Menu
▾
▴
[Audit-test-developer] [PATCH v4 4/5] audit-test/filter: add aarch64 support
|
From: AKASHI T. <tak...@li...> - 2014-07-24 06:03:49
|
On arm64/aarch64, some system calls are implemented in glibc using other
primitive system calls, say open() vs. openat(). Therefore, audit logs
have only records for primitive ones.
This patch adds work-arounds for these cases.
Signed-off-by: AKASHI Takahiro <tak...@li...>
---
audit-test/filter/tests/test_auid.bash | 9 +++++--
audit-test/filter/tests/test_class_attr.bash | 28 +++++++++++++++-----
audit-test/filter/tests/test_dev_inode.bash | 11 +++++---
audit-test/filter/tests/test_success.bash | 8 ++++--
audit-test/filter/tests/test_syscall.bash | 8 ++++--
audit-test/filter/tests/test_type.bash | 9 +++++--
audit-test/filter/tests/test_watch_dir_remove.bash | 20 ++++++++------
audit-test/filter/tests/test_watch_open.bash | 10 +++++--
audit-test/filter/tests/test_watch_remove.bash | 4 +++
9 files changed, 79 insertions(+), 28 deletions(-)
diff --git a/audit-test/filter/tests/test_auid.bash b/audit-test/filter/tests/test_auid.bash
index c165cf3..211023a 100755
--- a/audit-test/filter/tests/test_auid.bash
+++ b/audit-test/filter/tests/test_auid.bash
@@ -33,8 +33,13 @@ do_open_file $tmp1
augrok --seek=$log_mark "name==$tmp1" "auid==$user_auid" \
&& exit_error "Unexpected record found."
-auditctl -a exit,always -F arch=b$MODE -S open -F auid=$user_auid
-prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S open -F auid=$user_auid"
+if [[ ${MACHINE} = "aarch64" ]]; then
+ syscall_name="openat"
+else
+ syscall_name="open"
+fi
+auditctl -a exit,always -F arch=b$MODE -S $syscall_name -F auid=$user_auid
+prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S $syscall_name -F auid=$user_auid"
# audit log marker
log_mark=$(stat -c %s $audit_log)
diff --git a/audit-test/filter/tests/test_class_attr.bash b/audit-test/filter/tests/test_class_attr.bash
index 687b3d9..f2a2f8f 100755
--- a/audit-test/filter/tests/test_class_attr.bash
+++ b/audit-test/filter/tests/test_class_attr.bash
@@ -32,15 +32,29 @@ log_mark=$(stat -c %s $audit_log)
# test
do_chmod $watch 777
-do_chown $watch root
+if [[ ${MACHINE} = "aarch64" ]]; then
+ do_fchownat $(dirname $watch) $(basename $watch) root
+else
+ do_chown $watch root
+fi
do_unlink $watch
# verify audit record
-augrok --seek=$log_mark type==SYSCALL syscall==chmod name==$watch \
- || exit_fail "Expected record for 'chmod' not found."
-augrok --seek=$log_mark type==SYSCALL syscall==chown name==$watch \
- || exit_fail "Expected record for 'chown' not found."
-augrok --seek=$log_mark type==SYSCALL syscall==unlink name==$watch \
- && exit_fail "Unexpected record for 'unlink' found."
+if [[ ${MACHINE} = "aarch64" ]]; then
+ augrok --seek=$log_mark type==SYSCALL syscall==fchmodat name==$watch \
+ || exit_fail "Expected record for 'chmod' not found."
+ augrok --seek=$log_mark type==SYSCALL syscall==fchownat
+ name==$(basename $watch) \
+ || exit_fail "Expected record for 'chown' not found."
+ augrok --seek=$log_mark type==SYSCALL syscall==unlinkat name==$watch \
+ && exit_fail "Unexpected record for 'unlink' found."
+else
+ augrok --seek=$log_mark type==SYSCALL syscall==chmod name==$watch \
+ || exit_fail "Expected record for 'chmod' not found."
+ augrok --seek=$log_mark type==SYSCALL syscall==chown name==$watch \
+ || exit_fail "Expected record for 'chown' not found."
