name -F auid=$user_auid
> +prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S $syscall_name -F auid=$user_auid"
>
> # audit log marker
> log_mark=$(stat -c %s $audit_log)
> diff --git a/audit-test/filter/tests/test_class_attr.bash b/audit-test/filter/tests/test_class_attr.bash
> index 687b3d9..2be24dc 100755
> --- a/audit-test/filter/tests/test_class_attr.bash
> +++ b/audit-test/filter/tests/test_class_attr.bash
> @@ -32,15 +32,28 @@ log_mark=$(stat -c %s $audit_log)
>
> # test
> do_chmod $watch 777
> +if [ ${MACHINE} = "aarch64" ]; then
> +do_fchownat $(dirname $watch) $(basename $watch) root
I have a patch staged for review that implements AT_FDCWD to all *at
syscall wrappers, simplifying this case somewhat.
This is just a reminder to myself to cleanup this piece of code once
the patch is upstream.
> +else
> do_chown $watch root
> +fi
> do_unlink $watch
>
> # verify audit record
> +if [ ${MACHINE} = "aarch64" ]; then
> +augrok --seek=$log_mark type==SYSCALL syscall==fchmodat name==$watch \
> + || exit_fail "Expected record for 'chmod' not found."
> +augrok --seek=$log_mark type==SYSCALL syscall==fchownat name==$(basename $watch) \
> + || exit_fail "Expected record for 'chown' not found."
> +augrok --seek=$log_mark type==SYSCALL syscall==unlinkat name==$watch \
> + && exit_fail "Unexpected record for 'unlink' found."
> +else
> augrok --seek=$log_mark type==SYSCALL syscall==chmod name==$watch \
> || exit_fail "Expected record for 'chmod' not found."
> augrok --seek=$log_mark type==SYSCALL syscall==chown name==$watch \
> || exit_fail "Expected record for 'chown' not found."
> augrok --seek=$log_mark type==SYSCALL syscall==unlink name==$watch \
> && exit_fail "Unexpected record for 'unlink' found."
> +fi
>
> exit_pass
> diff --git a/audit-test/filter/tests/test_dev_inode.bash b/audit-test/filter/tests/test_dev_inode.bash
> index 30ea580..4611cfa 100755
> --- a/audit-test/filter/tests/test_dev_inode.bash
> +++ b/audit-test/filter/tests/test_dev_inode.bash
> @@ -34,11 +34,16 @@ minor=$((0x$minor))
> event_obj=$(get_event_obj $1)
> [[ $event_obj != $tmp1 ]] && prepend_cleanup "rm -f $event_obj"
>
> -auditctl -a exit,always -F arch=b$MODE -S open -F key=$tmp1 \
> - -F inode=$inode -F devmajor=$major -F devminor=$minor
> +if [ ${MACHINE} = "aarch64" ]; then
> +syscall_name="openat"
> +else
> +syscall_name="open"
> +fi
>
> +auditctl -a exit,always -F arch=b$MODE -S $syscall_name -F key=$tmp1 \
> + -F inode=$inode -F devmajor=$major -F devminor=$minor
> prepend_cleanup "
> -auditctl -d exit,always -F arch=b$MODE -S open -F key=$tmp1 \
> +auditctl -d exit,always -F arch=b$MODE -S $syscall_name -F key=$tmp1 \
> -F inode=$inode -F devmajor=$major -F devminor=$minor"
>
> log_mark=$(stat -c %s $audit_log)
> diff --git a/audit-test/filter/tests/test_success.bash b/audit-test/filter/tests/test_success.bash
> index 497959b..a54c36e 100755
> --- a/audit-test/filter/tests/test_success.bash
> +++ b/audit-test/filter/tests/test_success.bash
> @@ -21,7 +21,11 @@
> source filter_functions.bash || exit 2
>
> # setup
> +if [ ${MACHINE} = "aarch64" ]; then
> +syscall_name="openat"
> +else
> syscall_name="open"
> +fi
> syscall_num=$(augrok --resolve $syscall_name) \
> || exit_error "unable to determine the syscall number for $syscall_name"
>
> @@ -37,7 +41,7 @@ case $op in
> ;;
> *) exit_fail "unknown test operation" ;;
> esac
> -filter_rule="exit,always -F arch=b$MODE -S open"
> +filter_rule="exit,always -F arch=b$MODE -S $syscall_name"
>
> auditctl -a $filter_rule $filter_field
> prepend_cleanup "auditctl -d $filter_rule $filter_field"
> diff --git a/audit-test/filter/tests/test_syscall.bash b/audit-test/filter/tests/test_syscall.bash
> index 8159b92..fc5934b 100755
> --- a/audit-test/filter/tests/test_syscall.bash
> +++ b/audit-test/filter/tests/test_syscall.bash
> @@ -21,13 +21,17 @@
> source filter_functions.bash || exit 2
>
> # setup
> +if [ ${MACHINE} = "aarch64" ]; then
> +syscall_name="openat"
> +else
> syscall_name="open"
> +fi
> syscall_num=$(augrok --resolve $syscall_name) \
> || exit_error "unable to determine the syscall number for $syscall_name"
>
> op=$1
> case $op in
> - name) filter_rule="exit,always -F arch=b$MODE -S open" ;;
> + name) filter_rule="exit,always -F arch=b$MODE -S $syscall_name" ;;
> number) filter_rule="exit,always -S $syscall_num";;
