[Audit-test-developer] [PATCH 7/9] network: use sc relevancy for syscall/socketcall selection

[Jiri J. <jja...@re...>]

Signed-off-by: Jiri Jaburek <jja...@re...>
---
 audit-test/network/run.conf | 125 ++++++++++++--------------------------------
 1 file changed, 34 insertions(+), 91 deletions(-)

diff --git a/audit-test/network/run.conf b/audit-test/network/run.conf
index f59aa02..383ff88 100644
--- a/audit-test/network/run.conf
+++ b/audit-test/network/run.conf
@@ -540,64 +540,24 @@ function augrok_default {
 	expres_audit="no"
     fi
 
-    case $(uname -m)-$MODE in
-	x86_64-64|ia64-64)
-            params="--seek=$log_mark -m1 type==SYSCALL syscall=$syscall \
-		success=$expres_audit exit=$exitval \
-		pid=$pid auid=$(</proc/self/loginuid) \
-		uid=$uid euid=$euid suid=$suid fsuid=$fsuid \
-		gid=$gid egid=$egid sgid=$sgid fsgid=$fsgid \
-		"$@""
-            ;;
-	x86_64-32)
-	    # socket calls are multiplexed onto the socketcall() syscall
-            if [[ "$syscall" == "recvmmsg" ]]; then
-                params="--seek=$log_mark -m1 type==SYSCALL \
-		    syscall=337 \
-		    success=$expres_audit exit=$exitval \
-		    pid=$pid auid=$(</proc/self/loginuid) \
-		    uid=$uid euid=$euid suid=$suid fsuid=$fsuid \
-		    gid=$gid egid=$egid sgid=$sgid fsgid=$fsgid \
-		    "$@""
-            else
-                params="--seek=$log_mark -m1 type==SYSCALL \
-		    syscall=socketcall a0=$(get_sockcall_num_hex $syscall) \
-		    success=$expres_audit exit=$exitval \
-		    pid=$pid auid=$(</proc/self/loginuid) \
-		    uid=$uid euid=$euid suid=$suid fsuid=$fsuid \
-		    gid=$gid egid=$egid sgid=$sgid fsgid=$fsgid \
-		    "$@""
-            fi
-	    ;;
-        ppc64-32)
-            params="--seek=$log_mark -m1 type==SYSCALL \
-                syscall=socketcall a0=$(get_sockcall_num_hex $syscall) \
-                success=$expres_audit exit=$exitval \
-                pid=$pid auid=$(</proc/self/loginuid) \
-                uid=$uid euid=$euid suid=$suid fsuid=$fsuid \
-                gid=$gid egid=$egid sgid=$sgid fsgid=$fsgid \
-                "$@""
-            ;;
-        s390x-32)
-            params="--seek=$log_mark -m1 type==SYSCALL \
-                syscall=socketcall a0=$(get_sockcall_num_hex $syscall) \
-                success=$expres_audit exit=$exitval \
-                pid=$pid auid=$(</proc/self/loginuid) \
-                uid=$uid euid=$euid suid=$suid fsuid=$fsuid \
-                gid=$gid egid=$egid sgid=$sgid fsgid=$fsgid \
-                "$@""
-            ;;
-	*)
-	    # socket calls are multiplexed onto the socketcall() syscall
-            params="--seek=$log_mark -m1 type==SOCKETCALL \
-		syscall=socketcall a0=$(get_sockcall_num_hex $syscall) \
-		success=$expres_audit exit=$exitval \
-		pid=$pid auid=$(</proc/self/loginuid) \
-		uid=$uid euid=$euid suid=$suid fsuid=$fsuid \
-		gid=$gid egid=$egid sgid=$sgid fsgid=$fsgid \
-		"$@""
-	    ;;
-    esac
+    if sc_is_relevant "$syscall"; then
+        params="--seek=$log_mark -m1 type==SYSCALL syscall=$syscall \
+            success=$expres_audit exit=$exitval \
+            pid=$pid auid=$(</proc/self/loginuid) \
+            uid=$uid euid=$euid suid=$suid fsuid=$fsuid \
+            gid=$gid egid=$egid sgid=$sgid fsgid=$fsgid \
+            "$@""
+    elif sc_is_relevant socketcall; then
+        params="--seek=$log_mark -m1 type==SYSCALL \
+            syscall=socketcall a0=$(get_sockcall_num_hex $syscall) \
+            success=$expres_audit exit=$exitval \
+            pid=$pid auid=$(</proc/self/loginuid) \
+            uid=$uid euid=$euid suid=$suid fsuid=$fsuid \
+            gid=$gid egid=$egid sgid=$sgid fsgid=$fsgid \
+            "$@""
+    else
+        exit_error "$syscall or socketcall not available"
+    fi
 
     # we do this multiple times on failure to give the audit records time to
     # appear in the log (recent distros can lag in recording audit records)
@@ -628,39 +588,22 @@ function augrok_default {
 # test case.
 #
 function auwatch_default {
-    declare sockcall_num
-    declare syscall_name
-    case $(uname -m)-$MODE in
-	x86_64-64|ia64-64)
-             syscall_name=$syscall
-             if [[ "$syscall" == "accept4" ]]; then
-	         syscall="288"
-             fi
-	     auditctl -a exit,always ${MODE:+-F arch=b$MODE} -S $syscall || \
-		 exit_error
-	     prepend_cleanup "auditctl -d exit,always ${MODE:+-F arch=b$MODE} \
-                             -S $syscall"
-             syscall=$syscall_name
-            ;;
-        *)
-	     # socket calls are multiplexed onto the socketcall() syscall
-             if [[ "$syscall" == "recvmmsg" ]]; then
-                 syscall_name=$syscall
-	         syscall="337"
-	         auditctl -a exit,always ${MODE:+-F arch=b$MODE} -S $syscall || \
-		     exit_error
-	         prepend_cleanup "auditctl -d exit,always ${MODE:+-F arch=b$MODE} \
-                             -S $syscall"
-                 syscall=$syscall_name
-             else
-	         sockcall_num=$(get_sockcall_num $syscall)
-	         auditctl -a exit,always ${MODE:+-F arch=b$MODE} \
-		     -S socketcall -F a0=$sockcall_num || exit_error
-	         prepend_cleanup "auditctl -d exit,always ${MODE:+-F arch=b$MODE} \
-                                 -S socketcall -F a0=$sockcall_num"
-             fi
-	     ;;
-    esac
+    declare scnum
+
+    if sc_is_relevant "$syscall"; then
+        auditctl -a exit,always ${MODE:+-F arch=b$MODE} \
+            -S $syscall || exit_error
+        prepend_cleanup "auditctl -d exit,always ${MODE:+-F arch=b$MODE} \
+            -S $syscall"
+    elif sc_is_relevant socketcall; then
+        scnum=$(get_sockcall_num $syscall)
+        auditctl -a exit,always ${MODE:+-F arch=b$MODE} \
+            -S socketcall -F a0=$scnum || exit_error
+        prepend_cleanup "auditctl -d exit,always ${MODE:+-F arch=b$MODE} \
+            -S socketcall -F a0=$scnum"
+    else
+        exit_error "$syscall or socketcall not available"
+    fi
 }
 
 ######################################################################
-- 
1.8.3.1