+ augrok --seek=$log_mark type==SYSCALL syscall==unlink name==$watch \
+ && exit_fail "Unexpected record for 'unlink' found."
+fi
exit_pass
diff --git a/audit-test/filter/tests/test_dev_inode.bash b/audit-test/filter/tests/test_dev_inode.bash
index 30ea580..33d83cf 100755
--- a/audit-test/filter/tests/test_dev_inode.bash
+++ b/audit-test/filter/tests/test_dev_inode.bash
@@ -34,11 +34,16 @@ minor=$((0x$minor))
event_obj=$(get_event_obj $1)
[[ $event_obj != $tmp1 ]] && prepend_cleanup "rm -f $event_obj"
-auditctl -a exit,always -F arch=b$MODE -S open -F key=$tmp1 \
- -F inode=$inode -F devmajor=$major -F devminor=$minor
+if [[ ${MACHINE} = "aarch64" ]]; then
+ syscall_name="openat"
+else
+ syscall_name="open"
+fi
+auditctl -a exit,always -F arch=b$MODE -S $syscall_name -F key=$tmp1 \
+ -F inode=$inode -F devmajor=$major -F devminor=$minor
prepend_cleanup "
-auditctl -d exit,always -F arch=b$MODE -S open -F key=$tmp1 \
+auditctl -d exit,always -F arch=b$MODE -S $syscall_name -F key=$tmp1 \
-F inode=$inode -F devmajor=$major -F devminor=$minor"
log_mark=$(stat -c %s $audit_log)
diff --git a/audit-test/filter/tests/test_success.bash b/audit-test/filter/tests/test_success.bash
index 497959b..b38683e 100755
--- a/audit-test/filter/tests/test_success.bash
+++ b/audit-test/filter/tests/test_success.bash
@@ -21,7 +21,11 @@
source filter_functions.bash || exit 2
# setup
-syscall_name="open"
+if [[ ${MACHINE} = "aarch64" ]]; then
+ syscall_name="openat"
+else
+ syscall_name="open"
+fi
syscall_num=$(augrok --resolve $syscall_name) \
|| exit_error "unable to determine the syscall number for $syscall_name"
@@ -37,7 +41,7 @@ case $op in
;;
*) exit_fail "unknown test operation" ;;
esac
-filter_rule="exit,always -F arch=b$MODE -S open"
+filter_rule="exit,always -F arch=b$MODE -S $syscall_name"
auditctl -a $filter_rule $filter_field
prepend_cleanup "auditctl -d $filter_rule $filter_field"
diff --git a/audit-test/filter/tests/test_syscall.bash b/audit-test/filter/tests/test_syscall.bash
index 8159b92..3f26cec 100755
--- a/audit-test/filter/tests/test_syscall.bash
+++ b/audit-test/filter/tests/test_syscall.bash
@@ -21,13 +21,17 @@
source filter_functions.bash || exit 2
# setup
-syscall_name="open"
+if [[ ${MACHINE} = "aarch64" ]]; then
+ syscall_name="openat"
+else
+ syscall_name="open"
+fi
syscall_num=$(augrok --resolve $syscall_name) \
|| exit_error "unable to determine the syscall number for $syscall_name"
op=$1
case $op in
- name) filter_rule="exit,always -F arch=b$MODE -S open" ;;
+ name) filter_rule="exit,always -F arch=b$MODE -S $syscall_name" ;;
number) filter_rule="exit,always -S $syscall_num";;
*) exit_fail "unknown test operation" ;;
esac
diff --git a/audit-test/filter/tests/test_type.bash b/audit-test/filter/tests/test_type.bash
index 16c63f4..aa797a0 100755
--- a/audit-test/filter/tests/test_type.bash
+++ b/audit-test/filter/tests/test_type.bash
@@ -27,10 +27,15 @@ source filter_functions.bash || exit 2
# setup
user_auid=$(cat /proc/self/loginuid)
+if [[ ${MACHINE} = "aarch64" ]]; then
+ syscall_name="openat"
+else
+ syscall_name="open"
+fi