> *) exit_fail "unknown test operation" ;;
> esac
> diff --git a/audit-test/filter/tests/test_type.bash b/audit-test/filter/tests/test_type.bash
> index 16c63f4..450c926 100755
> --- a/audit-test/filter/tests/test_type.bash
> +++ b/audit-test/filter/tests/test_type.bash
> @@ -27,10 +27,15 @@ source filter_functions.bash || exit 2
>
> # setup
> user_auid=$(cat /proc/self/loginuid)
> +if [ ${MACHINE} = "aarch64" ]; then
> +syscall_name="openat"
> +else
> +syscall_name="open"
> +fi
>
> # setup auditctl
> -auditctl -a exit,always -F arch=b$MODE -S open -F auid=$user_auid
> -prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S open -F auid=$user_auid"
> +auditctl -a exit,always -F arch=b$MODE -S $syscall_name -F auid=$user_auid
> +prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S $syscall_name -F auid=$user_auid"
>
> # audit log marker
> log_mark=$(stat -c %s $audit_log)
> diff --git a/audit-test/filter/tests/test_watch_dir_remove.bash b/audit-test/filter/tests/test_watch_dir_remove.bash
> index bbdd9fb..fbb54b8 100755
> --- a/audit-test/filter/tests/test_watch_dir_remove.bash
> +++ b/audit-test/filter/tests/test_watch_dir_remove.bash
> @@ -28,24 +28,28 @@ tmpd=$(mktemp -d) || exit_fail "create tempdir failed"
> watch="$tmpd"
> name="$tmpd/foo"
>
> -auditctl -a exit,always -F arch=b$MODE -S $op -F path=$watch
> -auditctl -a exit,always -F arch=b$MODE -S $opat -F path=$watch
> -
> -prepend_cleanup "
> - auditctl -d exit,always -F arch=b$MODE -S $op -F path=$watch
> - auditctl -d exit,always -F arch=b$MODE -S $opat -F path=$watch
> - rm -rf $tmpd"
> -
> case $op in
> rename) touch $name
> gen_audit_event="mv $tmp1 $name" ;;
> rmdir) mkdir $name
> + if [ ${MACHINE} = "aarch64" ]; then
> + op="unlink";
> + opat="unlinkat";
> + fi
> gen_audit_event="rmdir $name" ;;
> unlink) touch $name
> gen_audit_event="rm $name" ;;
> *) exit_fail "unknown test operation: $op" ;;
> esac
>
> +auditctl -a exit,always -F arch=b$MODE -S $op -F path=$watch
> +auditctl -a exit,always -F arch=b$MODE -S $opat -F path=$watch
> +
> +prepend_cleanup "
> + auditctl -d exit,always -F arch=b$MODE -S $op -F path=$watch
> + auditctl -d exit,always -F arch=b$MODE -S $opat -F path=$watch
> + rm -rf $tmpd"
> +
> log_mark=$(stat -c %s $audit_log)
>
> # test
> diff --git a/audit-test/filter/tests/test_watch_open.bash b/audit-test/filter/tests/test_watch_open.bash
> index 525ac31..c357a81 100755
> --- a/audit-test/filter/tests/test_watch_open.bash
> +++ b/audit-test/filter/tests/test_watch_open.bash
> @@ -29,8 +29,14 @@ watch=$tmp1
> event_obj=$(get_event_obj $1)
> [[ $event_obj != $watch ]] && prepend_cleanup "rm -f $event_obj"
>
> -auditctl -a exit,always -F arch=b$MODE -S open -F key=$watch -F path=$watch
> -prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S openat -F key=$watch -F path=$watch"
> +if [ ${MACHINE} = "aarch64" ]; then
> +syscall_name="openat"
> +else
> +syscall_name="open"
> +fi
> +
> +auditctl -a exit,always -F arch=b$MODE -S $syscall_name -F key=$watch -F path=$watch
> +prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S $syscall_name -F key=$watch -F path=$watch"
>
> # test open with O_CREAT|O_RDONLY; verify audit record
> log_mark=$(stat -c %s $audit_log)
> diff --git a/audit-test/filter/tests/test_watch_remove.bash b/audit-test/filter/tests/test_watch_remove.bash
> index 2e00a50..97cd1ff 100755
> --- a/audit-test/filter/tests/test_watch_remove.bash
> +++ b/audit-test/filter/tests/test_watch_remove.bash
> @@ -30,6 +30,10 @@ case $op in
> unlink) touch $name
> gen_audit_event="rm $name" ;;
> rmdir) mkdir $name
> + if [ ${MACHINE} = "aarch64" ]; then
> + op="unlink";
> + opat="unlinkat";
> + fi
> gen_audit_event="rmdir $name" ;;
> rename) touch $name
> gen_audit_event="mv $tmp1 $name" ;;
> diff --git a/audit-test/rules.mk b/audit-test/rules.mk
> index 25c9758..4af7c13 100644
> --- a/audit-test/rules.mk
> +++ b/audit-test/rules.mk
> @@ -186,13 +186,15 @@ run.bash:
> [[ -f run.bash ]] || ln -sfn $(TOPDIR)/utils/run.bash run.bash
>
> run: all
> - @$(check_set_PPROFILE); \
> + @export MACHINE=$(MACHINE); \
> + $(check_set_PPROFILE); \
> $(check_set_PASSWD); \
> ./run.bash --header; \
> ./run.bash
>
> rerun: all
> - @$(check_set_PPROFILE); \
> + @export MACHINE=$(MACHINE); \
> + $(check_set_PPROFILE); \
> $(check_set_PASSWD); \
> ./run.bash --rerun
> endif
>
|