# setup auditctl
-auditctl -a exit,always -F arch=b$MODE -S open -F auid=$user_auid
-prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S open -F auid=$user_auid"
+auditctl -a exit,always -F arch=b$MODE -S $syscall_name -F auid=$user_auid
+prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S $syscall_name -F auid=$user_auid"
# audit log marker
log_mark=$(stat -c %s $audit_log)
diff --git a/audit-test/filter/tests/test_watch_dir_remove.bash b/audit-test/filter/tests/test_watch_dir_remove.bash
index bbdd9fb..23b79ab 100755
--- a/audit-test/filter/tests/test_watch_dir_remove.bash
+++ b/audit-test/filter/tests/test_watch_dir_remove.bash
@@ -28,24 +28,28 @@ tmpd=$(mktemp -d) || exit_fail "create tempdir failed"
watch="$tmpd"
name="$tmpd/foo"
-auditctl -a exit,always -F arch=b$MODE -S $op -F path=$watch
-auditctl -a exit,always -F arch=b$MODE -S $opat -F path=$watch
-
-prepend_cleanup "
- auditctl -d exit,always -F arch=b$MODE -S $op -F path=$watch
- auditctl -d exit,always -F arch=b$MODE -S $opat -F path=$watch
- rm -rf $tmpd"
-
case $op in
rename) touch $name
gen_audit_event="mv $tmp1 $name" ;;
rmdir) mkdir $name
+ if [[ ${MACHINE} = "aarch64" ]]; then
+ op="unlink";
+ opat="unlinkat";
+ fi
gen_audit_event="rmdir $name" ;;
unlink) touch $name
gen_audit_event="rm $name" ;;
*) exit_fail "unknown test operation: $op" ;;
esac
+auditctl -a exit,always -F arch=b$MODE -S $op -F path=$watch
+auditctl -a exit,always -F arch=b$MODE -S $opat -F path=$watch
+
+prepend_cleanup "
+ auditctl -d exit,always -F arch=b$MODE -S $op -F path=$watch
+ auditctl -d exit,always -F arch=b$MODE -S $opat -F path=$watch
+ rm -rf $tmpd"
+
log_mark=$(stat -c %s $audit_log)
# test
diff --git a/audit-test/filter/tests/test_watch_open.bash b/audit-test/filter/tests/test_watch_open.bash
index 525ac31..c7fe367 100755
--- a/audit-test/filter/tests/test_watch_open.bash
+++ b/audit-test/filter/tests/test_watch_open.bash
@@ -29,8 +29,14 @@ watch=$tmp1
event_obj=$(get_event_obj $1)
[[ $event_obj != $watch ]] && prepend_cleanup "rm -f $event_obj"
-auditctl -a exit,always -F arch=b$MODE -S open -F key=$watch -F path=$watch
-prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S openat -F key=$watch -F path=$watch"
+if [[ ${MACHINE} = "aarch64" ]]; then
+ syscall_name="openat"
+else
+ syscall_name="open"
+fi
+
+auditctl -a exit,always -F arch=b$MODE -S $syscall_name -F key=$watch -F path=$watch
+prepend_cleanup "auditctl -d exit,always -F arch=b$MODE -S $syscall_name -F key=$watch -F path=$watch"
# test open with O_CREAT|O_RDONLY; verify audit record
log_mark=$(stat -c %s $audit_log)
diff --git a/audit-test/filter/tests/test_watch_remove.bash b/audit-test/filter/tests/test_watch_remove.bash
index 2e00a50..3d370a7 100755
--- a/audit-test/filter/tests/test_watch_remove.bash
+++ b/audit-test/filter/tests/test_watch_remove.bash
@@ -30,6 +30,10 @@ case $op in
unlink) touch $name
gen_audit_event="rm $name" ;;
rmdir) mkdir $name
+ if [[ ${MACHINE} = "aarch64" ]]; then
+ op="unlink";
+ opat="unlinkat";
+ fi
gen_audit_event="rmdir $name" ;;
rename) touch $name
gen_audit_event="mv $tmp1 $name" ;;
--
1.7.9.5
|
